How to set up certificates for Kafka when using strimzi operator ?

Solution Verified - Updated -

Issue

  • We installed Kafka using the strimzi operator in our Openshift platform during install of Kafka Cluster we opt to user our on certificates (actually the Openshift CA certs). No issues here.

  • Now we want to expose Kafka externally (https://strimzi.io/2019/04/17/accessing-kafka-part-1.html), however we want to do that by setting up a different certificate.

  • For external application connecting to the Openshift we use TLS Termination as re-encrypt. We would like to do the same for Kafka i.e have the ability to set up TLS Termination as re-encrypt instead of Passthrough (the initial set up we tried was configure the OpenShift Routes as per https://strimzi.io/2019/04/30/accessing-kafka-part-3.html)

  • However looking into the schema for Kafka Listeners for the other options I also cannot see how to set up the TLS termination (or different certificates) https://strimzi.io/docs/master/#type-KafkaListeners-reference

  • Is this possible? if not is this in the Operator Roadmap? or any idea in how this could be implemented

Environment

  • Red Hat AMQ Streams
    • 1.2.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In