Skip to content

feat: Add Kafka credentials support via Kubernetes secrets #377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Biowoolf wants to merge 4 commits into
base: main
Choose a base branch
from
Open

feat: Add Kafka credentials support via Kubernetes secrets #377

Biowoolf wants to merge 4 commits into from

Conversation

@Biowoolf
Copy link

@Biowoolf Biowoolf commented Jul 14, 2025

This PR adds support for external Kafka credentials through Kubernetes secrets, improving security by avoiding hardcoded credentials in configuration files.

Changes:

  • Add SecretRef field to MilvusKafka struct
  • Add getKafkaCredentials function to retrieve credentials from secret
  • Update updateConfigMap to inject Kafka credentials automatically
  • Add example configuration and documentation

Usage:

Users can now reference a Kubernetes secret containing Kafka credentials:

dependencies:
  kafka:
    external: true
    secretRef: "kafka-credentials"

This follows the same pattern as MinIO credentials and is fully backward compatible.

@sre-ci-robot
Copy link
Collaborator

sre-ci-robot commented Jul 14, 2025

Welcome @Biowoolf! It looks like this is your first PR to zilliztech/milvus-operator 🎉

@Biowoolf Biowoolf force-pushed the feature/kafka-secret-support branch from ec7b588 to 2a3e0be Compare July 14, 2025 22:26
@Biowoolf
feat: Add Kafka credentials support via Kubernetes secrets
6cb3c8f 
This commit adds support for external Kafka credentials through Kubernetes secrets,
similar to how MinIO credentials are handled.

Changes:
- Add SecretRef field to MilvusKafka struct in dependencies_types.go
- Add getKafkaCredentials function to retrieve username/password from secret
- Update updateConfigMap to inject Kafka credentials when available
- Add example configuration and documentation

The operator now supports reading Kafka credentials from a secret with keys:
- username: Kafka SASL username
- password: Kafka SASL password

This resolves the issue where Kafka credentials had to be hardcoded in the
configuration, improving security by using Kubernetes secrets.

Signed-off-by: Volkomorov Andrew <[email protected]>
Signed-off-by: Volkomorov Andrew <[email protected]>
@Biowoolf Biowoolf force-pushed the feature/kafka-secret-support branch from 2a3e0be to 6cb3c8f Compare July 14, 2025 22:27
@Biowoolf
Copy link
Author

Biowoolf commented Jul 17, 2025

/assign @LoveEachDay

@haorenfsa haorenfsa assigned haorenfsa and unassigned LoveEachDay Jul 24, 2025
@codecov
Copy link

codecov bot commented Jul 24, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 5.55556% with 17 lines in your changes missing coverage. Please review.
✅ Project coverage is 75.39%. Comparing base (6f4b755) to head (6cb3c8f).
⚠️ Report is 3 commits behind head on main.

Files with missing lines Patch % Lines
pkg/controllers/configmaps.go 5.55% 16 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #377      +/-   ##
==========================================
- Coverage   75.57%   75.39%   -0.18%     
==========================================
  Files          65       65              
  Lines        7070     7088      +18     
==========================================
+ Hits         5343     5344       +1     
- Misses       1502     1518      +16     
- Partials      225      226       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@sre-ci-robot
Copy link
Collaborator

sre-ci-robot commented Aug 4, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Biowoolf
To complete the pull request process, please ask for approval from haorenfsa after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Biowoolf
Copy link
Author

Biowoolf commented Aug 11, 2025

what do i need to do for this PR to be merged?

@haorenfsa
Copy link
Collaborator

haorenfsa commented Oct 11, 2025

Thank you @Biowoolf. I'm sorry for the delay at my side.

You need to run make generate-all to generate the updates for the CRD & helm chart templates. The rest looks good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@haorenfsa haorenfsa Awaiting requested review from haorenfsa

@LoveEachDay LoveEachDay Awaiting requested review from LoveEachDay

At least 1 approving review is required to merge this pull request.

Assignees

@haorenfsa haorenfsa

Labels

do-not-merge/hold size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Biowoolf @sre-ci-robot @haorenfsa @LoveEachDay