This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar-helm-chart.git
The following commit(s) were added to refs/heads/master by this push:
new 1cb8339 Don't use TLS from function instances to brokers by default
(#435)
1cb8339 is described below
commit 1cb83398c81904a848f59a4ffff322e09a7f5f76
Author: Lari Hotari <[email protected]>
AuthorDate: Wed Jan 17 21:04:43 2024 -0800
Don't use TLS from function instances to brokers by default (#435)
- Function instances don't currently have the TLS CA cert available
---
charts/pulsar/templates/broker-configmap.yaml | 10 ++++------
charts/pulsar/values.yaml | 4 ++++
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/charts/pulsar/templates/broker-configmap.yaml
b/charts/pulsar/templates/broker-configmap.yaml
index 148c604..1010650 100644
--- a/charts/pulsar/templates/broker-configmap.yaml
+++ b/charts/pulsar/templates/broker-configmap.yaml
@@ -118,11 +118,10 @@ data:
PF_functionRuntimeFactoryConfigs_installUserCodeDependencies: "true"
PF_functionRuntimeFactoryConfigs_jobNamespace: {{ template
"pulsar.namespace" . }}
PF_functionRuntimeFactoryConfigs_expectedMetricsCollectionInterval: "30"
- {{- if not (and .Values.tls.enabled .Values.tls.broker.enabled) }}
+ {{- if not (and .Values.tls.enabled .Values.tls.broker.enabled
.Values.tls.function_instance.enabled) }}
PF_functionRuntimeFactoryConfigs_pulsarAdminUrl: "http://{{ template
"pulsar.fullname" . }}-{{ .Values.broker.component }}:{{
.Values.broker.ports.http }}/"
PF_functionRuntimeFactoryConfigs_pulsarServiceUrl: "pulsar://{{ template
"pulsar.fullname" . }}-{{ .Values.broker.component }}:{{
.Values.broker.ports.pulsar }}/"
- {{- end }}
- {{- if and .Values.tls.enabled .Values.tls.broker.enabled }}
+ {{- else }}
PF_functionRuntimeFactoryConfigs_pulsarAdminUrl: "https://{{ template
"pulsar.fullname" . }}-{{ .Values.broker.component }}:{{
.Values.broker.ports.https }}/"
PF_functionRuntimeFactoryConfigs_pulsarServiceUrl: "pulsar+ssl://{{ template
"pulsar.fullname" . }}-{{ .Values.broker.component }}:{{
.Values.broker.ports.pulsarssl }}/"
{{- end }}
@@ -134,11 +133,10 @@ data:
PF_kubernetesContainerFactory_installUserCodeDependencies: "true"
PF_kubernetesContainerFactory_jobNamespace: {{ template "pulsar.namespace" .
}}
PF_kubernetesContainerFactory_expectedMetricsCollectionInterval: "30"
- {{- if not (and .Values.tls.enabled .Values.tls.broker.enabled) }}
+ {{- if not (and .Values.tls.enabled .Values.tls.broker.enabled
.Values.tls.function_instance.enabled) }}
PF_kubernetesContainerFactory_pulsarAdminUrl: "http://{{ template
"pulsar.fullname" . }}-{{ .Values.broker.component }}:{{
.Values.broker.ports.http }}/"
PF_kubernetesContainerFactory_pulsarServiceUrl: "pulsar://{{ template
"pulsar.fullname" . }}-{{ .Values.broker.component }}:{{
.Values.broker.ports.pulsar }}/"
- {{- end }}
- {{- if and .Values.tls.enabled .Values.tls.broker.enabled }}
+ {{- else }}
PF_kubernetesContainerFactory_pulsarAdminUrl: "https://{{ template
"pulsar.fullname" . }}-{{ .Values.broker.component }}:{{
.Values.broker.ports.https }}/"
PF_kubernetesContainerFactory_pulsarServiceUrl: "pulsar+ssl://{{ template
"pulsar.fullname" . }}-{{ .Values.broker.component }}:{{
.Values.broker.ports.pulsarssl }}/"
{{- end }}
diff --git a/charts/pulsar/values.yaml b/charts/pulsar/values.yaml
index 3c556ae..4b4b218 100644
--- a/charts/pulsar/values.yaml
+++ b/charts/pulsar/values.yaml
@@ -229,6 +229,10 @@ tls:
# settings for generating certs for toolset
toolset:
cert_name: tls-toolset
+ # TLS setting for function runtime instance
+ function_instance:
+ # controls the use of TLS for function runtime connections towards brokers
+ enabled: false
# Enable or disable broker authentication and authorization.
auth:
