Strimzi
Replies: 2 comments 1 reply
-
|
I think @tombentley is looking into some fixes around the CA renewals when using your own CA. In general, I'm not sure I would call it wise to use a CA with 1 day expiration ... seems like asking for troubles. |
Beta Was this translation helpful? Give feedback.
-
|
I agree with your point, as our use case was more around renewing the certs manually we have given the short-lived certs so we can test this within a day and see how the Kafka cluster turns out. So for my understanding, is the operator responsible for bringing the cluster back or again is it with any other manual approach? |
Beta Was this translation helpful? Give feedback.
-
|
It should be automatic. But as I said, there are some bugs @tombentley was looking into. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi Team,
I am working on a use case where there is a Kafka cluster running on custom certs with 1-day expiry. After expiry, I have followed the procedure defined in the following strimzi documentation through which new secrets were created and certificates are updated.
https://strimzi.io/docs/operators/in-development/using.html#renewing-your-own-ca-certificates-str
Now the question is, will the operator takes care of updating the Kafka and Zookeeper pods to refer to these latest certs or do we need to delete the pods and allow the operator to create new ones which ideally look to be an incorrect way for me.
Please confirm
Beta Was this translation helpful? Give feedback.
All reactions