Event Bus

BindPlane Event Bus Helm Configuration

When operating BindPlane in a distributed architecture, an external event bus must be configured.

Google Pub/Sub

Automatic Authentication

Google Pub/Sub can be configured without credentials when using Google Application Default Credentials.

When running on a Google Kubernetes Engine cluster, BindPlane can authenticate to Pub/Sub without the use of a service account as long as the GKE node pool has the Required Scopes enabled.

yaml
1eventbus:
2  type: 'pubsub'
3  pubsub:
4    projectid: 'my-project'
5    topic: 'bindplane'

Service Account Credentials

If operating outside of Google Cloud, a service account JSON credential can be used. This example creates a secret named bindplane-pubsub which contains the service account JSON key.

bash
1kubectl create secret generic bindplane-pubsub \
2  --from-file=credentials.json
yaml
1eventbus:
2  type: 'pubsub'
3  pubsub:
4    projectid: 'my-project'
5    topic: 'bindplane'
6    credentials:
7      secret: bindplane-pubsub
8      subPath: credentials.json

Kafka

This section will explain how to configure Kafka using the BindPlane Helm chart. You can read more about the Kafka event bus here.

Basic Example

This example will use a Kafka cluster with three nodes

  • kafka-0.corp.net
  • kafka-1.corp.net
  • kafka-2.corp.net
yaml
1kafka:
2  brokers: 'kafka-0.corp.net:9092,kafka-1.corp.net:9092,kafka-2.corp.net:9092'
3  protocolVersion: '3.5.0'
4  topic: 'bindplane'

Auth and TLS

This example will use the same Kafka cluster as the previous example but with authentication and mutual TLS.

yaml
1kafka:
2  brokers: 'kafka-0.corp.net:9092,kafka-1.corp.net:9092,kafka-2.corp.net:9092'
3  protocolVersion: '3.5.0'
4  topic: 'bindplane'
5  auth:
6    type: sasl
7    sasl:
8      username: bindplane
9      password: bindplanePassword
10      mechanism: scramSHA512
11      version: 1
12  tls:
13    enable: true
14    insecure: false
15    secret:
16      name: kafka-client
17      caSubPath: ca.crt
18      crtSubPath: client.crt
19      keySubPath: client.key