Skip to content

Commit f9dbbfa

Browse files
committed
WIP
1 parent f2158cf commit f9dbbfa

File tree

1 file changed

+39
-0
lines changed

1 file changed

+39
-0
lines changed

modules/contributor/pages/adr/ADR028-discovery-revision.adoc

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -359,6 +359,45 @@ endpoint:
359359
** The secret-op could e.g. offer an HTTP api to fetch the ca.crt of a given SecretClass or e.g. write the ca.crt into the status of a SecretClass
360360

361361

362+
=== [2] TLS: Include SecretClass in discovery, user can override it
363+
364+
Trino discovery:
365+
[source,yaml]
366+
----
367+
apiVersion: trino.stackable.tech/v1alpha1
368+
kind: TrinoClusterDiscovery
369+
metadata:
370+
name: simple-trino
371+
spec:
372+
coordinatorEndpoint:
373+
host: trino-coordinator.ns.svc.cluster.local
374+
port: 8443
375+
protocol:
376+
http: {}
377+
# OR
378+
https:
379+
caCertSecretClass: tls # gives ca.crt used to verify the server cert
380+
---
381+
# superset config
382+
security:
383+
tls: # server tls cert
384+
secretClassName: tls
385+
backends: # Don't look at the Superset CRD structure, we are only interested in the tls stuff here
386+
- name: my-trino
387+
trino:
388+
discovery: my-trino
389+
# OPTIONALLY override the spec.coordinatorEndpoint.protocol.https.caCertSecretClass coming from TrinoClusterDiscovery
390+
tlsSecretClass: my-second-pki
391+
----
392+
393+
==== Pros
394+
395+
* Compromise with all usability and flexibility
396+
397+
==== Cons
398+
399+
* Less secure by default
400+
362401
=== [3] Authentication: Add AuthenticationClass to Discovery Config
363402

364403
Trino discovery:

0 commit comments

Comments
 (0)