Skip to content

Add TLS support for StrimziKafkaCLuster #193

Merged
see-quick merged 7 commits intostrimzi:mainfrom
see-quick:tls-enchancement
Apr 13, 2026
Merged

Add TLS support for StrimziKafkaCLuster #193
see-quick merged 7 commits intostrimzi:mainfrom
see-quick:tls-enchancement

Conversation

@see-quick
Copy link
Copy Markdown
Member

@see-quick see-quick commented Mar 4, 2026
edited
Loading

This PR adds support TLS to StrimziKafkaCluster class and exposing it via public API:

StrimziKafkaCluster kafkaCluster = new StrimziKafkaCluster.StrimziKafkaClusterBuilder()
    .withNumberOfBrokers(3)
    .withTls()
    .build();

It adds a internal classes (i.e., Keytool, CertAssembly). Keytool is fluent wrapper for operations executed inside container and CertAssembly orchestrates all certificates work and all operations is delegated to Keytool.

Note

Because the SANs include the broker network aliases (broker-0, broker-1, ...), the advertised listeners use these DNS > names instead of dynamic container IPs.

Moreover during implementation I tried to make as little as possible and so I would change some of the parts in the next PRs (refactors) but those parts are not related to TLS functionality at all for instance #192.

@see-quick see-quick added this to the 0.116.0 milestone Mar 4, 2026
@see-quick see-quick requested a review from a team March 4, 2026 12:29
@see-quick see-quick self-assigned this Mar 4, 2026
@see-quick see-quick added the enhancement New feature or request label Mar 4, 2026
@see-quick
Copy link
Copy Markdown
Member Author

see-quick commented Mar 23, 2026

^^ take a look @strimzi/maintainers thanks :)

katheris
katheris reviewed Mar 23, 2026
View reviewed changes
Comment thread src/main/java/io/strimzi/test/container/CertAssembly.java
Comment thread src/main/java/io/strimzi/test/container/CertAssembly.java Outdated
Comment thread src/main/java/io/strimzi/test/container/CertAssembly.java Outdated
Comment thread src/main/java/io/strimzi/test/container/StrimziKafkaContainer.java Outdated
Comment thread src/test/java/io/strimzi/test/container/StrimziKafkaClusterIT.java Outdated
@see-quick
Add TLS support for StrimziKafkaCLuster nad StrimziKakfaContainer
e26c1a4 
Signed-off-by: see-quick <maros.orsak159@gmail.com>

# Conflicts:
#	src/test/java/io/strimzi/test/container/StrimziKafkaContainerMockTest.java
@see-quick
add to readme
2de4f6a 
Signed-off-by: see-quick <maros.orsak159@gmail.com>
@see-quick
add also issue
86426b4 
Signed-off-by: see-quick <maros.orsak159@gmail.com>
@see-quick
rebase and fix issues
2771be3 
Signed-off-by: see-quick <maros.orsak159@gmail.com>
@see-quick
add CONTROLLER listener when TLS is used into broker-only nodes (for …
75ae95b 
…outbound raft connections to controllers)

Signed-off-by: see-quick <maros.orsak159@gmail.com>
@see-quick
Kate review
ece9206 
Signed-off-by: see-quick <maros.orsak159@gmail.com>
@see-quick
admin instead of adminclient
174019b 
Signed-off-by: see-quick <maros.orsak159@gmail.com>
@see-quick
Copy link
Copy Markdown
Member Author

see-quick commented Apr 9, 2026

^^ @strimzi/maintainers just a friendly reminder.

katheris
katheris approved these changes Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@katheris katheris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @see-quick

@see-quick see-quick merged commit 4b5e6af into strimzi:main Apr 13, 2026
16 checks passed
@see-quick see-quick mentioned this pull request Apr 13, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@katheris katheris katheris approved these changes

@im-konge im-konge im-konge approved these changes

Assignees

@see-quick see-quick

Labels

enhancement New feature or request

Projects

None yet

Milestone

0.116.0

Development

Successfully merging this pull request may close these issues.

3 participants

@see-quick @katheris @im-konge