File tree Expand file tree Collapse file tree 1 file changed +39
-0
lines changed
modules/contributor/pages/adr Expand file tree Collapse file tree 1 file changed +39
-0
lines changed Original file line number Diff line number Diff line change @@ -359,6 +359,45 @@ endpoint:
359
359
** The secret-op could e.g. offer an HTTP api to fetch the ca.crt of a given SecretClass or e.g. write the ca.crt into the status of a SecretClass
360
360
361
361
362
+ === [2] TLS: Include SecretClass in discovery, user can override it
363
+
364
+ Trino discovery:
365
+ [source,yaml]
366
+ ----
367
+ apiVersion: trino.stackable.tech/v1alpha1
368
+ kind: TrinoClusterDiscovery
369
+ metadata:
370
+ name: simple-trino
371
+ spec:
372
+ coordinatorEndpoint:
373
+ host: trino-coordinator.ns.svc.cluster.local
374
+ port: 8443
375
+ protocol:
376
+ http: {}
377
+ # OR
378
+ https:
379
+ caCertSecretClass: tls # gives ca.crt used to verify the server cert
380
+ ---
381
+ # superset config
382
+ security:
383
+ tls: # server tls cert
384
+ secretClassName: tls
385
+ backends: # Don't look at the Superset CRD structure, we are only interested in the tls stuff here
386
+ - name: my-trino
387
+ trino:
388
+ discovery: my-trino
389
+ # OPTIONALLY override the spec.coordinatorEndpoint.protocol.https.caCertSecretClass coming from TrinoClusterDiscovery
390
+ tlsSecretClass: my-second-pki
391
+ ----
392
+
393
+ ==== Pros
394
+
395
+ * Compromise with all usability and flexibility
396
+
397
+ ==== Cons
398
+
399
+ * Less secure by default
400
+
362
401
=== [3] Authentication: Add AuthenticationClass to Discovery Config
363
402
364
403
Trino discovery:
You can’t perform that action at this time.
0 commit comments