Hi Luke,
This solved my problem.
I'm sorry to trouble you because I didn't read the document carefully.
Thank you very much.
Yingjie Zou
On Tue, Nov 23, 2021 at 2:20 PM Luke Chen <showuon@gmail.com> wrote:
> Hi Yingjie,
> > However, I meet a problem. If I need to add, remove or renew the
> certificate to Kafka's truststore, Kafka requires a reboot which would
> impact the service available for other teams.
>
> > So I want to know if there is a better way to support the change of
> Kafka's
> certificate without impacting the service availability?
>
> Yes, Kafka supports dynamically updating broker's configuration. Please
> check here: https://kafka.apache.org/documentation/#dynamicbrokerconfigs ,
> there's a section talking about "Updating SSL Truststore of an Existing
> Listener", which should be what you're looking for.
>
> Good luck.
>
> Thank you.
> Luke
>
> On Tue, Nov 23, 2021 at 1:12 PM yingjie zou <yingjiezou1@gmail.com> wrote:
>
> > Hi,
> >
> > Currently, we are going to provide Kafka services to 20+ development
> teams
> > in my company, we'd like to provide that as multi-tenancy - the different
> > team has different authentication. And we try to use the Kafka mTLS
> > solution.
> >
> > However, I meet a problem. If I need to add, remove or renew the
> > certificate to Kafka's truststore, Kafka requires a reboot which would
> > impact the service available for other teams.
> >
> > So I want to know if there is a better way to support the change of
> Kafka's
> > certificate without impacting the service availability?
> >
> > Any help is appreciated.
> >
> > Thanks.
> > Yingjie Zou
> >
>
This solved my problem.
I'm sorry to trouble you because I didn't read the document carefully.
Thank you very much.
Yingjie Zou
On Tue, Nov 23, 2021 at 2:20 PM Luke Chen <showuon@gmail.com> wrote:
> Hi Yingjie,
> > However, I meet a problem. If I need to add, remove or renew the
> certificate to Kafka's truststore, Kafka requires a reboot which would
> impact the service available for other teams.
>
> > So I want to know if there is a better way to support the change of
> Kafka's
> certificate without impacting the service availability?
>
> Yes, Kafka supports dynamically updating broker's configuration. Please
> check here: https://kafka.apache.org/documentation/#dynamicbrokerconfigs ,
> there's a section talking about "Updating SSL Truststore of an Existing
> Listener", which should be what you're looking for.
>
> Good luck.
>
> Thank you.
> Luke
>
> On Tue, Nov 23, 2021 at 1:12 PM yingjie zou <yingjiezou1@gmail.com> wrote:
>
> > Hi,
> >
> > Currently, we are going to provide Kafka services to 20+ development
> teams
> > in my company, we'd like to provide that as multi-tenancy - the different
> > team has different authentication. And we try to use the Kafka mTLS
> > solution.
> >
> > However, I meet a problem. If I need to add, remove or renew the
> > certificate to Kafka's truststore, Kafka requires a reboot which would
> > impact the service available for other teams.
> >
> > So I want to know if there is a better way to support the change of
> Kafka's
> > certificate without impacting the service availability?
> >
> > Any help is appreciated.
> >
> > Thanks.
> > Yingjie Zou
> >
>
Comments
Post a Comment