Documentation ¶
Index ¶
- Constants
- func BrokerUserForCluster(cluster *v1beta1.KafkaCluster, additionalHostnames map[string]string) *v1alpha1.KafkaUser
- func ControllerUserForCluster(cluster *v1beta1.KafkaCluster) *v1alpha1.KafkaUser
- func GetCommonName(cluster *v1beta1.KafkaCluster) string
- func GetInternalDNSNames(cluster *v1beta1.KafkaCluster) (dnsNames []string)
- func LabelsForKafkaPKI(name, namespace string) map[string]string
- type Manager
- type UserCertificate
Constants ¶
const ( // BrokerSelfSignerTemplate is the template used for self-signer resources BrokerSelfSignerTemplate = "%s-self-signer" // BrokerCACertTemplate is the template used for CA certificate resources BrokerCACertTemplate = "%s-ca-certificate" // BrokerServerCertTemplate is the template used for broker certificate resources BrokerServerCertTemplate = "%s-server-certificate" // BrokerClusterIssuerTemplate is the template used for broker issuer resources BrokerClusterIssuerTemplate = "%s-%s-issuer" // LegacyBrokerClusterIssuerTemplate is the template used earlier for broker issuer resources LegacyBrokerClusterIssuerTemplate = "%s-issuer" // BrokerControllerTemplate is the template used for operator certificate resources BrokerControllerTemplate = "%s-controller" // BrokerControllerFQDNTemplate is combined with the above and cluster namespace // to create a 'fake' full-name for the controller user BrokerControllerFQDNTemplate = "%s.%s.mgt.%s" // CAFQDNTemplate is the template used for the FQDN of a CA CAFQDNTemplate = "%s-ca.%s.cluster.local" )
Variables ¶
This section is empty.
Functions ¶
func BrokerUserForCluster ¶
func BrokerUserForCluster(cluster *v1beta1.KafkaCluster, additionalHostnames map[string]string) *v1alpha1.KafkaUser
BrokerUserForCluster returns a KafkaUser CR for the broker certificates in a KafkaCluster
func ControllerUserForCluster ¶
func ControllerUserForCluster(cluster *v1beta1.KafkaCluster) *v1alpha1.KafkaUser
ControllerUserForCluster returns a KafkaUser CR for the controller/cc certificates in a KafkaCluster
func GetCommonName ¶
func GetCommonName(cluster *v1beta1.KafkaCluster) string
GetCommonName returns the full FQDN for the internal Kafka listener
func GetInternalDNSNames ¶
func GetInternalDNSNames(cluster *v1beta1.KafkaCluster) (dnsNames []string)
GetInternalDNSNames returns all potential DNS names for a kafka cluster - including brokers
func LabelsForKafkaPKI ¶
LabelsForKafkaPKI returns kubernetes labels for a PKI object
Types ¶
type Manager ¶
type Manager interface { // ReconcilePKI ensures a PKI for a kafka cluster - should be idempotent. // This method should at least setup any issuer needed for user certificates // as well as broker/cruise-control secrets ReconcilePKI(ctx context.Context, logger logr.Logger, scheme *runtime.Scheme, externalHostnames map[string]string) error // FinalizePKI performs any cleanup steps necessary for a PKI backend FinalizePKI(ctx context.Context, logger logr.Logger) error // ReconcileUserCertificate ensures and returns a user certificate - should be idempotent ReconcileUserCertificate( ctx context.Context, user *v1alpha1.KafkaUser, scheme *runtime.Scheme, clusterDomain string) (*UserCertificate, error) // FinalizeUserCertificate removes/revokes a user certificate FinalizeUserCertificate(ctx context.Context, user *v1alpha1.KafkaUser) error // GetControllerTLSConfig retrieves a TLS configuration for a controller kafka client GetControllerTLSConfig() (*tls.Config, error) }
Manager is the main interface for objects performing PKI operations
type UserCertificate ¶
type UserCertificate struct { CA []byte Certificate []byte Key []byte // Serial is used by vault backend for certificate revocations Serial string // jks and password are used by vault backend for passing jks info between itself // the cert-manager backend passes it through the k8s secret JKS []byte Password []byte }
UserCertificate is a struct representing the key components of a user TLS certificate for use across operations from other packages and internally.
func (*UserCertificate) DN ¶
func (u *UserCertificate) DN() string
DN returns the Distinguished Name of a TLS certificate