cncf-strimzi-users@lists.cncf.io | Broker Hostname mismatch error seen with aiokafka APIs

Home Messages Hashtags Subgroups

Date Date 1 - 2 of 2

Broker Hostname mismatch error seen with aiokafka APIs

Jakub Scholz #161 You are using the external loadbalancer listener with internal service name. That is causing the problem. You should either switch to one of the internal interfaces - e.g. the on on port 9093. Or you should use the proper loadbalancer bootstrap address which you can find in the status section of the Kafka custom resource (`kubectl get kafka -o yaml` should show it for you). In general, if your app runs inside the same Kubernetes, using the internal listener on port 9093 would be the right way to go => it should be cheaper and more performant than going through the loadbalancer. That should be used by apps outside your Kube cluster. Jakub toggle quoted message Show quoted text On Fri, Feb 4, 2022 at 10:49 AM <udaykumartj@...> wrote: Hi all, I am getting the below error for the code (which uses aiokafka APIs) that i have pasted below (also provided kafka resource yaml snippet). Instead of kafka broker hostname, if i give IP address, it works. Not sure why kafka broker (dns) hostname is not working. Please help. Unable connect to "strimzi-kafka-kafka-external-bootstrap.kafka.svc.cluster.local:9094": [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'strimzi-kafka-kafka-external-bootstrap.kafka.svc.cluster.local'. (_ssl.c:1129) Note: If i use confluent_kafka APIs (Consumer, Producer), i dont see this issue. Code snippet: context = create_ssl_context( cafile='/etc/vcerts/cluster/ca.crt', certfile='/etc/vcerts/client/user.crt', keyfile='/etc/vcerts/client/user.key', ) consumer = AIOKafkaConsumer( my_topic, bootstrap_servers='strimzi-kafka-kafka-external-bootstrap.kafka.svc.cluster.local:9094', auto_offset_reset='latest', group_id=group_id, security_protocol="SSL", ssl_context=context) await consumer.start() <=== This line throws the above error. Kafka spec: apiVersion: kafka.strimzi.io/v1beta2 kind: Kafka metadata: name: strimzi-kafka spec: kafka: version: 3.0.0 replicas: 3 listeners: - name: plain port: 9092 type: internal tls: false - name: tls port: 9093 type: internal tls: true authentication: type: tls - name: external port: 9094 type: loadbalancer tls: true authentication: type: tls template: clusterCaCert: metadata: ....
More All Messages By This Member
udaykumartj@... #159 Hi all, I am getting the below error for the code (which uses aiokafka APIs) that i have pasted below (also provided kafka resource yaml snippet). Instead of kafka broker hostname, if i give IP address, it works. Not sure why kafka broker (dns) hostname is not working. Please help. Unable connect to "strimzi-kafka-kafka-external-bootstrap.kafka.svc.cluster.local:9094": [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'strimzi-kafka-kafka-external-bootstrap.kafka.svc.cluster.local'. (_ssl.c:1129) Note: If i use confluent_kafka APIs (Consumer, Producer), i dont see this issue. Code snippet: context = create_ssl_context( cafile='/etc/vcerts/cluster/ca.crt', certfile='/etc/vcerts/client/user.crt', keyfile='/etc/vcerts/client/user.key', ) consumer = AIOKafkaConsumer( my_topic, bootstrap_servers='strimzi-kafka-kafka-external-bootstrap.kafka.svc.cluster.local:9094', auto_offset_reset='latest', group_id=group_id, security_protocol="SSL", ssl_context=context) await consumer.start() <=== This line throws the above error. Kafka spec: apiVersion: kafka.strimzi.io/v1beta2 kind: Kafka metadata: name: strimzi-kafka spec: kafka: version: 3.0.0 replicas: 3 listeners: - name: plain port: 9092 type: internal tls: false - name: tls port: 9093 type: internal tls: true authentication: type: tls - name: external port: 9094 type: loadbalancer tls: true authentication: type: tls template: clusterCaCert: metadata: ....
More All Messages By This Member

1 - 2 of 2

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms