From afb248aea7ff7f9d634f83690c97f6e667530f7e Mon Sep 17 00:00:00 2001 From: Sebastian Gaiser Date: Tue, 30 Apr 2024 12:57:20 +0000 Subject: [PATCH] docs(mtls): add example in combination with 'KafkaTopic' and 'KafkaUser' Signed-off-by: Sebastian Gaiser --- packaging/examples/mtls/mtls.yaml | 69 +++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 packaging/examples/mtls/mtls.yaml diff --git a/packaging/examples/mtls/mtls.yaml b/packaging/examples/mtls/mtls.yaml new file mode 100644 index 0000000..e60cd5f --- /dev/null +++ b/packaging/examples/mtls/mtls.yaml @@ -0,0 +1,69 @@ +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: canary + namespace: kafka + labels: + strimzi.io/cluster: my-cluster +spec: + partitions: 3 + replicas: 3 +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: strimzi-canary-client + namespace: kafka + labels: + strimzi.io/cluster: my-cluster +spec: + authentication: + type: tls + authorization: + type: simple + acls: + - resource: + type: topic + patternType: literal + name: canary + operations: + - Describe + - Write + - Alter + - Read + host: "*" + - resource: + type: group + name: strimzi-canary-group + patternType: literal + operations: + - Read + host: "*" +--- +# deployment part for mTLS + env: + - name: TOPIC + value: "canary" + - name: CLIENT_ID + value: "strimzi-canary-client" + - name: CONSUMER_GROUP_ID + value: "strimzi-canary-group" + - name: TLS_ENABLED + value: "true" + - name: TLS_CA_CERT + valueFrom: + secretKeyRef: + # the CA of your cluster - can be your own CA or created by strimzi + name: my-cluster-cluster-ca-cert + key: ca.crt + - name: TLS_CLIENT_CERT + valueFrom: + secretKeyRef: + name: "strimzi-canary-client" + key: user.crt + - name: TLS_CLIENT_KEY + valueFrom: + secretKeyRef: + name: "strimzi-canary-client" + key: user.key