Securing communication between Cruise Control and Kafka #37

kyguy · 2020-04-22T04:10:10Z

Type of change

Enhancement / new feature

Description

Secures the communication between Cruise Control and Kafka.

Checklist

Please go through this checklist and make sure all applicable tasks have been done

Update/write design documentation in ./design
Write tests
Make sure all tests pass
Update documentation
Check RBAC rights for Kubernetes / OpenShift roles
Try your changes from Pod inside your Kubernetes and OpenShift cluster, not just locally
Reference relevant issue(s) and close them after merging
Update CHANGELOG.md

Signed-off-by: Kyle Liberti <kliberti@redhat.com>

Moved metrics topic to Cruise Control configuration Hiding truststore and keystore passwords in the log Signed-off-by: Paolo Patierno <ppatierno@live.com>

* Adding TLS communication between CC and Kafka Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Adding TLS communication between metric reporter and Kafka Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Fixed metrics report to use TLS hostname verification (#38) Moved metrics topic to Cruise Control configuration Hiding truststore and keystore passwords in the log Signed-off-by: Paolo Patierno <ppatierno@live.com> Co-authored-by: Paolo Patierno <ppatierno@live.com> Signed-off-by: Kyle Liberti <kliberti@redhat.com>

* Added Cruise Control System Tests - Added deployment with CC to Kafka ST resources - Added pod name and deployment resources - Added CC deployment system test Signed-off-by: Thomas Cooper <tcooper@redhat.com> * Cruise Control Deployment Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Add broker capacity estimation and configuration Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Add k8s memory parsing to return different byte multiples Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Refactor Capacity constructor Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Regenerate helm charts Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Addressing some comments Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Addressing more comments Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Addressing more comments (refactoring capacity API, checkOwnerReferences) Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Addressing comments ( capacity properties as strings/validate units in schema) Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Tightening capacity regex; fixing docs Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Another doc fix Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Add missing goal; bump CC version to 2.0.100 Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Fix logging and typos Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Addressing comments ( Update allowed disk capacity notation + refactoring) Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Fixing more typos Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Fixing another doc issue Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Securing communication between Cruise Control and Kafka (#37) * Adding TLS communication between CC and Kafka Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Adding TLS communication between metric reporter and Kafka Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Fixed metrics report to use TLS hostname verification (#38) Moved metrics topic to Cruise Control configuration Hiding truststore and keystore passwords in the log Signed-off-by: Paolo Patierno <ppatierno@live.com> Co-authored-by: Paolo Patierno <ppatierno@live.com> Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Removing CC replicas, refactor Dockerfile + CC dependencies Signed-off-by: Kyle Liberti <kliberti@redhat.com> * Added security context, network policy and tests (#39) * Added security context and tests Signed-off-by: Paolo Patierno <ppatierno@live.com> * Added network policy for the cruise control REST API port Signed-off-by: Paolo Patierno <ppatierno@live.com> * Added CruiseControl ST to regression tests Signed-off-by: Paolo Patierno <ppatierno@live.com> * Fixed NPE on Cruise Control network policy Signed-off-by: Paolo Patierno <ppatierno@live.com> Co-authored-by: Thomas Cooper <tcooper@redhat.com> Co-authored-by: Paolo Patierno <ppatierno@live.com>

kyguy added 2 commits April 21, 2020 18:45

Adding TLS communication between CC and Kafka

99fce80

Signed-off-by: Kyle Liberti <kliberti@redhat.com>

Adding TLS communication between metric reporter and Kafka

c217dad

Signed-off-by: Kyle Liberti <kliberti@redhat.com>

kyguy requested a review from ppatierno April 22, 2020 04:10

Fixed metrics report to use TLS hostname verification (#38)

996fc16

Moved metrics topic to Cruise Control configuration Hiding truststore and keystore passwords in the log Signed-off-by: Paolo Patierno <ppatierno@live.com>

kyguy changed the title ~~WIP: Securing communication between Cruise Control and Kafka~~ Securing communication between Cruise Control and Kafka Apr 22, 2020

ppatierno approved these changes Apr 22, 2020

View reviewed changes

ppatierno merged this pull request into cruise-control-deployment Apr 22, 2020

ppatierno deleted the cruise-control-tls branch April 22, 2020 15:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Securing communication between Cruise Control and Kafka #37

Securing communication between Cruise Control and Kafka #37

kyguy commented Apr 22, 2020

Securing communication between Cruise Control and Kafka #37

Securing communication between Cruise Control and Kafka #37

Conversation

kyguy commented Apr 22, 2020

Type of change

Description

Checklist