docs: Add rollout guidance for Self-Managed auth #34202
Open
+29
−6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Removes "kind" references since instructions are generic to the Materialize CR - Adds references to the Materialize CR fields - Adds how to actually deploy authentication with notice about accidentally overriding values.
kay-kim
reviewed
Nov 18, 2025
| Password authentication requires users to log in with a password. | ||
|
|
||
| To configure Self-Managed Materialize for password authentication: | ||
| To configure Self-Managed Materialize for password authentication, update the following fields in the [Materialize CR](/installation/appendix-materialize-crd-field-descriptions/): |
Contributor
There was a problem hiding this comment.
So ... let's remove the link here ... because that page just gives all the fields ... and we're giving the specific fields here.
We could go "For all Materialize CR settings, see ... "
| compatible with PostgreSQL clients that support SCRAM-SHA-256. | ||
|
|
||
| To configure Self-Managed Materialize for SASL/SCRAM authentication: | ||
| To configure Self-Managed Materialize for SASL/SCRAM authentication, update the following fields in the [Materialize CR](/installation/appendix-materialize-crd-field-descriptions/): |
| For more information on rollout configuration, view our [installation overview](/installation/#rollout-configuration). | ||
| {{< warning >}} |
Contributor
There was a problem hiding this comment.
Could we repeat this warning in both places above where we talk about setting authenticatorKind?
It's important enough that I think repeating in throughout (as people hop onto just their interested section)
- Colocate warning about the `authenticatorKind` with authenticatorKind section - Just reference link to Materialize CR rather than point to it.
kay-kim
reviewed
Nov 19, 2025
Contributor
kay-kim
left a comment
kay-kim
left a comment
There was a problem hiding this comment.
On my side, LGTM. But left comment for Justin and Sid.
| requestRollout: <SOME_NEW_UUID> # Generate new UUID for rollout | ||
| forceRollout: <SOME_NEW_UUID> # Rollout without requiring a version change | ||
| # Tears down the prior version and restarts the current Materialize instance | ||
| rolloutStrategy: ImmediatelyPromoteCausingDowntime |
Contributor
There was a problem hiding this comment.
@jubrad and @sidsaw-mz ... any concerns about using the ImmediatelyPromoteCausingDowntime strategy here?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
Tips for reviewer
Checklist
$T ⇔ Proto$Tmapping (possibly in a backwards-incompatible way), then it is tagged with aT-protolabel.