Event Bus

When operating BindPlane in a distributed architecture, an external event bus must be configured.

Google Pub/Sub

Automatic Authentication

Google Pub/Sub can be configured without credentials when using Google Application Default Credentials.

When running on a Google Kubernetes Engine cluster, BindPlane can authenticate to Pub/Sub without the use of a service account as long as the GKE node pool has the Required Scopes enabled.

1eventbus:
2  type: 'pubsub'
3  pubsub:
4    projectid: 'my-project'
5    topic: 'bindplane'

Service Account Credentials

If operating outside of Google Cloud, a service account JSON credential can be used. This example creates a secret named bindplane-pubsub which contains the service account JSON key.

1kubectl create secret generic bindplane-pubsub \
2  --from-file=credentials.json

1eventbus:
2  type: 'pubsub'
3  pubsub:
4    projectid: 'my-project'
5    topic: 'bindplane'
6    credentials:
7      secret: bindplane-pubsub
8      subPath: credentials.json

Kafka

This section will explain how to configure Kafka using the BindPlane Helm chart. You can read more about the Kafka event bus here.

Basic Example

This example will use a Kafka cluster with three nodes

• kafka-0.corp.net
• kafka-1.corp.net
• kafka-2.corp.net

1kafka:
2  brokers: 'kafka-0.corp.net:9092,kafka-1.corp.net:9092,kafka-2.corp.net:9092'
3  protocolVersion: '3.5.0'
4  topic: 'bindplane'

Auth and TLS

This example will use the same Kafka cluster as the previous example but with authentication and mutual TLS.

1kafka:
2  brokers: 'kafka-0.corp.net:9092,kafka-1.corp.net:9092,kafka-2.corp.net:9092'
3  protocolVersion: '3.5.0'
4  topic: 'bindplane'
5  auth:
6    type: sasl
7    sasl:
8      username: bindplane
9      password: bindplanePassword
10      mechanism: scramSHA512
11      version: 1
12  tls:
13    enable: true
14    insecure: false
15    secret:
16      name: kafka-client
17      caSubPath: ca.crt
18      crtSubPath: client.crt
19      keySubPath: client.key