Hi Luke,
Thank you for the KIP. I think this is a very useful feature for operators
to be able to reload SSL certificates without having to restart brokers.
Just a couple of minor suggestions from me:
- "The metadata type config can only be updated when the mapping config
gets updated." I think this sentence can be changed to something like the
following to clarify that it's not something a user can change at all:
"The metadata type config can only be updated by the controller when the
mapping config gets updated".
- On the example of describing the confidential configuration:
// If it is changed, it'll return the last updated timestamp
listener.name.ssl.ssl.key.password=null sensitive=true
synonyms={STATIC_BROKER_CONFIG:listener.name.ssl.ssl.key.password=null,
STATIC_BROKER_CONFIG:ssl.key.password=null} lastUpdatedTimestamp=
1731651970963
I think it should be DYNAMIC_BROKER_CONFIG rather than STATIC_BROKER_CONFIG
because it's been updated dynamically, hence the lastUpdatedTimestamp has
changed.
This aligns with the statement that says, "The value of metadata configs
will only be honored for DYNAMIC_BROKER_CONFIG."
Regards,
Tina
On Mon, Mar 24, 2025 at 10:29 AM Luke Chen <show...@gmail.com> wrote:
> Bump this thread to seek for feedback or suggestions.
>
> Thanks.
> Luke
>
> On Tue, Nov 26, 2024 at 4:30 PM Luke Chen <show...@gmail.com> wrote:
>
> > Hi Federico,
> >
> > Thanks for the comment.
> > I've updated the field name to LastUpdateTimestampMs.
> >
> > Luke
> >
> > On Tue, Nov 19, 2024 at 7:21 PM Federico Valeri <fedeval...@gmail.com>
> > wrote:
> >
> >> Hi Luke, thanks for creating this KIP. It makes sense to me.
> >>
> >> I think using timestamp in this case is fine, as the operator only
> >> needs to know if the value changed, not when it changed (in that case
> >> clock drift could be a problem).
> >>
> >> Should we name the new DescribeConfigs field as
> >> "LastUpdateTimestampMs" instead of "LastUpdateTimestamp"?
> >>
> >> On Fri, Nov 15, 2024 at 8:37 AM Luke Chen <show...@gmail.com> wrote:
> >> >
> >> > Hi all,
> >> >
> >> > I've opened the KIP-1110: Metadata of sensitive configuration
> >> > <
> >>
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-1110%3A+Metadata+of+sensitive+configuration
> >> >.
> >> >
> >> >
> >> > Instead of returning null for sensitive configs, by returning metadata
> >> of
> >> > the sensitive configs allowing the operators to have a way to get the
> >> > current state of the sensitive configs to do the reconciliation.
> >> >
> >> > Feedbacks and suggestions are welcome.
> >> >
> >> > Thank you.
> >> > Luke
> >>
> >
>
