Replies: 6 comments 18 replies
-
@tombentley Is working on some fixes and improvements to the CA renewal. I think there were some bugs etc. But not sure what was the state of things in 0.17 which is quite old. |
Beta Was this translation helpful? Give feedback.
-
Ok, Is there a possibility @tombentley can throw some light here so it can help me resolve the issue? Just noticed something, after the new secrets are created tls-sidecar container within Kafka is throwing some strange errors that we are not sure about. Do you find any clue here?
|
Beta Was this translation helpful? Give feedback.
-
We have compared the ca-crt of the secret(-cluster-ca-crt) with the one that tls-sidecar is using, both are identical. Even in this case, Kafka pods are still in Crashloopbackoff. Is there a way we can recover the cluster back in such situations where we manually renewed the certs and manually restarted the zk & kafka |
Beta Was this translation helpful? Give feedback.
-
We've performed below mentioned scenarios: And the tls-sidecar logs are: Scenario 2: Observed that certs with depth=1 has been accepted and certs with depth=0 has failed. |
Beta Was this translation helpful? Give feedback.
-
We were able to renew the certificates of Kafka cluster by following the steps provided in the document https://strimzi.io/docs/0.17.0/#renewing-your-own-ca-certificates-str. And post this we've performed rolling restart of the pods in the cluster and cluster has been deployed successfully. Then we were trying to produce and consume messages using the truststore and keystore. Consumer: Can I get a resolution for this. |
Beta Was this translation helpful? Give feedback.
-
021.06.03 11:33:24 LOG5[1:140491840714496]: Service [zookeeper-2181] connected remote server from 240.0.22.179:49322 Can I get a resolution for this error. |
Beta Was this translation helpful? Give feedback.
-
Hi Scholzj,
Just 1 quick question, I have a Kafka cluster for which the custom-created certs have expired. I have followed the steps defined in the documentation https://strimzi.io/docs/0.17.0/#renewing-your-own-ca-certificates-str through which I was able to create new secrets that have the latest certs.
After this, I have first deleted the zookeeper pods and all the 3 of them re-created and running successfully. However, my Kafka pods are going into Crashloopbackoff.
These are the Kafka pod logs
Beta Was this translation helpful? Give feedback.
All reactions