Replies: 3 comments 1 reply
-
I think you can use the |
Beta Was this translation helpful? Give feedback.
-
It seems like it's not. Kafka config:
Resulting broker pod:
And pod is failing with the following in the logs:
Message |
Beta Was this translation helpful? Give feedback.
-
This is cluster-wide bundle used everywhere. The certificate is in the bundle.
And in the secret:
And trust me this is the same issuer CA despite of the And Strimzi is not the first application on that platform using Keycloak for authentication with that bundle. |
Beta Was this translation helpful? Give feedback.
-
Hello,
We are using a set of different custom CAs provided by a separate entity, and we don't have the keys for them. These CAs are compiled into a trust bundle by the trust manager operator.
As far as I can see, client and cluster CAs should be custom, and Cert Manager (as a Trust Manager) is not supported, which we need to find a workaround for.
However, without that bundle, I cannot even use Keycloak since it is signed with that custom CA as well. Typically, you can mount a volume with truststore.jks and provide configuration to Kafka itself to use this truststore. Unfortunately, I cannot find this option in the Kafka CRD either.
Is there any possible solution for injecting custom CAs into the Strimzi Kafka?
Beta Was this translation helpful? Give feedback.
All reactions