New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] Expose Kafka Cluster to external Kafka Client using Openshift Routes #3285
Comments
First thing which comes to my mind as missing is the TLS configuration for the |
Hi Scholzj! Thanks for your reply. We had a look at the We also followed the instructions in the post but we didn't manage to establish a TLS pass-through connection from the external client to the brokers. I attach the commands we ran and the console output:
I also attach the section of the CRD of the Kafka resource: ...
kafka:
listeners:
external:
type: route
plain: {}
tls: {}
... This is from the ...
##########
# External listener
##########
listener.name.external-9094.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12
listener.name.external-9094.ssl.keystore.password=${CERTS_STORE_PASSWORD}
listener.name.external-9094.ssl.keystore.type=PKCS12
##########
# Common listener configuration
##########
listeners=REPLICATION-9091://0.0.0.0:9091,PLAIN-9092://0.0.0.0:9092,TLS-9093://0.0.0.0:9093,EXTERNAL-9094://0.0.0.0:9094
advertised.listeners=REPLICATION-9091://my-kafka-cluster-kafka-${STRIMZI_BROKER_ID}.my-kafka-cluster-kafka-brokers.strimzi-test.svc:9091,PLAIN-9092://my-kafka-cluster-kafka-${STRIMZI_BROKER_ID}.my-kafka-cluster-kafka-brokers.strimzi-test.svc:9092,TLS-9093://my-kafka-cluster-kafka-${STRIMZI_BROKER_ID}.my-kafka-cluster-kafka-brokers.strimzi-test.svc:9093,EXTERNAL-9094://${STRIMZI_EXTERNAL_9094_ADVERTISED_HOSTNAME}:${STRIMZI_EXTERNAL_9094_ADVERTISED_PORT}
listener.security.protocol.map=REPLICATION-9091:SSL,PLAIN-9092:PLAINTEXT,TLS-9093:SSL,EXTERNAL-9094:SSL
inter.broker.listener.name=REPLICATION-9091
sasl.enabled.mechanisms=
ssl.secure.random.implementation=SHA1PRNG
ssl.endpoint.identification.algorithm=HTTPS
... Let us know if you spot anything mis-configured. Thanks a lot, Alexander |
I do not have it around to check right now. But I guess there should be at least some option to specify a config file where you can specify it. Te producer configuration looks good to me. Not sure why it does not work. Can you try to run it with the |
Hi again, Here's the output we got:
|
Is that all you got? The |
My bad, I thought the rest was useless. Here's the rest:
and then it repeats itself. Thanks!!! |
So, I guess this suggests that there is some issue with the TLS Passthrough in your OCP Router or you use wrong address to connect. Is the address |
Hi, Yes, the route is correct and we're using the original router. |
Hmm ... maybe there is some configuration to disable / enable TLS Passthrough in the Router. But I have no idea I'm afraid, it always worked out of the box for me. |
Do you have anything more @AJCandfield what we can help with? Or can we close this? |
Hi,
We're trying to expose the Kafka Cluster to an external client. We followed your guide but when we try to query for the topics present on the cluster we get the following error:
I'll summarize the steps we took:
Have we missed something?
Thanks for your support,
Alexander
The text was updated successfully, but these errors were encountered: