-
Notifications
You must be signed in to change notification settings - Fork 59
/
Copy pathcluster.yaml
44 lines (42 loc) · 1.77 KB
/
cluster.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
meta:
name: local-cluster-auth
environment: local-env
region: local-region
description: |
Test cluster that uses SSL/TLS and SASL to securely connect to brokers. Can be run
against compose setup defined in docker-compose-auth.yml in the repo root.
spec:
bootstrapAddrs:
# To use just TLS without SASL, switch to port 9093 and disable SASL in the config below.
# To use just SASL without TLS, switch to port 9094 and disabled TLS in the config below.
- localhost:9095
tls:
enabled: true
caCertPath: certs/ca.crt
certPath: certs/client.crt
keyPath: certs/client.key
skipVerify: true
sasl:
enabled: true
mechanism: SCRAM-SHA-512
# As an alternative to storing these in plain text in the config (probably not super-secure),
# these can also be set via:
#
# 1. The --sasl-username and --sasl-password command-line flags,
# 2. The TOPICCTL_SASL_USERNAME and TOPICCTL_SASL_PASSWORD environment variables, or
# 3. Putting placeholder strings in the config and running with the --expand-env flag as
# described in the README.
#
username: adminscram
password: admin-secret-512
#
# Another alternative is to omit these values and use secretsManagerArn to reference
# an AWS Secrets Manager secret containing the username and password. More information
# can be found in the README. An example can be seen below.
# secretsManagerArn: arn:aws:secretsmanager:us-west-2:1000000000:secret:AmazonMSK_kafka-admin-wEiwjV
#
# This can also be set via:
#
# 1. The --sasl-secrets-manager-arn command-line flag,
# 2. The TOPICCTL_SASL_SECRETS_MANAGER_ARN environment variable, or
# 3. Putting a placeholder string in the config and running with the --expand-env flag as