Hello,
Being new to Kafka, I’d like to deploy a Kafka cluster on K8s with 3 brokers
with listenerSecurityProtocolMap: "INTERNAL:SSL,CLIENT:PLAINTEXT,EXTERNAL:SSL"
To enable TLS authentication, I use self-signed TLS certificates. To enable
external access, for Kafka, it needs to use 3 LoadBalancers, one LoadBalancer
per broker.
I’d like to understand how to configure Kafka cluster and external client in
order to enable encryption between Kafka cluster and external client.
* On Kafka cluster side, how to configure advertised.listeners for external
access? All 3 LoadBalancer IPs + port, or any 1 LoadBalancer IP + port?
* On external client side, does it need all 3 broker’s certificates?
* How does the client know using which certificate while creating
request to Kafka cluster?
Thanks and regards,
Wei Yang
Cloud Infrastructure Engineer
[/var/folders/lz/j260ry496sxfn5wtpwvf3yscgy48r3/T/com.microsoft.Outlook/Content.MSO/DB2DAAE.tmp]<https://www.cengn.ca/>
555 Legget Drive| Tower A | Suite 600| Ottawa ON | K2K 2X3 | 613-793-6345
www.cengn.ca<http://www.cengn.ca/> Follow us @CENGNCanada
