...
cainjector is used to configure the CA certificates for Mutating Webhooks - see link below.
Kafka
You can use your own certificates and keys with Kafka by adding the following section in your configuration:
Code Block | ||||
---|---|---|---|---|
| ||||
clusterCa:
generateCertificateAuthority: false |
If this is set to false you need to setup your own cluster secrets containing the keys and certificates prior to starting the cluster.
Please refer to 8.3. Installing your own CA certificates
You can do the same for the client CA.
For the listeners you can also configure your own server certificates in the brokerCertChainAndKey section.
Code Block | ||||
---|---|---|---|---|
| ||||
- name: external
port: 9098
type: nodeport
tls: true
authentication:
type: tls
configuration:
brokerCertChainAndKey:
secretName: cm-kafka-server-certs
certificate: tls.crt
key: tls.key
bootstrap:
alternativeNames:
- localhost
- 192.168.49.2
- my-cluster-kafka-external-bootstrap.kafka
- my-cluster-kafka-external-bootstrap.kafka.svc
- my-cluster-kafka-external-0.kafka
- my-cluster-kafka-external-0.kafka.svc |
Please refer to the brokerCertChainAndKey section in the Strimzi documentation for more information.
Links
...