security

package
v0.0.0-...-fb363da Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 4, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ClientSSLKeyStoreLocation   = "listener.name.client.ssl.keystore.location"
	ClientSSLKeyStorePassword   = "listener.name.client.ssl.keystore.password"
	ClientSSLKeyStoreType       = "listener.name.client.ssl.keystore.type"
	ClientSSLTrustStoreLocation = "listener.name.client.ssl.truststore.location"
	ClientSSLTrustStorePassword = "listener.name.client.ssl.truststore.password"
	ClientSSLTrustStoreType     = "listener.name.client.ssl.truststore.type"
)

Client

View Source 
const (
	ClientAuthSSLKeyStoreLocation   = "listener.name.client_auth.ssl.keystore.location"
	ClientAuthSSLKeyStorePassword   = "listener.name.client_auth.ssl.keystore.password"
	ClientAuthSSLKeyStoreType       = "listener.name.client_auth.ssl.keystore.type"
	ClientAuthSSLTrustStoreLocation = "listener.name.client_auth.ssl.truststore.location"
	ClientAuthSSLTrustStorePassword = "listener.name.client_auth.ssl.truststore.password"
	ClientAuthSSLTrustStoreType     = "listener.name.client_auth.ssl.truststore.type"
	ClientAuthSSLClientAuth         = "listener.name.client_auth.ssl.client.auth"
)

ClientAuth

View Source 
const (
	InterBrokerListenerName    = "inter.broker.listener.name"
	InterSSLKeyStoreLocation   = "listener.name.internal.ssl.keystore.location"
	InterSSLKeyStorePassword   = "listener.name.internal.ssl.keystore.password"
	InterSSLKeyStoreType       = "listener.name.internal.ssl.keystore.type"
	InterSSLTrustStoreLocation = "listener.name.internal.ssl.truststore.location"
	InterSSLTrustStorePassword = "listener.name.internal.ssl.truststore.password"
	InterSSLTrustStoreType     = "listener.name.internal.ssl.truststore.type"
	InterSSLClientAuth         = "listener.name.internal.ssl.client.auth"
)

Internal

View Source 
const (
	KubedoopTLSCertServerDir           = kafkav1alpha1.KubedoopRoot + "/tls_cert_server_mount"
	KubedoopTLSCertServerDirName       = "tls-cert-server-mount"
	KubedoopTLSKeyStoreServerDir       = kafkav1alpha1.KubedoopRoot + "/tls_keystore_server"
	KubedoopTLSKeyStoreServerDirName   = "tls-keystore-server"
	KubedoopTLSKeyStoreInternalDir     = kafkav1alpha1.KubedoopRoot + "/tls_keystore_internal"
	KubedoopTLSKeyStoreInternalDirName = "tls-keystore-internal"
)

Directories

View Source 
const PKCS12 = "PKCS12"

Variables

This section is empty.

Functions

func CreateTlsKeystoreVolume 

func CreateTlsKeystoreVolume(volumeName, secretClass, sslStorePassword string) corev1.Volume

// CreateTlsKeystoreVolume creates ephemeral volumes to mount the SecretClass into the Pods as keystores

func CreateTlsVolume 

func CreateTlsVolume(volumeName, secretClass, sslStorePassword string) corev1.Volume

Types

type KafkaTlsSecurity 

type KafkaTlsSecurity struct {
	ResolvedAnthenticationClass string
	InternalSecretClass         string
	ServerSecretClass           string
	SSLStorePassword            string
}

func NewKafkaTlsSecurity 

func NewKafkaTlsSecurity(tlsSpec *kafkav1alpha1.TlsSpec) *KafkaTlsSecurity

NewKafkaTlsSecurity creates a new KafkaTlsSecurity instance

func (*KafkaTlsSecurity) AddVolume 

func (k *KafkaTlsSecurity) AddVolume(sts *appsv1.StatefulSet, volume corev1.Volume)

statefulset add tls volumes

func (*KafkaTlsSecurity) AddVolumeAndVolumeMounts 

func (k *KafkaTlsSecurity) AddVolumeAndVolumeMounts(sts *appsv1.StatefulSet)

AddVolumeAndVolumeMounts adds required volumes and volume mounts to the pod and container builders

func (*KafkaTlsSecurity) AddVolumeMount 

func (k *KafkaTlsSecurity) AddVolumeMount(container *corev1.Container, volumeName, mountPath string)

container add tls volume mount

func (*KafkaTlsSecurity) ClientPort 

func (k *KafkaTlsSecurity) ClientPort() int

ClientPort returns the Kafka (secure) client port depending on tls or authentication settings

func (*KafkaTlsSecurity) ClientPortName 

func (k *KafkaTlsSecurity) ClientPortName() string

ClientPortName returns the Kafka (secure) client port name depending on tls or authentication settings

func (*KafkaTlsSecurity) ConfigSettings 

func (k *KafkaTlsSecurity) ConfigSettings() map[string]string

ConfigSettings returns required Kafka configuration settings for the server.properties file

func (*KafkaTlsSecurity) InternalPort 

func (k *KafkaTlsSecurity) InternalPort() int

InternalPort returns the Kafka (secure) internal port depending on tls settings

func (*KafkaTlsSecurity) KcatClientAuthSsl 

func (k *KafkaTlsSecurity) KcatClientAuthSsl(certDirectory string) []string

KcatClientAuthSsl returns the SSL configuration for kcat client with authentication

func (*KafkaTlsSecurity) KcatClientSsl 

func (k *KafkaTlsSecurity) KcatClientSsl(certDirectory string) []string

KcatClientSsl returns the SSL configuration for kcat client

func (*KafkaTlsSecurity) KcatProberContainerCommands 

func (k *KafkaTlsSecurity) KcatProberContainerCommands() []string

KcatProberContainerCommands returns the commands for the kcat readiness probe

func (*KafkaTlsSecurity) SvcContainerCommands 

func (k *KafkaTlsSecurity) SvcContainerCommands() string

SvcContainerCommands returns SVC container command to retrieve the node port service port

func (*KafkaTlsSecurity) TlsClientAuthenticationClass 

func (k *KafkaTlsSecurity) TlsClientAuthenticationClass() string

TlsClientAuthenticationClass retrieves an optional TLS AuthenticationClass

func (*KafkaTlsSecurity) TlsEnabled 

func (k *KafkaTlsSecurity) TlsEnabled() bool

TlsEnabled checks if TLS encryption is enabled

func (*KafkaTlsSecurity) TlsInternalSecretClass 

func (k *KafkaTlsSecurity) TlsInternalSecretClass() string

TlsInternalSecretClass retrieves the mandatory internal SecretClass

func (*KafkaTlsSecurity) TlsServerSecretClass 

func (k *KafkaTlsSecurity) TlsServerSecretClass() string

TlsServerSecretClass retrieves an optional TLS secret class for external client -> server communications

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.