Skip to content

Commit 5b5b3f4

Browse files
mmohamedmmohamed
committed
Up Docs
1 parent 17e9610 commit 5b5b3f4

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

SECURITY.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# How secure Kafka cluster with Kubernetes
1+
# How simply secure Kafka cluster with Kubernetes
22

33
## ZooKeeper DIGEST authentication
44
1. Edit account configuration (one for Zookeeper nodes, another for Kafka broker) in [config.secured.yaml](zookeeper/config.secured.yaml) file.
@@ -63,7 +63,7 @@ keytool -keystore kafka.server.truststore.jks -alias CARoot -import -file ca-cer
6363
keytool -keystore kafka.client.truststore.jks -alias CARoot -import -file ca-cert
6464
```
6565

66-
3. Sign the key store (with passcode and ssl.cnf configuration file)
66+
4. Sign the key store (with passcode and ssl.cnf configuration file)
6767
> You need to update alt_names section of ssl.cnf with list of your brokers hostname.
6868
```bash
6969
keytool -keystore kafka.server.keystore.jks -alias localhost -certreq -file cert-file
@@ -72,15 +72,15 @@ keytool -keystore kafka.server.keystore.jks -alias CARoot -import -file ca-cert
7272
keytool -keystore kafka.server.keystore.jks -alias localhost -import -file cert-signed
7373
```
7474

75-
4. Sign the client keystore
75+
5. Sign the client keystore
7676
```bash
7777
keytool -keystore kafka.client.keystore.jks -alias localhost -certreq -file cert-file-client
7878
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file-client -out cert-signed-client -days 365 -CAcreateserial -passin pass:passcode -extfile ssl.cnf -extensions req_ext
7979
keytool -keystore kafka.client.keystore.jks -alias CARoot -import -file ca-cert
8080
keytool -keystore kafka.client.keystore.jks -alias localhost -import -file cert-signed-client
8181
```
8282

83-
4. Kafka SSL Kubernetes
83+
6. Kafka SSL Kubernetes
8484
Create kubernetes secret from kafka.keystore.jks and kafka.truststore.jks :
8585
```bash
8686
kubectl create secret generic ssl --from-literal=keystore_password=passcode --from-file=kafka.keystore.jks=ssl/kafka.server.keystore.jks --from-literal=truststore_password=passcode --from-file=kafka.truststore.jks=ssl/kafka.server.truststore.jks
@@ -92,7 +92,7 @@ kubectl apply -f kafka/statefulset.ssl.yaml
9292
kubectl apply -f kafka/service.ssl.yaml
9393
```
9494

95-
5. Testing
95+
7. Testing
9696

9797
Use openssl to debug connectionto valid certificate data:
9898
```bash
@@ -137,7 +137,7 @@ kubectl logs consumer-secured
137137
```
138138
139139
140-
6. Sources & Links:
140+
8. Sources & Links:
141141
- [Redhat-Kafka](https://access.redhat.com/documentation/en-us/red_hat_amq/7.2/html/using_amq_streams_on_red_hat_enterprise_linux_rhel/configuring_kafka)
142142
- [Confluence-Zookeeper](https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication)
143143
- [Apache-Kafka](https://kafka.apache.org/documentation/#security_overview)

0 commit comments

Comments
 (0)