Enable mTLS on Admin REST API

guillelbz · 27 March 2023 10:38

I have deployed the Admin REST API in the brokers with mTLS activated, I can connect from curl, with client certificates, but when I create a CRD KafkaRestClass with mTLS specified:

apiVersion: platform.confluent.io/v1beta1
kind: KafkaRestClass
metadata:
  name: default
  namespace: confluentinc
spec:
  kafkaClusterRef: 
    name: kafka
    namespace: confluentinc
  kafkaRest:
    endpoint: https://kafka.confluentinc.svc.cluster.local:8090
    authentication:
      type: mtls
    tls:
      secretRef: kafka-tls

the operator shows the error “bad certificate”:

Warning	{"object": {"kind":"KafkaRestClass","namespace":"confluentinc","name":"default","uid":"8dc4921b-e847d699c5e3","apiVersion":"platform.confluent.io/v1beta1","resourceVersion":"30896438"}, "reason": "Warning", "message": "https://kafka.confluentinc.svc.cluster.local:8090/kafka/v3 remote error: tls: bad certificate"}

this is the same error I get when not using certs. I don’t find any example of KafkaRestClass with mTLS. Is possible to use it? Do you have some example?
CFK v2.2.0 (operator)
CP v6.2.1 (server)

Topic		Replies	Views
MTLS Rest proxy logging REST Proxy	0	1129	7 November 2023
Kafka multi-node cluster mTLS wildcard capability Containers	0	2837	31 October 2022
Auto-generated certificates Containers	0	1414	7 September 2023
About the Clients category Clients	1	4235	23 June 2022
Problem with the activate SSL security Lounge	10	5226	12 November 2021

Enable mTLS on Admin REST API

Related topics