add cipher suite and key site per default

Author: maltesander

docs/modules/hdfs/pages/usage-guide/security.adoc

@@ -33,6 +33,7 @@ The `kerberos.secretClass` is used to give HDFS the possibility to request keyta
 
 The `tlsSecretClass` is needed to request TLS certificates, used e.g. for the Web UIs.
 
+NOTE: The hdfs-operator uses the cipher suite `AES/CTR/NoPadding` with a 128 Bit key per default. This can be changed using config overrides.
 
 === 4. Verify that Kerberos authentication is required
 Use `stackablectl stacklet list` to get the endpoints where the HDFS namenodes are reachable.

rust/operator-binary/src/security/kerberos.rs

@@ -52,6 +52,11 @@ impl HdfsSiteConfigBuilder {
     fn add_wire_encryption_settings(&mut self) -> &mut Self {
         self.add("dfs.data.transfer.protection", "privacy");
         self.add("dfs.encrypt.data.transfer", "true");
+        self.add(
+            "dfs.encrypt.data.transfer.cipher.suite",
+            "AES/CTR/NoPadding",
+        );
+        self.add("dfs.encrypt.data.transfer.cipher.key.bitlength", "128");
         self
     }
 }