Hello, Being new to Kafka, I’d like to deploy a Kafka cluster on K8s with 3 brokers with listenerSecurityProtocolMap: "INTERNAL:SSL,CLIENT:PLAINTEXT,EXTERNAL:SSL"
To enable TLS authentication, I use self-signed TLS certificates. To enable external access, for Kafka, it needs to use 3 LoadBalancers, one LoadBalancer per broker. I’d like to understand how to configure Kafka cluster and external client in order to enable encryption between Kafka cluster and external client. * On Kafka cluster side, how to configure advertised.listeners for external access? All 3 LoadBalancer IPs + port, or any 1 LoadBalancer IP + port? * On external client side, does it need all 3 broker’s certificates? * How does the client know using which certificate while creating request to Kafka cluster? Thanks and regards, Wei Yang Cloud Infrastructure Engineer [/var/folders/lz/j260ry496sxfn5wtpwvf3yscgy48r3/T/com.microsoft.Outlook/Content.MSO/DB2DAAE.tmp]<https://www.cengn.ca/> 555 Legget Drive| Tower A | Suite 600| Ottawa ON | K2K 2X3 | 613-793-6345 www.cengn.ca<http://www.cengn.ca/> Follow us @CENGNCanada