Open lavis11 opened 1 year ago
lavis11
commented
1 year ago Checked in below locations /var/run/secrets/java.io/keystores/server/controller/ /var/run/secrets/java.io/keystores/server/external /var/run/secrets/java.io/keystores/server/internal /var/run/secrets/java.io/keystores/client/
bartam1
commented
1 year ago Hello! Thank you for the feedback. This is a bug because currently, the Koperator doesn't use the jksPasswordName field. The password is autogenerated for the keystore. You can get the password from the broker configmap: kubectl get configmaps kafka-config-0 -o yaml or from the generated secrets for the SSL listeners which contains the necessary certs: kubectl get secrets kafka-server-certificate -o yaml I have tested it and works fine. (Your provided caCert and caKey are used by cert manager as an issuer)
lavis11
commented
1 year ago Thank You @bartam1 It works fine as you said.
pregnor
commented
1 year ago We have created an internal issue tracking this unexpected behavior. If it is okay for you @lavis11 we would like to keep this issue open until that one is resolved.
lavis11
commented
1 year ago I'm okay with it @pregnor
Internal and External listeners use SSL. I have configured sslSecrets: tlsSecretName: "ssl-secret" jksPasswordName: "ssl-pass" create: false
ssl-secret contains Name: ssl-secret Namespace: kafka Labels:
Annotations:
Type: Opaque
Data
caCert: 1391 bytes caKey: 1679 bytes
ssl-pass contains Name: ssl-pass Namespace: kafka Labels:
Annotations:
Type: Opaque
Data
password: 6 bytes
Kafka is up and Running But on checking the broker config it has different certificate and password.