[bitnami/kafka] Getting the Keystore SubjectAltNames do not match error while updating the kafka certificate dynamically. #39749
Comments
irparajababu
added
the
tech-issues
javsalgar
changed the title
|
Hi @irparajababu, Could you share the values are you using to deploy the chart of Kafka? |
Hi @Mauraza Please find the below values. - TAKE_FILE_OWNERSHIP="yes"
- KAFKA_CFG_DELETE_TOPIC_ENABLE="true"
- KAFKA_CFG_MIN_INSYNC_REPLICAS="2"
- KAFKA_CFG_NUM_NETWORK_THREADS="3"
- KAFKA_CFG_NUM_IO_THREADS="8"
- KAFKA_CFG_SOCKET_SEND_BUFFER_BYTES="102400"
- KAFKA_CFG_SOCKET_RECEIVE_BUFFER_BYTES="102400"
- KAFKA_CFG_SOCKET_REQUEST_MAX_BYTES="104857600"
- KAFKA_CFG_NUM_PARTITIONS="6"
- KAFKA_CFG_DEFAULT_REPLICATION_FACTOR="3"
- KAFKA_CFG_NUM_RECOVERY_THREADS_PER_DATA_DIR="1"
- KAFKA_CFG_OFFSETS_TOPIC_REPLICATION_FACTOR="3"
- KAFKA_CFG_TRANSACTION_STATE_LOG_REPLICATION_FACTOR="3"
- KAFKA_CFG_TRANSACTION_STATE_LOG_MIN_ISR="2"
- KAFKA_CFG_LOG_RETENTION_HOURS="168"
- KAFKA_CFG_LOG_SEGMENT_BYTES="1073741824"
- KAFKA_CFG_LOG_RETENTION_CHECK_INTERVAL_MS="300000"
- KAFKA_CFG_ZOOKEEPER_CONNECTION_TIMEOUT_MS="6000"
- KAFKA_CFG_GROUP_INITIAL_REBALANCE_DELAY_MS="3000"
- ALLOW_PLAINTEXT_LISTENER="no"
- KAFKA_INTER_BROKER_USER="admin"
- KAFKA_INTER_BROKER_PASSWORD="{{ kafka_user_password }}"
- KAFKA_CLIENT_USERS="user"
- KAFKA_CLIENT_PASSWORDS="{{ kafka_user_password }}"
- KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE="false"
- KAFKA_HEAP_OPTS="-Xms4G -Xmx4G"
- KAFKA_CFG_LISTENERS=SSL://:9093
- KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL=SSL
- KAFKA_INTER_BROKER_LISTENER_NAME=SSL
- KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=SSL:SSL
- KAFKA_CFG_SECURITY_PROTOCOL=SSL
- KAFKA_CFG_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM=
- KAFKA_CFG_SSL_KEYSTORE_PASSWORD={{ kafka_ssl_password }}
- KAFKA_CFG_SSL_KEY_PASSWORD={{ kafka_ssl_password }}
- KAFKA_CFG_SSL_KEYSTORE_TYPE=JKS
- KAFKA_CFG_SSL_KEYSTORE_LOCATION=/bitnami/kafka/config/certs/kafka.keystore.jks
- KAFKA_CFG_SSL_TRUSTSTORE_LOCATION=/bitnami/kafka/config/certs/kafka.truststore.jks
- KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE=/bitnami/kafka/config/certs/zookeeper.truststore.jks
- KAFKA_CFG_SSL_TRUSTSTORE_PASSWORD={{ kafka_ssl_password }}
- KAFKA_ZOOKEEPER_PROTOCOL=SSL
- KAFKA_ZOOKEEPER_USER="user"
- KAFKA_ZOOKEEPER_PASSWORD={{ kafka_user_password }}
- KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD={{ kafka_ssl_password }}
- KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD={{ kafka_ssl_password }}
- KAFKA_ZOOKEEPER_TLS_TYPE=JKS
- KAFKA_CFG_SSL_TRUSTSTORE_TYPE=JKS
- KAFKA_CFG_AUTHORIZER_CLASS_NAME=kafka.security.authorizer.AclAuthorizer
- KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND=true
- KAFKA_CFG_SUPER_USERS=User:CN=localhost,OU=home,O=home,L=bellevue,ST=wa,C=us
- KAFKA_OPTS=-Djavax.net.debug=all |
|
Hi @irparajababu, What images are you using? because in the container bitnami/kafka the command is in |
@Mauraza We are using the kafka client CLI for connecting the kafka broker and update the certificate and kafka brokers are running with bitnami/kafka:3.3 version |
|
Hi @irparajababu, could you add the environmental variable |
|
let me try and update you |
|
Hi @irparajababu, Did you try it? |
|
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback. |
|
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary. |
Name and Version
bitnami/kafka:3.3
What architecture are you using?
None
What steps will reproduce the bug?
What is the expected behavior?
Certificate should be update without any issues
What do you see instead?
Getting the below error while updating the kafka certificate dynamically.
Command:
Is there any way to disable to the certificate validation while updating the certificate dynamically using above command.
Additional information
No response
The text was updated successfully, but these errors were encountered: