GitHub user michaeljmarshall added a comment to the discussion: struggling with pulsar functions in kubernetes
@jesumyip - in your function worker config, do you have `brokerClientTrustCertsFilePath` or `tlsTrustCertsFilePath` set? Based on reading through the code, that configuration is used to read the bytes into the function worker's memory, create a kubernetes secret, then mount that secret into the function pod. This appears to be documented here: https://pulsar.apache.org/docs/next/functions-worker-run-separately/#enable-tls-encryption. Here are some of the relevant code references: https://github.com/apache/pulsar/blob/82237d3684fe506bcb6426b3b23f413422e6e4fb/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/worker/WorkerConfig.java#L607-L615 https://github.com/apache/pulsar/blob/82237d3684fe506bcb6426b3b23f413422e6e4fb/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/worker/WorkerConfig.java#L774-L785 https://github.com/apache/pulsar/blob/82237d3684fe506bcb6426b3b23f413422e6e4fb/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntimeFactory.java#L221 (A couple skipped references, but it's easy to follow in an IDE.) https://github.com/apache/pulsar/blob/82237d3684fe506bcb6426b3b23f413422e6e4fb/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/auth/KubernetesSecretsTokenAuthProvider.java#L279-L287 GitHub link: https://github.com/apache/pulsar/discussions/18332#discussioncomment-4053503 ---- This is an automatically sent email for dev@pulsar.apache.org. To unsubscribe, please send an email to: dev-unsubscr...@pulsar.apache.org
