How to set up certificates for Kafka when using strimzi operator ?
Issue
-
We installed Kafka using the strimzi operator in our Openshift platform during install of Kafka Cluster we opt to user our on certificates (actually the Openshift CA certs). No issues here.
-
Now we want to expose Kafka externally (https://strimzi.io/2019/04/17/accessing-kafka-part-1.html), however we want to do that by setting up a different certificate.
-
For external application connecting to the Openshift we use TLS Termination as re-encrypt. We would like to do the same for Kafka i.e have the ability to set up TLS Termination as re-encrypt instead of Passthrough (the initial set up we tried was configure the OpenShift Routes as per https://strimzi.io/2019/04/30/accessing-kafka-part-3.html)
-
However looking into the schema for Kafka Listeners for the other options I also cannot see how to set up the TLS termination (or different certificates) https://strimzi.io/docs/master/#type-KafkaListeners-reference
-
Is this possible? if not is this in the Operator Roadmap? or any idea in how this could be implemented
Environment
- Red Hat AMQ Streams
- 1.2.0
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.