strimzi-kafka-operator icon indicating copy to clipboard operation
strimzi-kafka-operator copied to clipboard
verified publisher icon strimzi

docs(security): updates content for securing kafka access

Open PaulRMellor opened this issue 1 year ago • 1 comments

Documentation

Updates from review and edit of the content related to security to make it easier to understand and find the relevant information.

  • Removes repeated content, including for the following types of content
    • Certificate creation (present in a couple of places)
    • Configuring Kafka brokers and users - now present in a single example
  • Restructuring:
    • Setting up client access to a Kafka cluster now has no content related to securing access
    • Setting up secure client access example moves to securing access section
    • Network policies concepts moved to the network policies procedure
    • OAuth 2.0 moves into a separate section
    • Moves user quotas into separate section for better visibility
  • Cleanup: the following files have been removed to reduce redundancy and repetition (content absorbed or removed if replicated elsewhere)
    • Security options for Kafka (assembly-securing-kafka-brokers.adoc) -- not required
    • Securing access to Kafka brokers (assembly-securing-kafka.adoc) -- content moved
    • Securing user access to Kafka (proc-configuring-secure-kafka-user.adoc) -- content in example
    • Securing Kafka brokers (proc-securing-kafka.adoc) -- content in example

NOTE: OAUth content is subject to a separate review

Checklist

Please go through this checklist and make sure all applicable tasks have been done

  • [ ] Write tests
  • [ ] Make sure all tests pass
  • [x] Update documentation
  • [ ] Check RBAC rights for Kubernetes / OpenShift roles
  • [ ] Try your changes from Pod inside your Kubernetes and OpenShift cluster, not just locally
  • [ ] Reference relevant issue(s) and close them after merging
  • [ ] Update CHANGELOG.md
  • [ ] Supply screenshots for visual changes, such as Grafana dashboards

PaulRMellor avatar May 07 '24 15:05 PaulRMellor

Thanks for the review @scholzj . I addressed all the comments, but this one: https://github.com/strimzi/strimzi-kafka-operator/pull/10071#discussion_r1592693604

As mentioned in the reply, we use the "(Kubernetes only)" in a few places because of downstream doc where the ingress procedure is left out.

PaulRMellor avatar May 09 '24 14:05 PaulRMellor