Strimzi
Replies: 2 comments 1 reply
-
|
For a long time, the certificate reloading in Kafka wasn't fully supported. We had to fix it in Kafka itself. Now someone has to implement the support for it in Strimzi. I guess one day we will get to it and implement it. But not sure when. Regardless of that, using very shortlived certificates might never be the best idea as it will always have some impact on the clients. |
Beta Was this translation helpful? Give feedback.
-
|
got it. thank you! Just to know, do we already have any backlog for this in Strimzi? |
Beta Was this translation helpful? Give feedback.
-
|
I think there are some existing issues. But I do not have the number at hand right now. |
Beta Was this translation helpful? Give feedback.
-
As per Strimzi documentation, it is mentioned the operator will trigger a rolling restart of the Kafka pods while using certificates signed by a custom CA. However, I'm trying to understand what the exact limitation to not support dynamic reload of the certificates without needing a rolling restart. Or do Strimzi have any plans to support dynamic reload of the certificates without rolling restart. In clusters of huge scale, going for a rolling restart on certificate renewal shall limit our application from having shorter validity and also service degradation during the restarts.
Beta Was this translation helpful? Give feedback.
All reactions