Documentation Index
Fetch the complete documentation index at: https://docs.popsink.com/llms.txt
Use this file to discover all available pages before exploring further.
Description: Dev: full mTLS for Tansu via Vault + Istio Gateway.
Changes
- Bring the dev environment in line with production by adding mTLS for Tansu (#2145):
- Deploy Vault (bank-vaults operator) with cfssl-generated PKI: root CA + intermediate CA imported via devspace hooks.
- Add Istio (base,
istiod, gateway) with an mTLS listener on port 9092. - Add
cert-manager+vault-issuerClusterIssuerto auto-issue the gateway server cert. - Add an hourly CRL fetcher CronJob plus an
EnvoyFilterwithonly_verify_leaf_cert_crlto enforce revocation. - Wire data-plane,
metrics-exporter,kafka-to-jdbcandpopsink-connectdev entrypoints to consume the new SSL certs. - Run a second
kafka-plainTansu deployment so Karapace andkafka-uican keep using plain TCP.