Open ron1 opened 4 years ago
fyi @AndrewJSchofield @navidsh
Should this issue be transferred to https://github.com/application-stacks/sample-service-binding-kafka
edit: I now see https://github.com/k8s-service-bindings/spec/tree/master/sample-bindable-services/strimzi, which needs to be updated or removed.
According to the specification extract below, a best practice is to volume mount TLS resources. Integrate this best practice into the Strimzi sample.
The best practice is to mount any sensitive information, such as passwords, since that will avoid accidentally exposure via environment dumps and subprocesses. Also, binding binary data (e.g. .p12 certificate for Kafka) as an environment variable might cause a pod to fail to start (stuck on CrashLoopBackOff), so it advisable for backing services with such binding data to mark it with bindAs: volume