Skip to content

Commit f674bca

Browse files
mccullyamccullya
committed
merge in main
2 parents 93cbaef + c1d96c4 commit f674bca

40 files changed

+2700
-3376
lines changed

examples/userprovided-mtls/README.md

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
# User Provider mTLS
2+
3+
In this scenario example, you'll deploy the Confluent platform each with its own certificate to validate the architecture and deployment. The certificates that are generated in this example use the `sandbox` namespace. **NOTE** You will need to change this for your environment which is why the generate_certificates.sh script is used.
4+
5+
1. Create one server certificate per Confluent component service. You'll use the same certificate authority for all. Update `zookeeper-server-domain.json` and `kafka-server-domain.json` with your namespace and generate certificates for each component.
6+
7+
```shell
8+
cd examples/userprovided-mtls
9+
./generate_certificates.sh
10+
```
11+
12+
2. Deploy the CRDS using the standard way:
13+
```shell
14+
kubectl apply -k ../../kustomize/crds
15+
```
16+
17+
3. Deploy the mTLS example which use Kustomize to pull in the base and example overlays using the following
18+
```shell
19+
kubectl apply -k .
20+
```
21+
22+
4. Validate zookeeper is working using:
23+
```shell
24+
kubectl logs -f -n sandbox zookeeper-0
25+
26+
[INFO] 2021-08-17 14:40:54,836 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.ZooKeeperServer logEnv - Server environment:java.library.path=/usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib
27+
[INFO] 2021-08-17 14:40:54,836 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.ZooKeeperServer logEnv - Server environment:java.io.tmpdir=/tmp
28+
[INFO] 2021-08-17 14:40:54,836 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.ZooKeeperServer logEnv - Server environment:java.compiler=<NA>
29+
[INFO] 2021-08-17 14:40:54,836 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.ZooKeeperServer logEnv - Server environment:os.name=Linux
30+
[INFO] 2021-08-17 14:40:54,836 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.ZooKeeperServer logEnv - Server environment:os.arch=amd64
31+
[INFO] 2021-08-17 14:40:54,836 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.ZooKeeperServer logEnv - Server environment:os.version=5.10.47-linuxkit
32+
[INFO] 2021-08-17 14:40:54,836 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.ZooKeeperServer logEnv - Server environment:user.name=?
33+
[INFO] 2021-08-17 14:40:54,836 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.ZooKeeperServer logEnv - Server environment:user.home=?
34+
[INFO] 2021-08-17 14:40:54,836 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.ZooKeeperServer logEnv - Server environment:user.dir=/opt
35+
[INFO] 2021-08-17 14:40:54,836 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.ZooKeeperServer logEnv - Server environment:os.memory.free=336MB
36+
[INFO] 2021-08-17 14:40:54,836 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.ZooKeeperServer logEnv - Server environment:os.memory.max=4096MB
37+
[INFO] 2021-08-17 14:40:54,836 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.ZooKeeperServer logEnv - Server environment:os.memory.total=357MB
38+
[INFO] 2021-08-17 14:40:54,838 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.ZooKeeperServer setMinSessionTimeout - minSessionTimeout set to 6000
39+
[INFO] 2021-08-17 14:40:54,838 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.ZooKeeperServer setMaxSessionTimeout - maxSessionTimeout set to 60000
40+
[INFO] 2021-08-17 14:40:54,839 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.ZooKeeperServer <init> - Created server with tickTime 3000 minSessionTimeout 6000 maxSessionTimeout 60000 datadir /mnt/data/txnlog/version-2 snapdir /mnt/data/data/version-2
41+
[INFO] 2021-08-17 14:40:54,839 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.quorum.Learner followLeader - FOLLOWING - LEADER ELECTION TOOK - 13 MS
42+
[WARN] 2021-08-17 14:40:54,841 [QuorumPeer[myid=0](plain=0.0.0.0:2181)(secure=0.0.0.0:2182)] org.apache.zookeeper.server.quorum.Learner connectToLeader - Unexpected exception, tries=0, remaining init limit=30000, connecting to zookeeper-1.zookeeper.sandbox.svc.cluster.local/172.17.0.6:2888
43+
44+
[INFO] 2021-08-17 14:49:42,057 [nioEventLoopGroup-7-1] org.apache.zookeeper.server.auth.X509AuthenticationProvider handleAuthentication - Authenticated Id 'CN=kafka,L=Earth,ST=Pangea,C=Universe' for Scheme 'x509'
45+
```
46+
47+
5. Validate Kafka is working using:
48+
```shell
49+
kubectl logs -f -n sandbox kafka-0
50+
51+
[INFO] 2021-08-17 14:49:00,492 [LicenseBackgroundFetcher RUNNING] org.apache.kafka.common.utils.AppInfoParser <init> - Kafka version: 6.1.2-ce
52+
[INFO] 2021-08-17 14:49:00,493 [LicenseBackgroundFetcher RUNNING] org.apache.kafka.common.utils.AppInfoParser <init> - Kafka commitId: 4c988093cc81349d
53+
[INFO] 2021-08-17 14:49:00,493 [LicenseBackgroundFetcher RUNNING] org.apache.kafka.common.utils.AppInfoParser <init> - Kafka startTimeMs: 1629211740492
54+
[INFO] 2021-08-17 14:49:00,493 [kafka-producer-network-thread | confluent-metrics-reporter] org.apache.kafka.clients.Metadata update - [Producer clientId=confluent-metrics-reporter] Cluster ID: xBPcfVfKSrCS15AmzC6BUQ
55+
```

