knative
/
docs
mirror of https://github.com/knative/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Example for Kafka TLS Authentication (#2473) 

* add examples for kafka tls

* add examples for kafka tls

* add examples for kafka tls

* add examples for kafka tls

* add examples for kafka tls

* add examples for kafka tls

* add examples for kafka tls

* add examples for kafka tls

* add examples for kafka tls

* add examples for kafka tls

* add examples for kafka tls

* add example for kafka tls

* add example for kafka tls
This commit is contained in:
Murugappan Chetty 2020-05-22 17:07:44 -07:00 committed by GitHub
parent 4706eaecd7
commit a688324e19
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 116 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
docs/eventing/samples/kafka/source/README.md
View File

@ -124,8 +124,10 @@ You must ensure that you meet the [prerequisites listed in the Apache Kafka over
name: kafka-source
spec:
consumerGroup: knative-group
bootstrapServers: my-cluster-kafka-bootstrap.kafka:9092 #note the kafka namespace
topics: knative-demo-topic
bootstrapServers:
- my-cluster-kafka-bootstrap.kafka:9092 # note the kafka namespace
topics:
- knative-demo-topic
sink:
ref:
apiVersion: serving.knative.dev/v1
@ -177,7 +179,6 @@ You must ensure that you meet the [prerequisites listed in the Apache Kafka over
```
$ kubectl logs --selector='serving.knative.dev/service=event-display' -c user-container
```
☁️ cloudevents.Event
Validation: valid
@ -195,7 +196,6 @@ Data,
{
"msg": "This is a test!"
}
```
## Teardown Steps
@ -226,7 +226,7 @@ customresourcedefinition.apiextensions.k8s.io "kafkasources.sources.knative.dev"
deleted service "kafka-controller" deleted statefulset.apps
"kafka-controller-manager" deleted
````
```
4. (Optional) Remove the Apache Kafka Topic
```shell
@ -247,9 +247,7 @@ You can specify the key deserializer among four types:
* `float` for 32-bit & 64-bit floating points
* `byte-array` for a Base64 encoded byte array
To specify it, add the label `kafkasources.sources.knative.dev/key-type` to the
`KafkaSource` definition like:
To specify it, add the label `kafkasources.sources.knative.dev/key-type` to the `KafkaSource` definition like:
```yaml
apiVersion: sources.knative.dev/v1alpha1
kind: KafkaSource
@ -259,11 +257,69 @@ metadata:
kafkasources.sources.knative.dev/key-type: int
spec:
consumerGroup: knative-group
bootstrapServers: my-cluster-kafka-bootstrap.kafka:9092 #note the kafka namespace
topics: knative-demo-topic
bootstrapServers:
- my-cluster-kafka-bootstrap.kafka:9092 # note the kafka namespace
topics:
- knative-demo-topic
sink:
ref:
apiVersion: serving.knative.dev/v1
kind: Service
name: event-display
```
## Connecting to a TLS enabled Kafka broker
The KafkaSource supports TLS and SASL authentication methods. For enabling TLS authentication, please have the below files
* CA Certificate
* Client Certificate and Key
KafkaSource expects these files to be in pem format, if it is in other format like jks, please convert to pem.
1. Create the certificate files as secrets in the namespace where KafkaSource is going to be set up
```
$ kubectl create secret generic cacert --from-file=caroot.pem
secret/cacert created
$ kubectl create secret tls kafka-secret --cert=certificate.pem --key=key.pem
secret/key created
```
2. Apply the KafkaSource, change bootstrapServers and topics accordingly.
```yaml
apiVersion: sources.knative.dev/v1alpha1
kind: KafkaSource
metadata:
name: kafka-source-with-tls
spec:
net:
tls:
enable: true
cert:
secretKeyRef:
key: tls.crt
name: kafka-secret
key:
secretKeyRef:
key: tls.key
name: kafka-secret
caCert:
secretKeyRef:
key: caroot.pem
name: cacert
consumerGroup: knative-group
bootstrapServers:
- my-secure-kafka-bootstrap.kafka:443
topics:
- knative-demo-topic
sink:
ref:
apiVersion: serving.knative.dev/v1
kind: Service
name: event-display
```