From 20343efa7056a1e0cec66db87cc6a29a594f0edb Mon Sep 17 00:00:00 2001 From: Sebastian Gaiser Date: Tue, 30 Apr 2024 12:57:20 +0000 Subject: [PATCH 1/2] docs(mtls): add example in combination with 'KafkaTopic' and 'KafkaUser' Signed-off-by: Sebastian Gaiser --- packaging/examples/mtls/mtls.yaml | 118 ++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 packaging/examples/mtls/mtls.yaml diff --git a/packaging/examples/mtls/mtls.yaml b/packaging/examples/mtls/mtls.yaml new file mode 100644 index 0000000..0e0c785 --- /dev/null +++ b/packaging/examples/mtls/mtls.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: canary + labels: + strimzi.io/cluster: my-cluster +spec: + partitions: 3 + replicas: 3 +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: strimzi-canary-client + labels: + strimzi.io/cluster: my-cluster +spec: + authentication: + type: tls + authorization: + type: simple + acls: + - resource: + type: topic + name: canary + patternType: literal + operations: + - Describe + - Write + - Read + host: "*" + - resource: + type: cluster + operation: Alter + host: "*" + - resource: + type: group + name: strimzi-canary-group + patternType: literal + operations: + - Read + host: "*" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: strimzi-canary + labels: + app: strimzi-canary +spec: + replicas: 1 + selector: + matchLabels: + app: strimzi-canary + template: + metadata: + labels: + app: strimzi-canary + spec: + serviceAccountName: strimzi-canary + containers: + - name: strimzi-canary + image: quay.io/strimzi/canary:0.6.0 + env: + - name: KAFKA_BOOTSTRAP_SERVERS + value: my-cluster-kafka-bootstrap:9092 + - name: RECONCILE_INTERVAL_MS + value: "10000" + - name: TOPIC + value: "canary" + - name: CLIENT_ID + value: "strimzi-canary-client" + - name: CONSUMER_GROUP_ID + value: "strimzi-canary-group" + - name: TLS_ENABLED + value: "true" + - name: TLS_CA_CERT + valueFrom: + secretKeyRef: + # the CA of your cluster - can be your own CA or created by strimzi + name: my-cluster-cluster-ca-cert + key: ca.crt + - name: TLS_CLIENT_CERT + valueFrom: + secretKeyRef: + name: "strimzi-canary-client" + key: user.crt + - name: TLS_CLIENT_KEY + valueFrom: + secretKeyRef: + name: "strimzi-canary-client" + key: user.key + livenessProbe: + httpGet: + path: /liveness + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 30 + readinessProbe: + httpGet: + path: /readiness + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 30 + resources: + limits: + memory: "64Mi" + cpu: "100m" + requests: + memory: "64Mi" + cpu: "100m" + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + strategy: + type: Recreate From 19b56f8a8affbf7e3b6ff01f82e43725e8b088f0 Mon Sep 17 00:00:00 2001 From: Sebastian Gaiser Date: Tue, 30 Apr 2024 16:07:05 +0200 Subject: [PATCH 2/2] Update packaging/examples/mtls/mtls.yaml Co-authored-by: Paolo Patierno Signed-off-by: Sebastian Gaiser --- packaging/examples/mtls/mtls.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/examples/mtls/mtls.yaml b/packaging/examples/mtls/mtls.yaml index 0e0c785..b1a8147 100644 --- a/packaging/examples/mtls/mtls.yaml +++ b/packaging/examples/mtls/mtls.yaml @@ -61,7 +61,7 @@ spec: serviceAccountName: strimzi-canary containers: - name: strimzi-canary - image: quay.io/strimzi/canary:0.6.0 + image: quay.io/strimzi/canary:latest env: - name: KAFKA_BOOTSTRAP_SERVERS value: my-cluster-kafka-bootstrap:9092