security

package

v0.0.0-...-3027e7a Latest Latest Go to latest Published: Jan 20, 2025 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/zncdatadev/zookeeper-operator

Documentation ¶

Index ¶

Constants
type ZookeeperSecurity
- func NewZookeeperSecurity(clusterConfig *zkv1alpha1.ClusterConfigSpec) (*ZookeeperSecurity, error)

Constants ¶

View Source

const (
	ZkClientPortConfigItem string = "clientPort"

	// volume name and mount path
	ServerTlsVolumeName string = "server-tls"
	QuorumTlsVolumeName string = "quorum-tls"

	QuorumTLSDir        string = "/kubedoop/quorum_tls"
	QuorumTLSMountDir   string = "/kubedoop/quorum_tls_mount"
	ServerTLSDir        string = "/kubedoop/server_tls"
	ServerTLSMountDir   string = "/kubedoop/server_tls_mount"
	SystemTrustStoreDir string = "/etc/pki/java/cacerts"

	// Quorum TLS
	SSLQuorum                     string = "sslQuorum"
	SSLQuorumClientAuth           string = "ssl.quorum.clientAuth"
	SSLQuorumHostNameVerification string = "ssl.quorum.hostnameVerification"
	SSLQuorumKeyStoreLocation     string = "ssl.quorum.keyStore.location"
	SSLQuorumKeyStorePassword     string = "ssl.quorum.keyStore.password"
	SSLQuorumTrustStoreLocation   string = "ssl.quorum.trustStore.location"
	SSLQuorumTrustStorePassword   string = "ssl.quorum.trustStore.password"

	// client TLS
	SSLClientAuth           string = "ssl.clientAuth"
	SSLHostNameVerification string = "ssl.hostnameVerification"
	SSLKeyStoreLocation     string = "ssl.keyStore.location"
	SSLKeyStorePassword     string = "ssl.keyStore.password"
	SSLTrustStoreLocation   string = "ssl.trustStore.location"
	SSLTrustStorePassword   string = "ssl.trustStore.password"

	// Common tls
	SSLAuthProviderX509 string = "authProvider.x509"
	ServerCnxnFactory   string = "serverCnxnFactory"

	// mis
	StorePasswordEnv string = "STORE_PASSWORD"

	// authentication classes
	TlsDefaultSecretClass string = "tls"

	TrueString = "true"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ZookeeperSecurity ¶

type ZookeeperSecurity struct {
	// contains filtered or unexported fields
}

func NewZookeeperSecurity ¶

func NewZookeeperSecurity(clusterConfig *zkv1alpha1.ClusterConfigSpec) (*ZookeeperSecurity, error)

NewZookeeperSecurity creates a ZookeeperSecurity struct from the Zookeeper custom resource and resolves all provided AuthenticationClass references.

func (*ZookeeperSecurity) AddVolumeMounts ¶

func (z *ZookeeperSecurity) AddVolumeMounts(podBuilder *corev1.PodTemplateSpec, zkContainer *corev1.Container)

AddVolumeMounts adds required volumes and volume mounts to the pod and container builders depending on TLS and authentication settings.

func (*ZookeeperSecurity) ClientPort ¶

func (z *ZookeeperSecurity) ClientPort() uint16

ClientPort returns the ZooKeeper (secure) client port depending on TLS or authentication settings.

func (*ZookeeperSecurity) ConfigSettings ¶

func (z *ZookeeperSecurity) ConfigSettings() map[string]string

ConfigSettings returns required ZooKeeper configuration settings for the `zoo.cfg` properties file depending on TLS and authentication settings.

func (*ZookeeperSecurity) TLSEnabled ¶

func (z *ZookeeperSecurity) TLSEnabled() bool

TLSEnabled checks if TLS encryption is enabled based on server SecretClass or client AuthenticationClass.

Source Files ¶

View all Source files

security.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL