We installed Kafka using the strimzi operator in our Openshift platform during install of Kafka Cluster we opt to user our on certificates (actually the Openshift CA certs). No issues here.
Now we want to expose Kafka externally (https://strimzi.io/2019/04/17/accessing-kafka-part-1.html), however we want to do that by setting up a different certificate.
For external application connecting to the Openshift we use TLS Termination as re-encrypt. We would like to do the same for Kafka i.e have the ability to set up TLS Termination as re-encrypt instead of Passthrough (the initial set up we tried was configure the OpenShift Routes as per https://strimzi.io/2019/04/30/accessing-kafka-part-3.html)
However looking into the schema for Kafka Listeners for the other options I also cannot see how to set up the TLS termination (or different certificates) https://strimzi.io/docs/master/#type-KafkaListeners-reference
Is this possible? if not is this in the Operator Roadmap? or any idea in how this could be implemented
- Red Hat AMQ Streams
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.