Replies: 2 comments 3 replies
-
|
Beta Was this translation helpful? Give feedback.
0 replies
-
Hi :) Thank you for the quick reply first of all. I fixed the formatting, sorry it was a backtick issue... As per the ca.crt, I am pointing to the one that is included in the created user's secret (and mounted together with the other fields in the secret), together with the user.crt, user.key and user.password (doing a cat of the file and inserting the content of course, not just pointing to the file) For discolure, I tried pointing to the '-cluster-ca-cert' ca.crt , but in that case I still get an error |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Bug Description
I am trying to use an SSL internal lister, however I can't get it to work for the life of me. I've look through ALL the docs, issues etc and still I can't get it to work and I really don't know why
Steps to reproduce
Here is the error I am getting:
%3|1701600701.934|FAIL|sample#producer-1| [thrd:ssl://kafka-kafka-bootstrap.default.svc:9093/bootstrap]: ssl://kafka-kafka-bootstrap.default.svc:9093/bootstrap: SSL handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed: broker certificate could not be verified, verify that ssl.ca.location is correctly configured or root CA certificates are installed (install ca-certificates package) (after 13ms in state SSL_HANDSHAKE, 1 identical error(s) suppressed)
This is my client code:
This is my kafka cluster configuration:
as far as I can tell, this is what I am supposed to do cluster's side
Then I am creating a user using the relative operator. Here is the manifest:
and to ensure the mTLS works properly, I create a svc for the deployment to get a DNS record that corresponds t the CN of the created user (In my case go-client)
How is this not working??
Expected behavior
I should be able to connect successfully to Kafka using mTLS, since I:
Strimzi version
0.38.0
Kubernetes version
1.27.3-gke.100
Installation method
Helm chart
Infrastructure
GKE
Configuration files and logs
No response
Additional context
No response
Beta Was this translation helpful? Give feedback.
All reactions