#version: kafka-ui, 1.5.1
image:
  registry: docker.io
  repository: wbsong111/kafka-ui
  tag: "v1.3.0"
  pullPolicy: IfNotPresent
yamlApplicationConfig:
  kafka:
    clusters:
    - name: kafka-cluster
      bootstrapServers: SASL_PLAINTEXT://kafka-cluster-kafka-tls-bootstrap.$kafka_cluster_namespace.svc.cluster.local:9093
      properties:
        security.protocol: SASL_PLAINTEXT
        sasl.mechanism: OAUTHBEARER
        sasl.jaas.config: |
          org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required 
          oauth.token.endpoint.uri="https://keycloak.gke.paasup.io/realms/paasup/protocol/openid-connect/token" 
          oauth.client.id="$KAFKA_CLIENT_ID" 
          oauth.client.secret="$KAFKA_CLIENT_SECRET"
          oauth.ssl.truststore.location="/etc/kafka/secrets/truststore.jks"
          oauth.ssl.truststore.password="kafka";
        sasl.login.callback.handler.class: "io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler"
  auth:
    type: disabled

  management:
    health:
      ldap:
        enabled: false

volumes:
  - name: truststore
    secret:
      secretName: truststore

volumeMounts:
  - name: truststore
    mountPath: /etc/kafka/secrets
    readOnly: true    

ingress:
  enabled: true
  annotations:
    cert-manager.io/cluster-issuer: "root-ca-issuer"
    cert-manager.io/duration: 8760h
    cert-manager.io/renew-before: 720h
    kubernetes.io/ingress.class: kong
    konghq.com/protocols: https
  host: "demo01-kafka-ui3.gke.paasup.io"
  tls:
    enabled: true
    secretName: "demo01-kafka-ui3-tls-secret"