pulsar-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [pulsar] ivankelly commented on issue #3735: Implementing authentication for Pulsar Functions
Date Fri, 15 Mar 2019 16:03:35 GMT
ivankelly commented on issue #3735: Implementing authentication for Pulsar Functions
URL: https://github.com/apache/pulsar/pull/3735#issuecomment-473344350
 
 
   @jerrypeng 
   
   So mapping out the interactions here, yields the following sequence diagram.
   ![image](https://user-images.githubusercontent.com/54955/54443615-3fc78f00-4741-11e9-90b9-c0370ca0112a.png)
   
   I think this can be similifed a fair bit. 
   
   First of all, service accounts are not needed, you can attached the secret directly to
the stateful set. In fact, thats exactly what you are doing. service accounts are for pods
to authenticate with k8s services. We're not doing that, and we don't need to do that for
this implementation. It may be needed for vault at a later stage, but let's not make assumptions
about how that'll be used until we have concretely worked out the flow for that.
   
   Secondly, i don't think we need an interface for attaching the secret to the stateful set.
Whatever the auth data is that we are passing in, we should assume it is secret, so if there
is auth data, the **k8s runtime** should attach that as a secret. Then it is up to configureAuthenticationConfig
to know how to do something with that authData. So we should move the attachment of the secret
volume and the mount into the k8s runtime itself.
   
   so the resulting sequence would look like
   ![image](https://user-images.githubusercontent.com/54955/54444803-c54c3e80-4743-11e9-9ae6-057a48651f31.png)
   
   
   
   
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message