Re: [PR] [helm] Enable SASL authentication configurations [fluss]

Wed, 25 Feb 2026 05:42:45 -0800 


morazow commented on code in PR #2506:
URL: https://github.com/apache/fluss/pull/2506#discussion_r2853122249


##########
website/docs/install-deploy/deploying-with-helm.md:
##########
@@ -245,16 +253,69 @@ The chart automatically configures listeners for internal 
cluster communication
 - **Internal Port (9123)**: Used for internal communication within the cluster
 - **Client Port (9124)**: Used for client connections
 
-Custom listener configuration:
+Default listeners configuration:
 
 ```yaml
 listeners:
   internal:
+    protocol: PLAINTEXT
     port: 9123
+    security:
+      mechanism: PLAIN
+      users: []
   client:
+    protocol: PLAINTEXT
     port: 9124
+    security:
+      mechanism: PLAIN
+      users: []
 ```
 
+To enable SASL based authentication, set any of the protocols to `SASL`.
+
+### Enabling Secure Connection
+
+With the helm deployment, you can specify authentication protocols when 
connecting to the Fluss cluster.
+
+The following table shows the supported protocols and security they provide:
+
+| Method      | Authentication | TLS Encryption     |
+|-------------|:--------------:|:------------------:|
+| `PLAINTEXT` | No             | No                 |
+| `SASL`      | Yes            | No                 |
+
+By default, the `PLAINTEXT` protocol is used.
+
+The SASL authentication will be enabled if any of the listener protocols is 
using `SASL`.
+
+Set these values for additional configurations:
+
+```yaml
+listeners:

Review Comment:
   Hey @affo ,
   
   Yeah could be simpler, but I think will again complicate in other parts. 
   
   For example, for setting security map protocol or client security mechanism 
would require complex parsing logic:
   
   ```
   echo "security.protocol.map: INTERNAL:<?>,CLIENT:<?>" >> 
$FLUSS_HOME/conf/server.yaml && \
   ```
   Here for the question marks, we directly reference the 
`Values.listener.<internal|client>.protocol`, no we would need parsing logic to 
determine the protocol.
   
   But let's think for user friendly and semi future proof design.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to