Improve documentation about jetstreamexotic and authentication of the components

[jorgelon]

Description
I am trying to use argo events with my nats/jetstream instance but i cannot understand how to authenticate the eventbus jetstream exotic definition of the eventbus.

In https://argoproj.github.io/argo-events/eventbus/jetstream/ i can see how to reference a secret and a key
Also the eventsource pod mounts the defined secret and key

What that key should contain? ¿a token? ¿a natslike authorization config file?

[jorgelon]

I am not 100% sure but I will try to create a secret with this content and try
username: whatever
password: whatever

[jorgelon]

Ok, thats the workround.
There is another problem related with TLS. How can I use argo events exotic feature and the "verify" certificates option in nats
Is there any way to pass Argo events a client certificate? I have to use verify=false to make it work

TLS handshake error: tls: client didn't provide a certificate

My intention is to have a jetstream nats cluster for Argo events and another clients

[ospiegel91]

@jorgelon could you please share the external secret yaml format which you used to inject the username/password combo

apiVersion: argoproj.io/v1alpha1
kind: EventBus
metadata:
  name: default
spec:
  jetstreamExotic:
      url: nats://eventbus-default-js-svc.argo
      accessSecret:
        name: example-eventbus-secret
        key: secret-key. ((((( how do I point both my username and password keys below???)))))
---
apiVersion: "external-secrets.io/v1beta1"
kind: ExternalSecret
metadata:
  name: example-eventbus-secret
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
spec:
  refreshInterval: "1h"
  secretStoreRef:
    name: vault-env-path
    kind: ClusterSecretStore
  data:
    - secretKey: username
      remoteRef:
        key: path/data/to/eventbus
        property: username
    - secretKey: password
      remoteRef:
        key: path/data/to/eventbus
        property: password
  target:
    template:
      engineVersion: v2
      data:
        username: >-
          {{ printf "{{ .username | toString }}" }}
        password: >-
          {{ printf "{{ .password | toString }}" }}

[ospiegel91]

+1 on please improve documentation on using and passing basic auth credentials from secret onto eventbus

[jorgelon]

apiVersion: v1
data:
  client-auth: <base64 encoded string>
kind: Secret
metadata:
  name: whatever
type: Opaque

The base64 encoded string is basically
username: whatever
password: whatever

My eventbus

apiVersion: argoproj.io/v1alpha1
kind: EventBus
metadata:
  name: nats
spec:
  jetstreamExotic:
      url: nats://nats:4222
      accessSecret:
        name: events
        key: client-auth