examples/userprovided-mtls/base-ca-config.json

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
{
2+
"signing": {
3+
"default": {
4+
"expiry": "43800h"
5+
},
6+
"profiles": {
7+
"server": {
8+
"expiry": "43800h",
9+
"usages": [
10+
"signing",
11+
"key encipherment",
12+
"server auth",
13+
"client auth"
14+
]
15+
},
16+
"client": {
17+
"expiry": "43800h",
18+
"usages": [
19+
"signing",
20+
"key encipherment",
21+
"client auth"
22+
]
23+
}
24+
}
25+
}
26+
}

examples/userprovided-mtls/base-ca-csr.json

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
{
2+
"CN": "TestCA",
3+
"key": {
4+
"algo": "rsa",
5+
"size": 2048
6+
},
7+
"names": [
8+
{
9+
"C": "Universe",
10+
"L": "Earth",
11+
"O": "Acme",
12+
"ST": "Pangea",
13+
"OU": "MyOrg"
14+
}
15+
]
16+
}

examples/userprovided-mtls/confluent/kafka-sslcerts.yaml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
apiVersion: v1
2+
data:
3+
cacerts.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVQ1c4ZUQ2eGJMSFYvUlRUQnZUSk82dTFsbnp3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05NakV3T0RFM01USTFOekF3V2hjTk1qWXdPREUyTVRJMU56QXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0tCQjFNZmhYaExETVhybXY4N0ZjWjcKaU5naWlMeTVmTnBaSXE1dWkwUk4yeTB0bGVva2VLTzdXenhuS3h5UE1WOGJtU0xsMzIzY2xBNVpLOWE1VTQxegpxNEF5Wi9Jckh6ejZhSllXdjR1Q01qOFFYaDdVejhsS29WRkxla0phZFlNeVZyMFJDeDZFS3l1Mk5qN3NaTFBXClp3Qm91RU1PTVljYlFNTGcrQ211cmtnZnZibHdEaUR0anFoNVVaZ25yMld0Mnd5VlhGVUlESFdCa3c2c2dCaGoKY1BSQ0VEWThPN3pHeXArYmoreVlpclQ0czA4cS9SbjA0eDFOU3RmUW1lLytncE9zUGdqSjRnYTl2RjlPbldnZwpDWWQ0WjVIck9yWjBSMXZSeDJGMFRtcHNLSzBsWVdRTkpOY0RjZ3ZZSlFrVFJkdHZDeFNMMFJpWHUxMjhkUHNDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZCeXEyREMzY2ZCWEpQK1l6dEJpamV0VEhEeWxNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUURnOHkwLwpqZVN0VnVMZ29zTGpSVk1pQ0JlaXBUcTR4N1VKby9naThjdWdjQTVlYTBXMUxHZUpXcVVMWkluZmZpakd6eHJOCjdXb3FCbW9ZbFRwTUJKQ3AydERybWdsMW81OHFYendFam5valdwU2ZnNjhmU29VbDdxYVA5SzdpVVR2UTJwM1YKbE1VRWpIaGNJdWVNOWc5aVV1RGJ1UmswNGxJZVo1d3Erb3p0SWlUTHFUVG51UDhSMDkwMlFLUmY2QnBGejRuMgo2Z1Z2MHBWTXhaTTBpUVAvU0UxcGVhN0tDcjJLS0dsT2FqYktvQlJXajExNGNoS1ZNcXBReFpUdmRXaW9Fam5jCnlhWHFnL1hoMTBMalpZNTdZZXYyVWx6V0FuMEZxd2pxQmZSM09wdElib0VNaU05S1daVUtOYXFhSENEcDYvdnUKSXkxYWY5VENFQVY0eENlZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
