Search in sources :

Example 6 with KafkaListenerAuthenticationCustom

use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom in project strimzi-kafka-operator by strimzi.

the class KafkaCluster method getNonDataVolumes.

/**
 * Generates list of non-data volumes used by Kafka Pods. This includes tmp volumes, mounted secrets and config
 * maps.
 *
 * @param isOpenShift   Indicates whether we are on OpenShift or not
 *
 * @return              List of nondata volumes used by the ZooKeeper pods
 */
private List<Volume> getNonDataVolumes(boolean isOpenShift) {
    List<Volume> volumeList = new ArrayList<>();
    if (rack != null || isExposedWithNodePort()) {
        volumeList.add(VolumeUtils.createEmptyDirVolume(INIT_VOLUME_NAME, "1Mi", "Memory"));
    }
    volumeList.add(createTempDirVolume());
    volumeList.add(VolumeUtils.createSecretVolume(CLUSTER_CA_CERTS_VOLUME, AbstractModel.clusterCaCertSecretName(cluster), isOpenShift));
    volumeList.add(VolumeUtils.createSecretVolume(BROKER_CERTS_VOLUME, KafkaCluster.brokersSecretName(cluster), isOpenShift));
    volumeList.add(VolumeUtils.createSecretVolume(CLIENT_CA_CERTS_VOLUME, KafkaCluster.clientsCaCertSecretName(cluster), isOpenShift));
    volumeList.add(VolumeUtils.createConfigMapVolume(logAndMetricsConfigVolumeName, ancillaryConfigMapName));
    volumeList.add(VolumeUtils.createEmptyDirVolume("ready-files", "1Ki", "Memory"));
    for (GenericKafkaListener listener : listeners) {
        if (listener.isTls() && listener.getConfiguration() != null && listener.getConfiguration().getBrokerCertChainAndKey() != null) {
            CertAndKeySecretSource secretSource = listener.getConfiguration().getBrokerCertChainAndKey();
            Map<String, String> items = new HashMap<>(2);
            items.put(secretSource.getKey(), "tls.key");
            items.put(secretSource.getCertificate(), "tls.crt");
            volumeList.add(VolumeUtils.createSecretVolume("custom-" + ListenersUtils.identifier(listener) + "-certs", secretSource.getSecretName(), items, isOpenShift));
        }
        if (isListenerWithOAuth(listener)) {
            KafkaListenerAuthenticationOAuth oauth = (KafkaListenerAuthenticationOAuth) listener.getAuth();
            volumeList.addAll(AuthenticationUtils.configureOauthCertificateVolumes("oauth-" + ListenersUtils.identifier(listener), oauth.getTlsTrustedCertificates(), isOpenShift));
        }
        if (isListenerWithCustomAuth(listener)) {
            KafkaListenerAuthenticationCustom custom = (KafkaListenerAuthenticationCustom) listener.getAuth();
            volumeList.addAll(AuthenticationUtils.configureGenericSecretVolumes("custom-listener-" + ListenersUtils.identifier(listener), custom.getSecrets(), isOpenShift));
        }
    }
    if (authorization instanceof KafkaAuthorizationKeycloak) {
        KafkaAuthorizationKeycloak keycloakAuthz = (KafkaAuthorizationKeycloak) authorization;
        volumeList.addAll(AuthenticationUtils.configureOauthCertificateVolumes("authz-keycloak", keycloakAuthz.getTlsTrustedCertificates(), isOpenShift));
    }
    return volumeList;
}
Also used : GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) Volume(io.fabric8.kubernetes.api.model.Volume) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth) KafkaAuthorizationKeycloak(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloak) KafkaListenerAuthenticationCustom(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom) CertAndKeySecretSource(io.strimzi.api.kafka.model.CertAndKeySecretSource)

Aggregations

KafkaAuthorizationKeycloak (io.strimzi.api.kafka.model.KafkaAuthorizationKeycloak)6 KafkaListenerAuthenticationCustom (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom)6 KafkaListenerAuthenticationOAuth (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth)6 GenericKafkaListener (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener)6 ArrayList (java.util.ArrayList)6 VolumeMount (io.fabric8.kubernetes.api.model.VolumeMount)4 CertAndKeySecretSource (io.strimzi.api.kafka.model.CertAndKeySecretSource)4 Volume (io.fabric8.kubernetes.api.model.Volume)2 CruiseControlSpec (io.strimzi.api.kafka.model.CruiseControlSpec)2 KafkaAuthorization (io.strimzi.api.kafka.model.KafkaAuthorization)2 KafkaAuthorizationCustom (io.strimzi.api.kafka.model.KafkaAuthorizationCustom)2 KafkaAuthorizationOpa (io.strimzi.api.kafka.model.KafkaAuthorizationOpa)2 KafkaAuthorizationSimple (io.strimzi.api.kafka.model.KafkaAuthorizationSimple)2 KafkaResources (io.strimzi.api.kafka.model.KafkaResources)2 Rack (io.strimzi.api.kafka.model.Rack)2 KafkaListenerAuthentication (io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication)2 KafkaListenerAuthenticationScramSha512 (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512)2 KafkaListenerAuthenticationTls (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls)2 GenericKafkaListenerConfiguration (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfiguration)2 ServerConfig (io.strimzi.kafka.oauth.server.ServerConfig)2