As we know by default when we create a Strimzi-Kafka user, user gets its own user.crt & user.key created in Kubernetes secrets-manager but I want to use my own user.crt & user.key, is it feasible?
Rather than creating the user first then replacing with our own keys! Do we have option to pass our own crt, keys in runtime user create? Can we specify somehow in the deployment file?
From official doc: I got this https://strimzi.io/docs/master/#installing-your-own-ca-certificates-str but it's for kind:Kafka not for kind:KafkaUser as we know kind:KafkaUser is used for user creation.
Am answering my question myself!
STEP1:
kubectl -n <namespace> create secret generic <ca-cert-secret> --from-file=ca.crt=<ca-cert-file>Eg:
kubectl -n kafka create secret generic custom-strimzi-user --from-file=ca.crt=ca-decoded.crt --from-file=user.crt=user-decoded.crt --from-file=user.key=user-decoded.key -o yamlSTEP2:
kubectl -n <namespace> label secret <ca-cert-secret> strimzi.io/kind=<Kafka or KafkaUser> strimzi.io/cluster=<my-cluster>Eg:
kubectl -n kafka label secret custom-strimzi-user strimzi.io/kind=KafkaUser strimzi.io/cluster=kafkaSTEP3: Now to Enable ACL & TLS for above created user:
Apply Strimzi officially provided create user yaml deployment file (kind:KafkaUser) format after replacing the user name with one created from above, then execute :
kubectl apply -f kafka-create-user.ymlNote: Here if we run kubectl apply -f kafka-create-user.yml before creating custom user as in STEP1 & STEP2 then Strimzi create a user with its own user.crt & user.key
FYI above what I shared is for user custom crt & user custom key but for operator cluster CA (crt & key) we have official doc here: https://strimzi.io/docs/master/#installing-your-own-ca-certificates-str
Regards, Sudhir Tataraju