Skip to content

[Merged by Bors] - Support tls authentication #442

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 37 commits into from
Closed

[Merged by Bors] - Support tls authentication #442

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
ec22f53
started adding tests
maltesander Jul 25, 2022
8a5ecfd
added tls structs and regenerated charts
maltesander Jul 25, 2022
7ca18c9
adapted listeners, retrieving node ports to http and https ports
maltesander Jul 26, 2022
0cd4134
client tls working, kcat probe fails
maltesander Jul 27, 2022
46d74d2
kcat probe working
maltesander Jul 28, 2022
b61cf8b
added get_node_port method
maltesander Jul 28, 2022
5159703
made GlobalKafkaConfig non optional
maltesander Jul 29, 2022
29c8276
added client tls tests
maltesander Jul 29, 2022
940e05e
added client tls tests
maltesander Jul 29, 2022
d5ff5fe
wip
maltesander Jul 29, 2022
fbba669
internal and external tls working
maltesander Aug 1, 2022
e798b76
cleanup
maltesander Aug 1, 2022
2e13c58
wip - non tls tests failing due to patch -> null bug
maltesander Aug 1, 2022
f1c96dc
adding client authentication, tls tests working
maltesander Aug 2, 2022
e8767a9
adapted docs
maltesander Aug 2, 2022
46be7d1
fixed auth class
maltesander Aug 2, 2022
5362dbc
extracted listener creation to extra module. introduced one listener …
maltesander Aug 3, 2022
953efb1
added default for internal tls
maltesander Aug 3, 2022
c0827ff
adapted internal tls default in docs
maltesander Aug 3, 2022
bcf6c59
fixed tests for default internal tls
maltesander Aug 3, 2022
45f3b72
client authentication tests working
maltesander Aug 3, 2022
d6f00ac
all tests working
maltesander Aug 3, 2022
f854531
Apply suggestions from code review
maltesander Aug 4, 2022
04a69b3
added quotations to env variables in test script
maltesander Aug 4, 2022
bf08f34
Update tests/templates/kuttl/tls/test_client_tls.sh
maltesander Aug 4, 2022
c097319
Apply suggestions from code review
maltesander Aug 4, 2022
cae1ba6
adapted to pr review
maltesander Aug 4, 2022
a18b972
adapted to pr review
maltesander Aug 4, 2022
b64b045
added test with wrong certificates when using authenticated client tls.
maltesander Aug 4, 2022
fb06898
fix typo in comment
maltesander Aug 4, 2022
789327e
Update tests/templates/kuttl/tls/20-install-kafka.yaml.j2
maltesander Aug 4, 2022
ec3edf8
set wrong key/truststore cert enddate 100y
maltesander Aug 5, 2022
f70d418
added authentication class to roles
maltesander Aug 5, 2022
54e4e70
reduced number of tls tests
maltesander Aug 5, 2022
8695185
fixed zookeeper latest
maltesander Aug 5, 2022
6534deb
regenerated charts
maltesander Aug 5, 2022
2846b83
Fix scenario name in tls test
sbernauer Aug 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions deploy/crd/kafkacluster.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -275,6 +275,45 @@ spec:
required:
- roleGroups
type: object
config:
default:
tls:
secretClass: tls
internalTls:
secretClass: tls
properties:
clientAuthentication:
description: "Only affects client connections. This setting controls: - If clients need to authenticate themselves against the server via TLS - Which ca.crt to use when validating the provided client certs Defaults to `None`"
nullable: true
properties:
authenticationClass:
type: string
required:
- authenticationClass
type: object
internalTls:
default:
secretClass: tls
description: "Only affects internal communication. Use mutual verification between Kafka nodes This setting controls: - Which cert the servers should use to authenticate themselves against other servers - Which ca.crt to use when validating the other server"
nullable: true
properties:
secretClass:
type: string
required:
- secretClass
type: object
tls:
default:
secretClass: tls
description: "Only affects client connections. This setting controls: - If TLS encryption is used at all - Which cert the servers should use to authenticate themselves against the client Defaults to `TlsSecretClass` { secret_class: \"tls\".to_string() }."
nullable: true
properties:
secretClass:
type: string
required:
- secretClass
type: object
type: object
log4j:
nullable: true
type: string
Expand Down
39 changes: 39 additions & 0 deletions deploy/helm/kafka-operator/crds/crds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,45 @@ spec:
required:
- roleGroups
type: object
config:
default:
tls:
secretClass: tls
internalTls:
secretClass: tls
properties:
clientAuthentication:
description: "Only affects client connections. This setting controls: - If clients need to authenticate themselves against the server via TLS - Which ca.crt to use when validating the provided client certs Defaults to `None`"
nullable: true
properties:
authenticationClass:
type: string
required:
- authenticationClass
type: object
internalTls:
default:
secretClass: tls
description: "Only affects internal communication. Use mutual verification between Kafka nodes This setting controls: - Which cert the servers should use to authenticate themselves against other servers - Which ca.crt to use when validating the other server"
nullable: true
properties:
secretClass:
type: string
required:
- secretClass
type: object
tls:
default:
secretClass: tls
description: "Only affects client connections. This setting controls: - If TLS encryption is used at all - Which cert the servers should use to authenticate themselves against the client Defaults to `TlsSecretClass` { secret_class: \"tls\".to_string() }."
nullable: true
properties:
secretClass:
type: string
required:
- secretClass
type: object
type: object
log4j:
nullable: true
type: string
Expand Down
8 changes: 8 additions & 0 deletions deploy/helm/kafka-operator/templates/roles.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,3 +89,11 @@ rules:
- {{ include "operator.name" . }}clusters/status
verbs:
- patch
- apiGroups:
- authentication.stackable.tech
resources:
- authenticationclasses
verbs:
- get
- list
- watch
39 changes: 39 additions & 0 deletions deploy/manifests/crds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,45 @@ spec:
required:
- roleGroups
type: object
config:
default:
tls:
secretClass: tls
internalTls:
secretClass: tls
properties:
clientAuthentication:
description: "Only affects client connections. This setting controls: - If clients need to authenticate themselves against the server via TLS - Which ca.crt to use when validating the provided client certs Defaults to `None`"
nullable: true
properties:
authenticationClass:
type: string
required:
- authenticationClass
type: object
internalTls:
default:
secretClass: tls
description: "Only affects internal communication. Use mutual verification between Kafka nodes This setting controls: - Which cert the servers should use to authenticate themselves against other servers - Which ca.crt to use when validating the other server"
nullable: true
properties:
secretClass:
type: string
required:
- secretClass
type: object
tls:
default:
secretClass: tls
description: "Only affects client connections. This setting controls: - If TLS encryption is used at all - Which cert the servers should use to authenticate themselves against the client Defaults to `TlsSecretClass` { secret_class: \"tls\".to_string() }."
nullable: true
properties:
secretClass:
type: string
required:
- secretClass
type: object
type: object
log4j:
nullable: true
type: string
Expand Down
8 changes: 8 additions & 0 deletions deploy/manifests/roles.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,3 +89,11 @@ rules:
- kafkaclusters/status
verbs:
- patch
- apiGroups:
- authentication.stackable.tech
resources:
- authenticationclasses
verbs:
- get
- list
- watch
Loading