Strimzi
SAN Names for Ingress listener - Kafka listener certificates #8112
Unanswered
Sai-Charan-Madhvaraj
asked this question in
Q&A
Replies: 2 comments
-
|
No, it is not. Basically, this: https://strimzi.io/docs/operators/0.27.1/using.html#tls_listener_san_examples ... applies for internal listeners. And this: https://strimzi.io/docs/operators/0.27.1/using.html#external_listener_san_examples for external listeners. It does not mention ingress, but for Ingress type listener you basically need to add the Ingress addresses you will be using as the SANs. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Perfect,thank you so much. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi Team,
I am using our own certificates for only external listener (type INGRESS), But in the documentation https://strimzi.io/docs/operators/0.27.1/using.html#ref-alternative-subjects-certs-for-listeners-str , its mentioned to add wild card SAN which has SVC.CLUSTER.LOCAL .
Do we really need to add all the SAN Entries of SVC.CLUSTER.LOCAL for external listener ? as we think services are only for internal communications.
Beta Was this translation helpful? Give feedback.
All reactions