search

streamnative / function-mesh

The serverless framework purpose-built for event streaming applications.
https://functionmesh.io/
Apache License 2.0
210 stars 27 forks source link

How to provide secrets with authConfig #700

Open bpereto opened 11 months ago

bpereto commented 11 months ago

Hi,

I'm trying to use authentication for a java function with the common use of Secrets to store the JWT token needed to access pulsar.

authSecret works

As I understand, the authSecret is legacy.

apiVersion: compute.functionmesh.io/v1alpha1
kind: Function
metadata:
  name: test
  namespace: test
spec:
  className: com.test.Test
  image: streamnative/pulsar-functions-java-runner:2.11.2.9
  forwardSourceMessageProperty: true
  maxPendingAsyncRequests: 1000
  replicas: 1
  maxReplicas: 3
  #logTopic: persistent://test/functions.log
  input:
    topics:
      - persistent://test/test
  resources:
    requests:
      cpu: "100m"
      memory: "1G"
    limits:
      cpu: "2"
      memory: "2G"
  pulsar:
    pulsarConfig: "pulsar-config"
    authSecret: "pulsar-auth"
---
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: test
  name: pulsar-config
data:
  webServiceURL: https://test:8443
  brokerServiceURL: pulsar+ssl://test:6651
---
apiVersion: v1
data:
  clientAuthenticationParameters: XXX # org.apache.pulsar.client.impl.auth.AuthenticationToken
  clientAuthenticationPlugin: XXX # "token:eyJ..."
kind: Secret
type: Opaque

authConfig doesn't work

either combination of the approaches:

as environment variables

  pulsar:
    pulsarConfig: "pulsar-config"
  secretsMap:
    "clientAuthenticationParameters":
      path: "pulsar-auth"
      key: "clientAuthenticationParameters"
    "clientAuthenticationPlugin":
      path: "pulsar-auth"
      key: "clientAuthenticationPlugin"

authConfig

  pulsar:
    pulsarConfig: "pulsar-config"
    authConfig:
      genericAuth: "pulsar-auth"
apiVersion: compute.functionmesh.io/v1alpha1
kind: Function
metadata:
  name: test
  namespace: test
spec:
  className: com.test.Test
  image: streamnative/pulsar-functions-java-runner:2.11.2.9
  forwardSourceMessageProperty: true
  maxPendingAsyncRequests: 1000
  replicas: 1
  maxReplicas: 3
  #logTopic: persistent://test/functions.log
  input:
    topics:
      - persistent://test/test
  resources:
    requests:
      cpu: "100m"
      memory: "1G"
    limits:
      cpu: "2"
      memory: "2G"
  pulsar:
    pulsarConfig: "pulsar-config"
  secretsMap:
    "clientAuthenticationParameters":
      path: "pulsar-auth"
      key: "clientAuthenticationParameters"
    "clientAuthenticationPlugin":
      path: "pulsar-auth"
      key: "clientAuthenticationPlugin"
---
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: test
  name: pulsar-config
data:
  webServiceURL: https://test:8443
  brokerServiceURL: pulsar+ssl://test:6651
---
apiVersion: v1
data:
  clientAuthenticationParameters: XXX # org.apache.pulsar.client.impl.auth.AuthenticationToken
  clientAuthenticationPlugin: XXX # "token:eyJ..."
kind: Secret
type: Opaque

I don't want to put the Auth Token into a configmap. How is the correct approach for supplying clientAuthenticationParameters as environment variable from a secret in combination with "authConfig"?

jiangpengcheng commented 6 months ago

the authConfig cannot be used combined with a secret. You can keep using the authSecret way, it won't be deprecated