0

I have nodejs app using kafkajs package for connecting to AWS MSK.

We are moving to Strimzi Kafka because we already have a kubernetes cluster and we don't need the MSK anymore.

Until now we were connected with SSL but didn't have to specify any CA path or something. We used this way of connection both on our nodejs apps and kafka-ui and it worked with no issues.

We are trying to the same with Strimzi Kafka, but we get SSL handshake failed. For my understanding is AWS MSK is using amazon certificates that are known while the Strimzi Kafka is generating self signed certificates which is ok by us.

How can I still using this way like we used with AWS MSK? With just use ssl: true in kafkajs (It works) Thanks.

yershalom
  • 786
  • 1
  • 8
  • 19

1 Answers1

0

The easiest way to use a certificate signed by some public CA is using the listener certificate which lets you provide your own server certificate for given listener. I'm not sure how the Amazon CA works, but this blog post shows how to do it for example using Cert-Manager and Let's Encrypt.

Keep in mind that to use the public CAs, you usually need to use some proper domain names and not just internal Kubernetes services. This might for example increase costs or latency if your applications run in the same Kubernetes cluster because the traffic might need to go through a load balancer or ingress.

Jakub
  • 3,506
  • 12
  • 20