From 1cb83398c81904a848f59a4ffff322e09a7f5f76 Mon Sep 17 00:00:00 2001 From: Lari Hotari Date: Wed, 17 Jan 2024 21:04:43 -0800 Subject: [PATCH] Don't use TLS from function instances to brokers by default (#435) - Function instances don't currently have the TLS CA cert available --- charts/pulsar/templates/broker-configmap.yaml | 10 ++++------ charts/pulsar/values.yaml | 4 ++++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/charts/pulsar/templates/broker-configmap.yaml b/charts/pulsar/templates/broker-configmap.yaml index 148c6049..10106506 100644 --- a/charts/pulsar/templates/broker-configmap.yaml +++ b/charts/pulsar/templates/broker-configmap.yaml @@ -118,11 +118,10 @@ data: PF_functionRuntimeFactoryConfigs_installUserCodeDependencies: "true" PF_functionRuntimeFactoryConfigs_jobNamespace: {{ template "pulsar.namespace" . }} PF_functionRuntimeFactoryConfigs_expectedMetricsCollectionInterval: "30" - {{- if not (and .Values.tls.enabled .Values.tls.broker.enabled) }} + {{- if not (and .Values.tls.enabled .Values.tls.broker.enabled .Values.tls.function_instance.enabled) }} PF_functionRuntimeFactoryConfigs_pulsarAdminUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}/" PF_functionRuntimeFactoryConfigs_pulsarServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}/" - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} + {{- else }} PF_functionRuntimeFactoryConfigs_pulsarAdminUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}/" PF_functionRuntimeFactoryConfigs_pulsarServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }}/" {{- end }} @@ -134,11 +133,10 @@ data: PF_kubernetesContainerFactory_installUserCodeDependencies: "true" PF_kubernetesContainerFactory_jobNamespace: {{ template "pulsar.namespace" . }} PF_kubernetesContainerFactory_expectedMetricsCollectionInterval: "30" - {{- if not (and .Values.tls.enabled .Values.tls.broker.enabled) }} + {{- if not (and .Values.tls.enabled .Values.tls.broker.enabled .Values.tls.function_instance.enabled) }} PF_kubernetesContainerFactory_pulsarAdminUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}/" PF_kubernetesContainerFactory_pulsarServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}/" - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.broker.enabled }} + {{- else }} PF_kubernetesContainerFactory_pulsarAdminUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}/" PF_kubernetesContainerFactory_pulsarServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }}/" {{- end }} diff --git a/charts/pulsar/values.yaml b/charts/pulsar/values.yaml index 3c556ae9..4b4b2188 100644 --- a/charts/pulsar/values.yaml +++ b/charts/pulsar/values.yaml @@ -229,6 +229,10 @@ tls: # settings for generating certs for toolset toolset: cert_name: tls-toolset + # TLS setting for function runtime instance + function_instance: + # controls the use of TLS for function runtime connections towards brokers + enabled: false # Enable or disable broker authentication and authorization. auth: