Kafka Ingress with Load balancer

[sohnaeo]

Hi,

I would like to discuss about the ingress settings for kafka brokers/bootstrap.

Our setup is like as

User (bootstrap.test.com)--->F5 VIP (SSL Terminate here)--->Apache Reverse Proxy--->Nginx Ingress Controller

As per Strizmi documentation,

Use the address for the bootstrap host you specified in the configuration and port 443 (BOOTSTRAP-HOST:443) in your Kafka client as the bootstrap address to connect to the Kafka cluster

Here is code

- name: external port: 9094 type: ingress tls: true configuration: class: nginx-internal bootstrap: host: bootstrap.test.com brokers: - broker: 0 host: broker-0.test.com - broker: 1 host: broker-1.test.com - broker: 2 host: broker-2.test.com

That is not going to work in our case as test.com:443 will send http request to F5 which accepts only HTTPS and SSL offloading at F5. Can we make ingress work if SSL offloading at load balancer ?

We an use node port but it would be great if we can use ingress.

Any advice or tip?

[scholzj]

The type: ingress listener expects the TLs termination to happen in the Kafka brokers. If you terminate your TLS before it, you cannot use it. In general, you cannot terminate the TLS earlier because Nginx ingress will not understand the Kafka TCP protocol which is not HTTP based.

[sohnaeo]

@scholzj

Thank you for the feedback thats what exactly I thought , just wanted to confirm.

[sohnaeo]

Closing it now.