mTLS

This authentication method is commonly used with an EventHub such as Kafka.

Synopsis

# TLS secret
apiVersion: v1
kind: Secret
metadata:
  name: tls-secret
data:
  ca.crt: <PEM file base64-encoded>
  tls.crt: <PEM file base64-encoded>
  tls.key: <PEM file base64-encoded>

# Credentials definition
apiVersion: kannika.io/v1alpha
kind: Credentials
metadata:
  name: mtls
spec:
  mTls:
    description: "mTLS credentials" # Optional description
    caCertificatePemFrom:
      secretKeyRef:
        name: tls-secret
        key: ca.crt
    certificatePemFrom:
      secretKeyRef:
        name: tls-secret
        key: tls.crt
    privateKeyPemFrom:
      secretKeyRef:
        name: tls-secret
        key: tls.key
    privateKeyPasswordFrom: # Optional
      secretKeyRef:
        name: tls-key-password
        key: password

Usage

When using mTLS, the client’s certificate and key must be loaded in one or more secrets, and then be used in the Credentials definition.

The CA’s certificate may either be:

• unspecified, in which case OpenSSL will scan common directories;
• explicitly set using a secret in PEM format with caCertificatePemFrom.