Project

General

Profile

Actions
Copy link

Feature #63437

open

kafka: setting TLS topic without CA file on the machine

Added by Yuval Lifshitz 6 months ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Tags:
kafka
Backport:
reef
Reviewed:
Affected Versions:
Pull request ID:

Description

currently when new kafka broker is added, the CA has to be updated on all RGWs. if the broker does not belong to the CA supported on the machine, there is an option to set the path to a specific CA location on thre machine, but this requires moving a file there.

The kafka client library we use (librdkafka) support passing the CA not through a file. see: https://github.com/confluentinc/librdkafka/blob/master/CONFIGURATION.md
This is needed if the kafka broker is setup by the application developer (that sets up the notifications and the topic), and not by an admin that has access to the host running the RGW.
We should support at least one of these additional options.

Actions
Copy link
 #1

Updated by Yuval Lifshitz 5 months ago

  • Project changed from Ceph to rgw
Actions
Copy link

Also available in: Atom PDF