Comments (1)
Good question. .Values.tls.broker.enableForProxyToBroker
and .Values.tls.broker.enableForFunctionWorkerToBroker
were introduced in #172, but they've never been used. I added them by accident, and I have a PR to remove them here #195. The config for .Values.tls.proxy.enableTlsWithBroker
and .Values.tls.function.enableTlsWithBroker
are used. .Values.tls.proxy.enableTlsWithBroker
is poorly named because it also determines the type of connection to the function worker, too.
Wouldn't it make sense to have
.Values.tls.broker.enabled
instead?
I considered this design when writing #169, #170, and #172. The primary reason I didn't use it is because I was worried it'd be a bit ambiguous what was being enabled (TLS is currently enabled on the broker via enableTls
). However, in revisiting the logic, I am not sure that I agree with it anymore. I think your solution is good, but the ideal solution is probably even simpler. We really have two TLS features: enable TLS on inbound connections to the proxy (and maybe the broker/function worker?) or enable TLS for all component networking. The current chart is too configurable. For example, I don't know of a use case that would require TLS for bookkeeper connections but not for zookeeeper connections.
For more context, I seem to have noticed the logical inversion based on the below comment. For some reason (I don't remember why), I didn't view .Values.tls.broker.enabled
as a good alternative to prevent this inversion.
pulsar-helm-chart/helm-chart-sources/pulsar/values.yaml
Lines 178 to 181 in 08fde0f
Moving forward, I think we should prepare for a 3.0 release and try to greatly simplify the TLS configuration while making a few breaking changes by ignoring certain configs that make the chart too configurable.
from pulsar-helm-chart.
Related Issues (20)
- Enabling TLS while using external certificates HOT 4
- Pulsar heartbeat init container logic HOT 1
- Activation state storage KO HOT 2
- Decouple burnell "provision container" provision-tls-jwt from autorecovery component HOT 2
- BrokerSts: brokerWebServiceURLTLS is not empty on proxy even if you don't enable TLS HOT 2
- Pulsar Admin Console Open ID Connect Broken
- Broker fails when using examples/dev-values-keycloak-auth.yaml
- Proxy Fails to find pulsar-openid-connect-plugin jar when using keycloak values
- Pulsar SQL should based on Trino (previous PrestoSQL) instead of PrestoDB
- Missing logs button on Source HOT 2
- Update kube-prometheus-stack to latest
- PodSecurityPolicy removed from Kubenetes 1.25
- Broker statefulset no accounted for in PulsarSQL configmap HOT 2
- Cannot obtain authorization metadata when using org.apache.pulsar.client.impl.auth.oauth2.AuthenticationOAuth2 HOT 3
- Function-Worker - State storage client is not done initializing. Please try again in a little while.
- Configuring HPA via the Helm Chart
- Pulsar topics not getting deleted from Blob storage
- Need updated versions of Pulsar 2.11.X or 3.0.X
- Pulsar Sql Coordinator keeps rebooting after deploying helm chart. HOT 1
- Convert load balancer from network load balancer to application load balancer to add security groups in AWS. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pulsar-helm-chart.