diff --git a/website/docs/components/data-connectors/mongodb.md b/website/docs/components/data-connectors/mongodb.md index ec188e532..50403ee21 100644 --- a/website/docs/components/data-connectors/mongodb.md +++ b/website/docs/components/data-connectors/mongodb.md @@ -265,6 +265,32 @@ datasets: mongodb_pool_max: 10 ``` +### Using MongoDB Change Streams + +Spice supports real-time Change Data Capture (CDC) from MongoDB using native [MongoDB Change Streams](https://www.mongodb.com/docs/manual/changeStreams/). This enables streaming inserts, updates, and deletes from your MongoDB collections directly into Spice accelerators. + +To enable real-time CDC, set `refresh_mode: changes` in the dataset's configuration: + +```yaml +datasets: + - from: mongodb:my_collection + name: my_collection + params: + host: my-cluster.mongodb.net + db: mydb + acceleration: + enabled: true + engine: duckdb + refresh_mode: changes +``` + +#### Notes +- Requires MongoDB 4.0+ and a replica set or sharded cluster. +- Ensure your MongoDB user has `changeStream` privileges. + +--- + + ## Secrets Spice integrates with multiple secret stores to help manage sensitive data securely. For detailed information on supported secret stores, refer to the [secret stores documentation](../secret-stores). Additionally, learn how to use referenced secrets in component parameters by visiting the [using referenced secrets guide](../secret-stores#using-secrets). diff --git a/website/docs/components/data-connectors/snowflake.md b/website/docs/components/data-connectors/snowflake.md index 2fb302a72..aa7fa3a85 100644 --- a/website/docs/components/data-connectors/snowflake.md +++ b/website/docs/components/data-connectors/snowflake.md @@ -3,6 +3,9 @@ title: 'Snowflake Data Connector' sidebar_label: 'Snowflake Data Connector' description: 'Snowflake Data Connector Documentation' pagination_prev: null +tags: + - data-connectors + - write --- import Tabs from '@theme/Tabs'; diff --git a/website/docs/reference/spicepod/runtime.md b/website/docs/reference/spicepod/runtime.md index fcf2f6c0c..7117ff29a 100644 --- a/website/docs/reference/spicepod/runtime.md +++ b/website/docs/reference/spicepod/runtime.md @@ -215,6 +215,15 @@ The TLS section specifies the configuration for enabling Transport Layer Securit In addition to configuring TLS via the manifest, TLS can also be configured via `spiced` command line arguments using the `--tls-enabled true` flag along with `--tls-certificate`/`--tls-certificate-file` and `--tls-key`/`--tls-key-file`. +### Certificate Hot-Reload + +Spice can hot-reload TLS certificates and client CA files for runtime endpoints. Update the certificate, key, or CA file on disk, then send `SIGHUP` to the Spice process to reload without restart. Only file-based certificates/keys/CA are hot-reloaded (not inline PEM). Existing connections are not interrupted; only new connections use the updated files. If reload fails, the previous certificate remains active and a warning is logged. + +**Steps:** +1. Replace the certificate/key/CA file on disk. +2. Send `SIGHUP` to the Spice process (e.g., `kill -SIGHUP `). +3. Check logs for reload confirmation or errors. + ### `runtime.tls.enabled` Enables or disables TLS for the runtime endpoints. @@ -233,7 +242,6 @@ The TLS certificate to use for securing the runtime endpoints. The certificate c ```yaml runtime: tls: - ... certificate: | -----BEGIN CERTIFICATE----- ... @@ -254,7 +262,6 @@ The path to the TLS PEM-encoded certificate file. Only one of `certificate` or ` ```yaml runtime: tls: - ... certificate_file: /path/to/cert.pem ``` @@ -265,10 +272,9 @@ The TLS key to use for securing the runtime endpoints. The key can also come fro ```yaml runtime: tls: - ... key: | -----BEGIN PRIVATE KEY----- - ... + (private key contents) -----END PRIVATE KEY----- ``` @@ -286,7 +292,6 @@ The path to the TLS PEM-encoded key file. Only one of `key` or `key_file` must b ```yaml runtime: tls: - ... key_file: /path/to/key.pem ``` @@ -323,7 +328,6 @@ Path to a PEM-encoded CA bundle used to verify client certificates. The file is ```yaml runtime: tls: - ... client_auth_ca_file: /path/to/client-ca.pem ``` @@ -334,7 +338,6 @@ Inline PEM (or `${ secrets:... }`) form of the client CA bundle. Mutually exclus ```yaml runtime: tls: - ... client_auth_ca: | -----BEGIN CERTIFICATE----- ...