Skip to content

Commit e447e7b

Browse files
briandooleybriandooley
authored
Merge pull request #96413 from openshift-cherrypick-robot/cherry-pick-95471-to-serverless-docs-1.36
[serverless-docs-1.36] [SRVKE-1687] Unify KafkaChannel and KafkaBroker secret format
2 parents 6cda97c + 94cb87f commit e447e7b

File tree

2 files changed

+12
-21
lines changed

2 files changed

+12
-21
lines changed

modules/serverless-kafka-broker-sasl-default-config.adoc

Lines changed: 5 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -31,17 +31,12 @@ $ oc create secret -n knative-eventing generic <secret_name> \
3131
--from-literal=password="SecretPassword" \
3232
--from-literal=user="my-sasl-user"
3333
----
34-
** Use the key names `ca.crt`, `password`, and `sasl.mechanism`. Do not change them.
35-
** If you want to use SASL with public CA certificates, you must use the `tls.enabled=true` flag, rather than the `ca.crt` argument, when creating the secret. For example:
34+
** Use the key names `protocol`, `sasl.mechanism`, `ca.crt`, `password`, and `user`. Do not change them.
3635
+
37-
[source,terminal]
38-
----
39-
$ oc create secret -n <namespace> generic <kafka_auth_secret> \
40-
--from-literal=tls.enabled=true \
41-
--from-literal=password="SecretPassword" \
42-
--from-literal=saslType="SCRAM-SHA-512" \
43-
--from-literal=user="my-sasl-user"
44-
----
36+
[NOTE]
37+
====
38+
The `ca.crt` key is optional if the Kafka cluster uses a certificate signed by a public CA whose certificate is already in the system truststore.
39+
====
4540

4641
. Edit the `KnativeKafka` CR and add a reference to your secret in the `broker` spec:
4742
+

modules/serverless-kafka-sasl-channels.adoc

Lines changed: 7 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -25,22 +25,18 @@ _Simple Authentication and Security Layer_ (SASL) is used by Apache Kafka for au
2525
[source,terminal]
2626
----
2727
$ oc create secret -n <namespace> generic <kafka_auth_secret> \
28+
--from-literal=protocol="SASL_SSL"
29+
--from-literal=sasl.mechanism="SCRAM-SHA-512" \
2830
--from-file=ca.crt=caroot.pem \
2931
--from-literal=password="SecretPassword" \
30-
--from-literal=saslType="SCRAM-SHA-512" \
3132
--from-literal=user="my-sasl-user"
3233
----
33-
** Use the key names `ca.crt`, `password`, and `sasl.mechanism`. Do not change them.
34-
** If you want to use SASL with public CA certificates, you must use the `tls.enabled=true` flag, rather than the `ca.crt` argument, when creating the secret. For example:
34+
** Use the key names `protocol`, `sasl.mechanism`, `ca.crt`, `password`, and `user`. Do not change them.
3535
+
36-
[source,terminal]
37-
----
38-
$ oc create secret -n <namespace> generic <kafka_auth_secret> \
39-
--from-literal=tls.enabled=true \
40-
--from-literal=password="SecretPassword" \
41-
--from-literal=saslType="SCRAM-SHA-512" \
42-
--from-literal=user="my-sasl-user"
43-
----
36+
[NOTE]
37+
====
38+
The `ca.crt` key is optional if the Kafka cluster uses a certificate signed by a public CA whose certificate is already in the system truststore.
39+
====
4440

4541
. Start editing the `KnativeKafka` custom resource:
4642
+

0 commit comments

Comments
 (0)