Examples with CertAndKey - io.strimzi.certs.CertAndKey

Example 46 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi by strimzi.

the class KafkaCluster method generateBrokersSecret.

/**
 * Generate the Secret containing the Kafka brokers certificates signed by the cluster CA certificate used for TLS based
 * internal communication with Zookeeper.
 * It also contains the related Kafka brokers private keys.
 *
 * @param clusterCa The CA for cluster certificates
 * @param clientsCa The CA for clients certificates
 * @return The generated Secret
 */
public Secret generateBrokersSecret(ClusterCa clusterCa, ClientsCa clientsCa) {
    Map<String, String> data = new HashMap<>(replicas * 4);
    for (int i = 0; i < replicas; i++) {
        CertAndKey cert = brokerCerts.get(KafkaCluster.kafkaPodName(cluster, i));
        data.put(KafkaCluster.kafkaPodName(cluster, i) + ".key", cert.keyAsBase64String());
        data.put(KafkaCluster.kafkaPodName(cluster, i) + ".crt", cert.certAsBase64String());
        data.put(KafkaCluster.kafkaPodName(cluster, i) + ".p12", cert.keyStoreAsBase64String());
        data.put(KafkaCluster.kafkaPodName(cluster, i) + ".password", cert.storePasswordAsBase64String());
    }
    Map<String, String> annotations = Map.of(clusterCa.caCertGenerationAnnotation(), String.valueOf(clusterCa.certGeneration()), clientsCa.caCertGenerationAnnotation(), String.valueOf(clientsCa.certGeneration()));
    return createSecret(KafkaCluster.brokersSecretName(cluster), data, annotations);
}

Also used : CertAndKey(io.strimzi.certs.CertAndKey) HashMap(java.util.HashMap)

Aggregations

CertAndKey (io.strimzi.certs.CertAndKey)46 IOException (java.io.IOException)24 Secret (io.fabric8.kubernetes.api.model.Secret)18 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)16 File (java.io.File)16 HashMap (java.util.HashMap)16 Subject (io.strimzi.certs.Subject)12 OwnerReference (io.fabric8.kubernetes.api.model.OwnerReference)10 Base64 (java.util.Base64)10 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)10 IntOrString (io.fabric8.kubernetes.api.model.IntOrString)8 CertificateExpirationPolicy (io.strimzi.api.kafka.model.CertificateExpirationPolicy)8 CertManager (io.strimzi.certs.CertManager)8 ClusterCa (io.strimzi.operator.cluster.model.ClusterCa)8 PasswordGenerator (io.strimzi.operator.common.PasswordGenerator)8 Reconciliation (io.strimzi.operator.common.Reconciliation)8 Labels (io.strimzi.operator.common.model.Labels)8 CertificateException (java.security.cert.CertificateException)8 X509Certificate (java.security.cert.X509Certificate)8 Map (java.util.Map)8