security/autogenerated-tls_only/confluent-platform-tls-only.yaml

apiVersion: platform.confluent.io/v1beta1
kind: Zookeeper
metadata:
  name: zookeeper
  namespace: confluent
spec:
  replicas: 3
  image:
    application: confluentinc/cp-zookeeper:7.7.0
    init: confluentinc/confluent-init-container:2.9.0
  dataVolumeCapacity: 10Gi
  logVolumeCapacity: 10Gi
  tls:
    # For this component, Confluent for Kubernete will autogenerate and 
    # configure server certs, using a certificate authority specified in
    # the secret `ca-pair-sslcerts`.
    # This same configuration is specified for all other components.
    autoGeneratedCerts: true
---
apiVersion: platform.confluent.io/v1beta1
kind: Kafka
metadata:
  name: kafka
  namespace: confluent
spec:
  replicas: 3
  image:
    application: confluentinc/cp-server:7.7.0
    init: confluentinc/confluent-init-container:2.9.0
  dataVolumeCapacity: 10Gi
  tls:
    autoGeneratedCerts: true
  listeners:
    internal:
      # The `internal` listener will be TLS enabled.
      tls:
        enabled: true
        # Since no secretRef is specified, the Kafka auto-generated tls 
        # configuration specified above will be used for this listener.
  metricReporter:
    enabled: true
    bootstrapEndpoint: kafka:9071
    tls:
      enabled: true
  dependencies:
    zookeeper:
      endpoint: zookeeper.confluent.svc.cluster.local:2182
      tls:
        enabled: true
---
apiVersion: platform.confluent.io/v1beta1
kind: Connect
metadata:
  name: connect
  namespace: confluent
spec:
  replicas: 2
  image:
    application: confluentinc/cp-server-connect:7.7.0
    init: confluentinc/confluent-init-container:2.9.0
  tls:
    autoGeneratedCerts: true
  dependencies:
    kafka:
      bootstrapEndpoint: kafka:9071
      tls:
        enabled: true
---
apiVersion: platform.confluent.io/v1beta1
kind: KsqlDB
metadata:
  name: ksqldb
  namespace: confluent
spec:
  replicas: 2
  image:
    application: confluentinc/cp-ksqldb-server:7.7.0
    init: confluentinc/confluent-init-container:2.9.0
  dataVolumeCapacity: 10Gi
  tls:
    autoGeneratedCerts: true
  dependencies:
    kafka:
      bootstrapEndpoint: kafka:9071
      tls:
        enabled: true
---
apiVersion: platform.confluent.io/v1beta1
kind: SchemaRegistry
metadata:
  name: schemaregistry
  namespace: confluent
spec:
  replicas: 1
  image:
    application: confluentinc/cp-schema-registry:7.7.0
    init: confluentinc/confluent-init-container:2.9.0
  tls:
    autoGeneratedCerts: true
  dependencies:
    kafka:
      bootstrapEndpoint: kafka:9071
      tls:
        enabled: true
---
apiVersion: platform.confluent.io/v1beta1
kind: ControlCenter
metadata:
  name: controlcenter
  namespace: confluent
spec:
  replicas: 1
  image:
    application: confluentinc/cp-enterprise-control-center:7.7.0
    init: confluentinc/confluent-init-container:2.9.0
  dataVolumeCapacity: 10Gi
  tls:
    autoGeneratedCerts: true
  dependencies:
    kafka:
      bootstrapEndpoint: kafka.confluent.svc.cluster.local:9071
      tls:
        enabled: true
    schemaRegistry:
      url: https://schemaregistry.confluent.svc.cluster.local:8081
      tls:
        enabled: true
    ksqldb:
    - name: ksql
      url: https://ksqldb.confluent.svc.cluster.local:8088
      tls:
        enabled: true
    connect:
    - name: connect-dev
      url:  https://connect.confluent.svc.cluster.local:8083
      tls:
        enabled: true
---
apiVersion: platform.confluent.io/v1beta1
kind: KafkaRestProxy
metadata:
  name: kafkarestproxy
  namespace: confluent
spec:
  replicas: 1
  image:
    application: confluentinc/cp-kafka-rest:7.7.0
    init: confluentinc/confluent-init-container:2.9.0
  tls:
    autoGeneratedCerts: true
  dependencies:
    schemaRegistry:
      url: https://schemaregistry.confluent.svc.cluster.local:8081
      tls:
        enabled: true
---
apiVersion: platform.confluent.io/v1beta1
kind: KafkaRestClass
metadata:
  name: default
  namespace: confluent
spec:
  kafkaClusterRef:
    name: kafka
    namespace: confluent