Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

custom kafka ssl cert #199

Open
artesby opened this issue Oct 17, 2024 · 3 comments
Open

custom kafka ssl cert #199

artesby opened this issue Oct 17, 2024 · 3 comments
Assignees
@haorenfsa
Labels
enhancement New feature or request
Milestone
v1.3.0

Comments

@artesby
Copy link

artesby commented Oct 17, 2024

does operator support specifying path to custom ssl certificate for kafka access? i am facing error

2024/10/17 13:32:23 checkKafka with backoff failed, retry 1, err: check consume offset from broker failed: error dialing all brokers, one of the errors: failed to dial: tls: failed to verify certificate: x509: certificate signed by unknown authority

tried this without success:

config:
    kafka:
      securityProtocol: SASL_SSL
      saslMechanisms: SCRAM-SHA-512
      tlsCaCert: <path-to-cert>
@haorenfsa
Copy link
Collaborator

@artesby not yet. I think operator needs a flag to skip tls check, for quick walk around

@haorenfsa haorenfsa added the enhancement New feature or request label Oct 18, 2024
@haorenfsa haorenfsa self-assigned this Oct 25, 2024
@haorenfsa haorenfsa added this to the v1.2.0 milestone Oct 29, 2024
@haorenfsa haorenfsa modified the milestones: v1.2.0, v1.3.0 Jan 23, 2025
@navneetrajput06
Copy link

navneetrajput06 commented Feb 4, 2025
edited
Loading

@haorenfsa This has been pending for a long time for us as well. We are unable to use SASL_SSL for external Kafka since we cannot send custom certificates in distributed mode.

Milvus Operator has a flag, useTLS=true, which needs to be removed. Please see my open issue below:
🔗 Milvus Operator Issue #118

If this can be addressed quickly, it would resolve our current issue. We won’t need to send the client-side certificate(mTLS).

@haorenfsa
Copy link
Collaborator

We'll provide a flag to skip dependency checks for milvus-operator. That will be a quick walk around

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@haorenfsa haorenfsa

Labels
enhancement New feature or request
Projects
None yet
Milestone
v1.3.0
Development

No branches or pull requests
3 participants
@artesby @haorenfsa @navneetrajput06