4+
fullchain.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVHakNDQXdLZ0F3SUJBZ0lVRXNXTE9qMkM3UU1oc1pJdjl1cklReFExKzFJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05NakV3T0RFM01UUXlPREF3V2hjTk1qWXdPREUyTVRReU9EQXdXakJFTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTwpNQXdHQTFVRUF4TUZhMkZtYTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNnClJYbnlQU2NCR1cxQjhzOFk5SjZpcWF5V2p5UllCb3doU3V6MWVKci83bjBOSFI5K2hxQzVpREpWQk5uMk1yZGoKTkFUelRsd1FEN0NTN00wd1BxejR0SG9QSXM4R2RXeFg0a2Mrb0N2Qy9nb3dybHNNMCtBbzhBd2t0TTU2NnNEQQo1QTJqeW1TQ0Z6RlZ3U0U0TEpDU3g5Mlo3Ympidzh6Mmx4RGZQSWR5ZGxzd1QvVitUMFJMQ2Y1TyszVHZEMnpOCmcybCtlS1BwMTR5UkVaWlZjaERMT3U5MlAxbmM1ZzdtcXMxbDY2akExQzVnZm16TzVuejdqVUpJWVJuNnRoaEkKZ2orV3ZETTdrYTQrUFVScjA2TmJlV3pWSU0xOTZuTEdvK29oNDFrVnZ4T08yUHlETEpseG1PNWVyK1FRT3JTVAp3WE5uK2R1Y2FGUWU4cHB3RExvdkFnTUJBQUdqZ2VNd2dlQXdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CMEdBMVVkCkpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjBHQTFVZERnUVcKQkJTcVIxa3RCSENDZk1DdmNYTTR6d2hSVTFzVnREQWZCZ05WSFNNRUdEQVdnQlFjcXRnd3QzSHdWeVQvbU03UQpZbzNyVXh3OHBUQmhCZ05WSFJFRVdqQllnZ1ZyWVdacllZSUxLaTV0ZVM1a2IyMWhhVzZDSDJ0aFptdGhMbk5oCmJtUmliM2d1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDSVNvdWEyRm1hMkV1YzJGdVpHSnZlQzV6ZG1NdVkyeDEKYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUdBK0hIcHRnZlkzNmJjQmpYZm1JREZMLwpsMFJTWi80K2oyRTVKSTlLYmR3eU9sWkRDRkNydzJBOE9SQURNTXpJU3laZk5RczcxNkxjUk5PK05yd3l3MktoCmdFSDhzTFNpazZmNnlFTWdMS04vK3BqS0xGUDZWeTJHVmtjbko1dDdqcGpuTmZaWDJ2SGlZVUNDZjAyWHR2MXQKTktSYWhTVHEvMjB3bDdPUE1HbThmb0F5U0xUSlM3Y2pIem9EekRrTTdaMTN3aEpEQTc3UGF4MlhNL3NEc2NhSQo0UEQ4a2dLTlcrY3duZld1bzArNnVxVjZuTU5WRy9kYzBQSXBzTkhzb2QrUUhVb2hVVE1MRXNhK0QwNTNReWI4ClNUVUU4T1Z5NUl0S1JJclZLV25NV2laSi96NFhjTHdrd2R4cExjcVI2eTAxaGY1ZGptYkprMEVnZDVSNjJRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
5+
privkey.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBb0VWNThqMG5BUmx0UWZMUEdQU2VvcW1zbG84a1dBYU1JVXJzOVhpYS8rNTlEUjBmCmZvYWd1WWd5VlFUWjlqSzNZelFFODA1Y0VBK3drdXpOTUQ2cytMUjZEeUxQQm5Wc1YrSkhQcUFyd3Y0S01LNWIKRE5QZ0tQQU1KTFRPZXVyQXdPUU5vOHBrZ2hjeFZjRWhPQ3lRa3NmZG1lMjQyOFBNOXBjUTN6eUhjblpiTUUvMQpmazlFU3duK1R2dDA3dzlzellOcGZuaWo2ZGVNa1JHV1ZYSVF5enJ2ZGo5WjNPWU81cXJOWmV1b3dOUXVZSDVzCnp1WjgrNDFDU0dFWityWVlTSUkvbHJ3ek81R3VQajFFYTlPalczbHMxU0ROZmVweXhxUHFJZU5aRmI4VGp0ajgKZ3l5WmNaanVYcS9rRURxMGs4RnpaL25ibkdoVUh2S2FjQXk2THdJREFRQUJBb0lCQUh6Y1E1bmQzSEkxemZHdgo2WG5tc1dQR1RrZnBjb1lGYTh4UUkvVkZKWFEzNTBKOUt0a1dwMGFEZmJyUWtjSUZWdXU1VGhZRE9TUG1KVWtCCnBRVnQvckd2WU54RDRRZUdHWWNLS1RqMzdiLzJ6QmVLN2pJN0tvcWFJTXZEOUl5OE1MalZzbTZsTWRKTG9Vck8Kc0VPa0xHbTl2YjI2L3VadlQxSFk5UE1Gby93ZVR5SThUa0FKVGtCZFJrWE82c1RoejUwdjVEOUtGMVI4QVBjcgpKUTlYcGFVamVPQ2NzQ1FPd3Z2eEhNdjVkWVRVWGs4TkpGeG0vNXZ5UEN4YVRaZVVWcThDWHNQZ0laeDg3cnRpCllXbEdyWmlLQTV4YTNqVStveUM5NEVXb0FmT3RXR3VqeUQyaGV5RlQ0dGRnS3JCVnZaTENSNm8rb01pQVplR1UKMTkxLzBtRUNnWUVBMHdRR3F6bk1NYXhjOXFFdXR6bHNHbnpOSXY1Z1JENkN1WHA4WWp3blFHZzI5OFJTbWd6MwpmZ0tYaFo3SG9FTE9VYlM3NGdrMkUrdVBOTjF1OGxYODJqeFh6bnpUdmZLS0RoUFMrSmxtbVpmRmYyT2d2S1lQCjdETlJSc0h1NlVNT2lKRnlxTEV3Ym5IalR1blNZbXVEcDg3YmcwRW8yRE9RYkIrYXZrWG9CZjhDZ1lFQXduQWcKNmplMzd4WlZISHRKcVgweWkwak9za2tYQXdYSzFrQk54ZHA3dUgyNWVYTzJsWTk4eGVBWlJmOWJRb3hJaGNHTwovYlNjRHZua05hclAyV3p5dTB1c1FyQzYxQWxzcHRaMXplbDYyT3dGdkRsYkpsNGpzcnluT1crdjk3Qmx1VFdCCllqTEcyYW1qbE9hVk5FUEpoRlNnRjBTc1lza0g5L084dHVkaUs5RUNnWUVBaDN4YlI4OUpjMDluTlJlU3BpUWgKYS9SYnhpOHI0a1Y4cTlpZ1NuYXpBU0Nvd25iMFRtTXErV1p5b1dHc2JSTFg1QkEyWGxCcHYycU12WFc3eWE4NgpOV2x2TzI1Y2llWlRpK3hnbGl2d2U0ZStVQ2ZJeWJlYUc1OXJmUklCOHhXU0hFKy9IZDcrNkxzSkp0N3NyVEs1CkNxSy93TXV5alBhMnNTV3R0cU90OFVNQ2dZRUFyeWdQbnE3KzlWU3E2M05zMGxCRVhoRUNrcjBoQzhvR0JhZjcKNThhQU9aeVludjVNZHNMQjVnZVEvT3VpckhwdlFuOHhidjlxcmxzUzUvMnVLL0huWUM0MVNnYW01eWh1Um9WZgpybFVzSTRuTFNOcHFjRS9SM012eDROM3FLVGt4Q2YxWFJyenpRVlYrVlQ2N0hsQUtremtnMXBVNHJlem5Uc2kxCk1oZVM2bUVDZ1lBaVVZTHpXZktwWHpHM1RhcXkvcXdSTUxOU212c3hjM0ZnL1B3MkdOWjhPY0xnbm9Dc3BjNGIKeVRoR1NTdy92UlJRMVUwRUI3SkJVb2ZQMExlMjQ3NVpYSUxSMmhEditmTGJRckVNUUZKNUhaWEJsNGg1STRBVgpITk0yNWhVQ2hSZHFFRjNvSkdsN0RoLzRPRUliTGJKSkZ1QzJ3a1g3ODNhdmQwb2I3TzVyZ2c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
6+
kind: Secret
7+
metadata:
8+
creationTimestamp: null
9+
name: tls-kafka

