Doc improvments? #523
Merged
Doc improvments? #523
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ppatierno
reviewed
Jun 28, 2018
documentation/book/security.adoc
Outdated
| The Cluster Operator is in charge to setting up the SSL/TLS infrastructure by means of certificates for providing the security. | ||
| The Apache Kafka project supports data encryption by means of the SSL/TLS protocol. | ||
| This makes it possible to encrypt data transferred between brokers (interbroker communication) and between clients and brokers. | ||
| Leveraging the SSL/TLS support, it is also possible to have mutual authentication, where the Kafka broker authenticates the client's certificate, and the client authenticates the server's certificate. |
There was a problem hiding this comment.
"authenticates the client's certificate" sounds strange to me ...
It should be more "authenticates the client" or "verifies/validates the certificates" , or ?
documentation/book/security.adoc
Outdated
| * `<cluster-name>-kafka-brokers-internal`: it contains all the brokers private and public keys (certificates signed with "internal-ca") used for intra cluster communication. | ||
| * `<cluster-name>-kafka-brokers-clients`: it contains all the brokers private and public keys (certificates signed with specific cluster "clients-ca") used for communicating with clients. | ||
| * `internal-ca`: contains the private and public keys, so the self-signed certificate, used for signing broker certificates used for interbroker communication. It is common to all the Kafka clusters deployed by the Cluster Operator. | ||
| * `<cluster-name>-kafka-clients-ca`: contains the private and public keys, so the self-signed certificate, used for signing broker certificates used for communicating with clients. It iss specific for each deployed Kafka cluster as specified in the <cluster-name> prefix. |
documentation/book/security.adoc
Outdated
|
|
||
| === Clients connection via TLS | ||
|
|
||
| If the Kafka client wants to connect to the encrypted listener (CLIENTTLS) on port 9093, it needs the clients CA certificate in order to validate the broker certificate received during the SSL/TLS handshake (server authentication). | ||
| If a Kafka client wants to connect to the encrypted listener (CLIENTTLS) on port 9093, it needs to trust the clients CA certificate in order to authentics the broker certificate received during the SSL/TLS handshake. |
There was a problem hiding this comment.
Still here I have a doubt about the verb "authenticate" and the "certificate"
| ssl.truststore.password=test1234 |
There was a problem hiding this comment.
what's the difference that GitHub shows me here ? :-)
ppatierno
approved these changes
Jun 29, 2018
ppatierno
added a commit
that referenced
this pull request
Jul 2, 2018
Removed TODO about copy_extensions Added raising exception if internal CA certificate Secret is missing Changed log level to DEBUG for the openssl command output Doc improvments? (#523) * Doc improvments? * Update security.adoc * Update security.adoc Splitted in different scripts certs import into keystore/truststore Addresses feedback about security doc Last doc fix
ppatierno
added a commit
that referenced
this pull request
Jul 2, 2018
Removed TODO about copy_extensions Added raising exception if internal CA certificate Secret is missing Changed log level to DEBUG for the openssl command output Doc improvments? (#523) * Doc improvments? * Update security.adoc * Update security.adoc Splitted in different scripts certs import into keystore/truststore Addresses feedback about security doc Last doc fix
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of change
Select the type of your PR
Description
Please describe your pull request
Checklist
Please go through this checklist and make sure all applicable tasks have been done