Skip to content
This repository has been archived by the owner on Nov 29, 2024. It is now read-only.

Commit

Permalink
docs(mtls): add example in combination with 'KafkaTopic' and 'KafkaUser'
Browse files Browse the repository at this point in the history
Signed-off-by: Sebastian Gaiser <[email protected]>
  • Loading branch information
sebastiangaiser committed Apr 30, 2024
1 parent ae24322 commit afb248a
Showing 1 changed file with 69 additions and 0 deletions.
69 changes: 69 additions & 0 deletions packaging/examples/mtls/mtls.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
---
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaTopic
metadata:
name: canary
namespace: kafka
labels:
strimzi.io/cluster: my-cluster
spec:
partitions: 3
replicas: 3
---
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
name: strimzi-canary-client
namespace: kafka
labels:
strimzi.io/cluster: my-cluster
spec:
authentication:
type: tls
authorization:
type: simple
acls:
- resource:
type: topic
patternType: literal
name: canary
operations:
- Describe
- Write
- Alter
- Read
host: "*"
- resource:
type: group
name: strimzi-canary-group
patternType: literal
operations:
- Read
host: "*"
---
# deployment part for mTLS
env:
- name: TOPIC
value: "canary"
- name: CLIENT_ID
value: "strimzi-canary-client"
- name: CONSUMER_GROUP_ID
value: "strimzi-canary-group"
- name: TLS_ENABLED
value: "true"
- name: TLS_CA_CERT
valueFrom:
secretKeyRef:
# the CA of your cluster - can be your own CA or created by strimzi
name: my-cluster-cluster-ca-cert
key: ca.crt
- name: TLS_CLIENT_CERT
valueFrom:
secretKeyRef:
name: "strimzi-canary-client"
key: user.crt
- name: TLS_CLIENT_KEY
valueFrom:
secretKeyRef:
name: "strimzi-canary-client"
key: user.key

0 comments on commit afb248a

Please sign in to comment.