Hi Yingjie,
> However, I meet a problem. If I need to add, remove or renew the
certificate to Kafka's truststore, Kafka requires a reboot which would
impact the service available for other teams.
> So I want to know if there is a better way to support the change of
Kafka's
certificate without impacting the service availability?
Yes, Kafka supports dynamically updating broker's configuration. Please
check here: https://kafka.apache.org/documentation/#dynamicbrokerconfigs ,
there's a section talking about "Updating SSL Truststore of an Existing
Listener", which should be what you're looking for.
Good luck.
Thank you.
Luke
On Tue, Nov 23, 2021 at 1:12 PM yingjie zou <yingjiezou1@gmail.com> wrote:
> Hi,
>
> Currently, we are going to provide Kafka services to 20+ development teams
> in my company, we'd like to provide that as multi-tenancy - the different
> team has different authentication. And we try to use the Kafka mTLS
> solution.
>
> However, I meet a problem. If I need to add, remove or renew the
> certificate to Kafka's truststore, Kafka requires a reboot which would
> impact the service available for other teams.
>
> So I want to know if there is a better way to support the change of Kafka's
> certificate without impacting the service availability?
>
> Any help is appreciated.
>
> Thanks.
> Yingjie Zou
>
> However, I meet a problem. If I need to add, remove or renew the
certificate to Kafka's truststore, Kafka requires a reboot which would
impact the service available for other teams.
> So I want to know if there is a better way to support the change of
Kafka's
certificate without impacting the service availability?
Yes, Kafka supports dynamically updating broker's configuration. Please
check here: https://kafka.apache.org/documentation/#dynamicbrokerconfigs ,
there's a section talking about "Updating SSL Truststore of an Existing
Listener", which should be what you're looking for.
Good luck.
Thank you.
Luke
On Tue, Nov 23, 2021 at 1:12 PM yingjie zou <yingjiezou1@gmail.com> wrote:
> Hi,
>
> Currently, we are going to provide Kafka services to 20+ development teams
> in my company, we'd like to provide that as multi-tenancy - the different
> team has different authentication. And we try to use the Kafka mTLS
> solution.
>
> However, I meet a problem. If I need to add, remove or renew the
> certificate to Kafka's truststore, Kafka requires a reboot which would
> impact the service available for other teams.
>
> So I want to know if there is a better way to support the change of Kafka's
> certificate without impacting the service availability?
>
> Any help is appreciated.
>
> Thanks.
> Yingjie Zou
>
Comments
Post a Comment