Helm chart for incubator kafka is deprecated now. But still I feel this helm chart is very handy for doing PoC setup.
ref : https://github.com/helm/charts/tree/master/incubator/kafka
Incubator kafka helm chart supports SSL auth setup for brokers but it lacks documentation for doing so. I have struggled to get the setup right by going through their github only available links (mentioned below), which give some idea about the setup. I have used terraform for this setup.
Ref :
https://github.com/helm/charts/issues/3951
https://github.com/helm/charts/pull/7693
Assumptions is you already have server truststore and keystore jks files for the kafka brokers
Idea to do this setup, is first create secrets in Kubernetes setup in same namespace as incubator kafka installation. This secret should contain keystore and truststore contents along with passwords of these files.
I have created a custom helm chart storing storing secrets in kubernetes. Below is the template file for this helm chart
Values file for above helm chart contains
keystoreJks: "<base64 encoded contents of keystore jks file>"
keystorePassword: "<base64 encoded password for keystore>"
truststoreJks: "<base64 encoded contents of truststore jks file>"
truststorePassword: "<base64 encoded password for truststore>"I have kept app.name as kafka-ssl-secret
Below is values file for incubator kafka helm chart
Note that, keys name, secrete names and configurationOverrides ‘s ssl configurations names are exactly same
Above values file, mounts all ssl related files in /etc/kafka/secrets folder which is read by incubator helm chart for ssl configs. You can find this from logs of the kafka pod
Terraform file for applying above charts
package-helm-chart.sh is a utility script to package custom chart. It can be
helm package $1 --destination /<destination folder>Once applied you should see SSL applied to your kafka installation.
