Page MenuHomePhabricator
Create Task
Maniphest T249644

Changeprop in k8s should use TLS to talk to Kafka
Closed, ResolvedPublic
Actions

Description

Since we're moving change-prop to k8s, we can use the latest and greatest node-rdkafka (thus in turn librdkafka) and can enable TLS to talk to kafka.

For the k8s setup part, we can draw inspiration from https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/551610

The code should already support everything, we just need to add

security.protocol: ssl
ssl.ca.location: /etc/eventgate/kafka_ca.crt.pem

to both consumer and producer kafka configuration in the config template.

Details

SubjectRepoBranchLines +/-
changeprop: Use TLS port for Kafkaoperations/deployment-chartsmaster+9 -9
Enable TLS for kafka connectionsoperations/deployment-chartsmaster+235 -206
Customize query in gerrit

Related Objects
Search...

Event Timeline

Pchelolo created this task.Apr 7 2020, 5:59 PM
Pchelolo added a comment.Apr 7 2020, 6:07 PM

As far as I understand, we would need the same certificate here as we would need for T249633, so we might as well have this in mind when figuring out how to implement T249633

daniel triaged this task as Medium priority.Apr 7 2020, 8:28 PM
CCicalese_WMF moved this task from Inbox to Backlog on the Platform Team Workboards (Clinic Duty Team) board.Apr 7 2020, 8:56 PM
gerritbot added a comment.Apr 8 2020, 6:15 PM

Change 587573 had a related patch set uploaded (by Ppchelko; owner: Ppchelko):
[operations/deployment-charts@master] Enable TLS for kafka connections

https://gerrit.wikimedia.org/r/587573

gerritbot added a project: Patch-For-Review.Apr 8 2020, 6:15 PM
gerritbot added a comment.Apr 9 2020, 1:24 PM

Change 587573 merged by jenkins-bot:
[operations/deployment-charts@master] Enable TLS for kafka connections

https://gerrit.wikimedia.org/r/587573

Maintenance_bot removed a project: Patch-For-Review.Apr 9 2020, 2:10 PM
gerritbot added a comment.Apr 9 2020, 4:57 PM

Change 587812 had a related patch set uploaded (by Hnowlan; owner: Hnowlan):
[operations/deployment-charts@master] changeprop: Use TLS port for Kafka

https://gerrit.wikimedia.org/r/587812

gerritbot added a project: Patch-For-Review.Apr 9 2020, 4:57 PM
gerritbot added a comment.Apr 9 2020, 5:14 PM

Change 587812 merged by jenkins-bot:
[operations/deployment-charts@master] changeprop: Use TLS port for Kafka

https://gerrit.wikimedia.org/r/587812

hnowlan closed this task as Resolved.Apr 9 2020, 5:50 PM
Maintenance_bot removed a project: Patch-For-Review.Apr 9 2020, 6:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL