michaeljmarshall commented on code in PR #19888:
URL: https://github.com/apache/pulsar/pull/19888#discussion_r1146786693
##########
pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntimeFactoryConfig.java:
##########
@@ -169,4 +169,17 @@ public class KubernetesRuntimeFactoryConfig {
)
protected int gracePeriodSeconds = 5;
+ @FieldContext(
+ doc = "The Kubernetes secret containing the broker's trust certs.
If it is not set, the function will not"
+ + " use a custom trust store. The secret must already
exist in each function's target namespace."
+ + " The secret must contain a key named `ca.crt` with the
trust certs."
Review Comment:
Great question. First, I think I might have needed to use `ca.pem`. Would
that clear things up?
Second, the current design reads the bytes from the file at this path:
https://github.com/apache/pulsar/blob/9bb3a213e8d7fca474c8e32882f9a76e5bc649ff/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/worker/WorkerConfig.java#L788-L799
and that relies on:
https://github.com/apache/pulsar/blob/9bb3a213e8d7fca474c8e32882f9a76e5bc649ff/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/worker/WorkerConfig.java#L615-L629
So we do not allow for configuration at the moment, and we expect users to
provide the right format already. We can, of course, improve on that design.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
