How to Install cp-ksql-server Helm Chart that Communicates with Secured Broker

Question

I'm trying to connect a KSQLDB Helm chart cp-ksqldb-server with an SSL-secured Kafka broker. The chart I used for the broker is bitnami/kafka.

I've used this script to create keystore and truststore JKS files. Created secret of these files and passed the secret to the auth.tls.existingSecrets parameter in bitnami/kafka helm chart, which is working fine. Followed this doc for the whole process.

Now I'm trying to configure cp-ksqldb-server Helm chart to connect to the broker so that the connection is encrypted with SSL. I'm using SASL_SSL to connect to the broker. From the KSQLDB Doc I have to pass configuration values like this:

security.protocol=SASL_SSL
ssl.truststore.location=/etc/kafka/secrets/kafka.client.truststore.jks
ssl.truststore.password=<password>
sasl.mechanism=SCRAM-SHA-512
sasl.jaas.config=\
    org.apache.kafka.common.security.plain.ScramLoginModule required \
    username="<user>" \
    password="<password>";

I have to pass these values in the configurationOverrides parameter.

My question is (For KSQLDB chart):

• How do I pass ssl.truststore.location value, as my truststore file is in my local machine, and what I'm trying to run is a KSQLDB Helm chart in a Kubernetes cluster?
• Is there any way to pass secret values like bitnami/kafka?
• Is there any way to pass the truststore file by volume binding in this chart?

Thanks!

Answer 1

The linked chart does not support custom volume mounts for external files, which is what you'd need, and shown how to do using kubectl create secret ... --from-file

Ref.

• https://github.com/confluentinc/cp-helm-charts/blob/master/charts/cp-ksql-server/templates/deployment.yaml#L72-L76
• https://github.com/confluentinc/cp-helm-charts/blob/master/charts/cp-ksql-server/templates/deployment.yaml#L105

These charts are no longer maintained, so you'd be better off cloning and editing the chart to your needs, anyway.