Kafka certificate management with cert-manager #5718
Replies: 5 comments 33 replies
-
The blog post is about the listener certificates: https://strimzi.io/docs/operators/latest/full/using.html#kafka-listener-certificates-str ... Not about custom CAs. These are very different things, so the blog post does not apply in any way to the CA certificates. |
Beta Was this translation helpful? Give feedback.
-
Hi schollzj, I have deployed strimzi kafka and kafka connect with the helm chart. I have used below steps to connect to my kafka cluster and able to produce and consume the msgs.
From these steps I got the below files. I want to implement SSL for this kafka connect. I have made the changes in template folder of strimzi kafka connect as below. tls part i have added under spec as per official strimzi doc. apiVersion: kafka.strimzi.io/v1beta2 After this point I am stuck.. official docs are bit confusing and after this change in template folder https connection not established. Can you pls help here |
Beta Was this translation helpful? Give feedback.
-
I have put secret details (my-cluster-cluster-ca-cert) as below in config file. kubectl get secrets -n abdul-test |
Beta Was this translation helpful? Give feedback.
-
curl -kv https://10.96.96.132:8083
|
Beta Was this translation helpful? Give feedback.
-
@scholzj can u suggest here |
Beta Was this translation helpful? Give feedback.
-
I know we can install our own certificate https://strimzi.io/docs/operators/latest/full/using.html#installing-your-own-ca-certificates-str, however, If we provide our own certificates, we must manually renew them when needed.
After I read an article https://strimzi.io/blog/2021/05/07/deploying-kafka-with-lets-encrypt-certificates/, it describe how listener leverages external certificates from cert-manager, it mentioned certificate renewals will be done automatically by cert-manager and Strimzi. Could I understand this solution address the certificate issue of cluster-ca-cert and cluster-ca?
I am wondering for client-ca-cert and client-ca whether there is similar solution? we expect both client-ca-cert and client-ca can get certificate from cert-manager and certificate renewals can be done automatically by cert-manager and Strimzi. Is it possible? Or Any good point for that?
Beta Was this translation helpful? Give feedback.
All reactions