Sync the Kafka Cluster CA Certificate into your namespace

#kafka #kubernetes #strimz

Following on from KafkaUser in another namespace you will also need to sync the kafka-cluster-cluster-ca-cert too.

This is also straight forward and can be done with zero impact to existing services. The trick is to annotate the clusterCaCert generation with the necessary details

In your Kafka yaml add the following under kafka

    template:
      clusterCaCert:
        metadata:
          annotations:
            reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
            reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "fluent"

and create a secret to mirror it

apiVersion: v1                                                                                  
kind: Secret
metadata:
  name: kafka-cluster-cluster-ca-cert                                                                             
  namespace: fluent
  annotations:
    reflector.v1.k8s.emberstack.com/reflects: "kafka/kafka-cluster-cluster-ca-cert"                                                                          
type: Opaque

Once done this too will be mirrored and available for use.

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →