Photo by Jukan Tateisi on Unsplash

Helm chart for incubator kafka is deprecated now. But still I feel this helm chart is very handy for doing PoC setup.
ref :

Incubator kafka helm chart supports SSL auth setup for brokers but it lacks documentation for doing so. I have struggled to get the setup right by going through their github only available links (mentioned below), which give some idea about the setup. I have used terraform for this setup.
Ref :

Assumptions is you already have server truststore and keystore jks files for the kafka brokers

Idea to do this setup, is first create secrets in Kubernetes setup in same namespace as incubator kafka installation. This secret should contain keystore and truststore contents along with passwords of these files.

I have created a custom helm chart storing storing secrets in kubernetes. Below is the template file for this helm chart

Values file for above helm chart contains

keystoreJks: "<base64 encoded contents of keystore jks file>"
keystorePassword: "<base64 encoded password for keystore>"
truststoreJks: "<base64 encoded contents of truststore jks file>"
truststorePassword: "<base64 encoded password for truststore>"

I have kept as kafka-ssl-secret

Below is values file for incubator kafka helm chart

Note that, keys name, secrete names and configurationOverrides ‘s ssl configurations names are exactly same

Above values file, mounts all ssl related files in /etc/kafka/secrets folder which is read by incubator helm chart for ssl configs. You can find this from logs of the kafka pod

Terraform file for applying above charts is a utility script to package custom chart. It can be

helm package $1 --destination /<destination folder>

Once applied you should see SSL applied to your kafka installation.