examples/userprovided-mtls/confluent/kafka.yaml

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
---
2+
apiVersion: platform.confluent.io/v1beta1
3+
kind: Kafka
4+
metadata:
5+
name: kafka
6+
spec:
7+
configOverrides:
8+
server:
9+
- confluent.schema.registry.url=https://schemaregistry.sandbox.svc.cluster.local:8081
10+
tls:
11+
secretRef: tls-kafka
12+
listeners:
13+
internal:
14+
authentication:
15+
type: mtls
16+
# principalMappingRules:
17+
# - RULE:CN=([\^,]*).*
18+
tls:
19+
enabled: true
20+
# Will use the certificates in the parent secretRef tls-kafka
21+
authorization:
22+
type: rbac
23+
superUsers:
24+
- User:kafka
25+
services:
26+
mds:
27+
tls:
28+
enabled: true
29+
tokenKeyPair:
30+
secretRef: broker-credential
31+
provider:
32+
type: ldap
33+
ldap:
34+
address: ldap://ldap.sandbox.svc.cluster.local:389
35+
authentication:
36+
type: simple
37+
simple:
38+
secretRef: broker-credential
39+
tls:
40+
enabled: true
41+
configurations:
42+
groupNameAttribute: cn
43+
groupObjectClass: groupOfNames
44+
groupMemberAttribute: member
45+
groupMemberAttributePattern: cn=(.*),ou=users,dc=test,dc=com
46+
groupSearchBase: ou=groups,dc=test,dc=com
47+
userNameAttribute: cn
48+
userMemberOfAttributePattern: cn=(.*),ou=users,dc=test,dc=com
49+
userObjectClass: organizationalRole
50+
userSearchBase: ou=users,dc=test,dc=com
51+
dependencies:
52+
kafkaRest:
53+
authentication:
54+
type: bearer
55+
bearer:
56+
secretRef: broker-credential
57+
zookeeper:
58+
endpoint: zookeeper.sandbox.svc.cluster.local:2182
59+
authentication:
60+
type: mtls
61+
tls:
62+
enabled: true

examples/userprovided-mtls/confluent/kustomization.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
namespace: sandbox
2+
resources:
3+
- ../../../kustomize/base/confluent
4+
#- ../../../kustomize/base/secrets-tls
5+
- ../../../kustomize/base/secrets-user
6+
- zookeeper-sslcerts.yaml
7+
- kafka-sslcerts.yaml
8+
patchesStrategicMerge:
9+
- zookeeper.yaml
10+
# - kafka.yaml
11+
# - rest-class.yaml

examples/userprovided-mtls/confluent/rest-class.yaml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
apiVersion: platform.confluent.io/v1beta1
2+
kind: KafkaRestClass
3+
metadata:
4+
name: default
5+
spec:
6+
kafkaRest:
7+
authentication:
8+
type: bearer
9+
bearer:
10+
secretRef: rest-credential

0 commit comments

Comments
 (0)