arthurdm
commented
4 years ago fyi @AndrewJSchofield @navidsh
Open ron1 opened 4 years ago
arthurdm
commented
4 years ago fyi @AndrewJSchofield @navidsh
scothis
commented
4 years ago Should this issue be transferred to https://github.com/application-stacks/sample-service-binding-kafka
edit: I now see https://github.com/k8s-service-bindings/spec/tree/master/sample-bindable-services/strimzi, which needs to be updated or removed.
According to the specification extract below, a best practice is to volume mount TLS resources. Integrate this best practice into the Strimzi sample.
The best practice is to mount any sensitive information, such as passwords, since that will avoid accidentally exposure via environment dumps and subprocesses. Also, binding binary data (e.g. .p12 certificate for Kafka) as an environment variable might cause a pod to fail to start (stuck on CrashLoopBackOff), so it advisable for backing services with such binding data to mark it with bindAs: volume