Hi Yingjie,
No worries! Glad to help!
Luke
On Tue, Nov 23, 2021 at 5:52 PM yingjie zou <yingjiezou1@gmail.com> wrote:
> Hi Luke,
>
> This solved my problem.
> I'm sorry to trouble you because I didn't read the document carefully.
> Thank you very much.
>
>
> Yingjie Zou
>
> On Tue, Nov 23, 2021 at 2:20 PM Luke Chen <showuon@gmail.com> wrote:
>
> > Hi Yingjie,
> > > However, I meet a problem. If I need to add, remove or renew the
> > certificate to Kafka's truststore, Kafka requires a reboot which would
> > impact the service available for other teams.
> >
> > > So I want to know if there is a better way to support the change of
> > Kafka's
> > certificate without impacting the service availability?
> >
> > Yes, Kafka supports dynamically updating broker's configuration. Please
> > check here: https://kafka.apache.org/documentation/#dynamicbrokerconfigs
> ,
> > there's a section talking about "Updating SSL Truststore of an Existing
> > Listener", which should be what you're looking for.
> >
> > Good luck.
> >
> > Thank you.
> > Luke
> >
> > On Tue, Nov 23, 2021 at 1:12 PM yingjie zou <yingjiezou1@gmail.com>
> wrote:
> >
> > > Hi,
> > >
> > > Currently, we are going to provide Kafka services to 20+ development
> > teams
> > > in my company, we'd like to provide that as multi-tenancy - the
> different
> > > team has different authentication. And we try to use the Kafka mTLS
> > > solution.
> > >
> > > However, I meet a problem. If I need to add, remove or renew the
> > > certificate to Kafka's truststore, Kafka requires a reboot which would
> > > impact the service available for other teams.
> > >
> > > So I want to know if there is a better way to support the change of
> > Kafka's
> > > certificate without impacting the service availability?
> > >
> > > Any help is appreciated.
> > >
> > > Thanks.
> > > Yingjie Zou
> > >
> >
>
No worries! Glad to help!
Luke
On Tue, Nov 23, 2021 at 5:52 PM yingjie zou <yingjiezou1@gmail.com> wrote:
> Hi Luke,
>
> This solved my problem.
> I'm sorry to trouble you because I didn't read the document carefully.
> Thank you very much.
>
>
> Yingjie Zou
>
> On Tue, Nov 23, 2021 at 2:20 PM Luke Chen <showuon@gmail.com> wrote:
>
> > Hi Yingjie,
> > > However, I meet a problem. If I need to add, remove or renew the
> > certificate to Kafka's truststore, Kafka requires a reboot which would
> > impact the service available for other teams.
> >
> > > So I want to know if there is a better way to support the change of
> > Kafka's
> > certificate without impacting the service availability?
> >
> > Yes, Kafka supports dynamically updating broker's configuration. Please
> > check here: https://kafka.apache.org/documentation/#dynamicbrokerconfigs
> ,
> > there's a section talking about "Updating SSL Truststore of an Existing
> > Listener", which should be what you're looking for.
> >
> > Good luck.
> >
> > Thank you.
> > Luke
> >
> > On Tue, Nov 23, 2021 at 1:12 PM yingjie zou <yingjiezou1@gmail.com>
> wrote:
> >
> > > Hi,
> > >
> > > Currently, we are going to provide Kafka services to 20+ development
> > teams
> > > in my company, we'd like to provide that as multi-tenancy - the
> different
> > > team has different authentication. And we try to use the Kafka mTLS
> > > solution.
> > >
> > > However, I meet a problem. If I need to add, remove or renew the
> > > certificate to Kafka's truststore, Kafka requires a reboot which would
> > > impact the service available for other teams.
> > >
> > > So I want to know if there is a better way to support the change of
> > Kafka's
> > > certificate without impacting the service availability?
> > >
> > > Any help is appreciated.
> > >
> > > Thanks.
> > > Yingjie Zou
> > >
> >
>
Comments
Post a Comment