koperator icon indicating copy to clipboard operation
koperator copied to clipboard

Published 20 hours ago verified publisher icon banzaicloud

Certificate rotation

Open jsenon opened this issue 2 years ago • 6 comments

Hi,

Could you confirm that kafka operator should take the action to rollout all the brokers when certificate is renewed?

Describe the bug When certificate kafka-headless.kafka.svc.cluster.local is renew by cert-manager, all the brokers are not rollout, so all clients are not able to connect to the cluster, including cruise-control and kafka-operator itself.

Steps to reproduce the issue:

  1. Wait expiration of certificate
  2. Wait renewal of certificate
  3. Client connexion issue should appears

Expected behavior When certificate is renewed by cert-manager kafka brokers should be restarted in order to consume newly generated certificates.

Workaround Manually restart all the brokers

Additional context

Kafka Operation version: v0.21.2 Cert-manager version: 1.8.0

Thanks,

jsenon avatar Jun 22 '22 16:06 jsenon

This currently is not supported by koperator. Are you open to take a stab at it and submit a PR with the implementation?

stoader avatar Jun 23 '22 05:06 stoader

Hey @shubhamcoc - based on our offline conversation, are you interested in picking this up? I will assign this to you if you are interested picking it up

panyuenlau avatar Jun 23 '23 14:06 panyuenlau

Hi @panyuenlau, I can pick it up, but will need some help here.

shubhamcoc avatar Jun 23 '23 16:06 shubhamcoc

Hey @shubhamcoc - how are you doing with this?

panyuenlau avatar Jul 18 '23 11:07 panyuenlau

Hey @shubhamcoc - how are you doing with this?

Hey @panyuenlau, sorry I didn't start on this yet. I was waiting for the release. I will look into it.

shubhamcoc avatar Jul 18 '23 15:07 shubhamcoc

@shubhamcoc - no worries, was just checking in. Don't hesitate to reach out for discussion in Slack if you need help on this

panyuenlau avatar Jul 18 '23 16:07 panyuenlau