cncf-strimzi-users@lists.cncf.io | Broker Hostname mismatch error seen with aiokafka APIs

Home Messages Hashtags Subgroups

Date Date 1 - 1 of 1

Broker Hostname mismatch error seen with aiokafka APIs

udaykumartj@...

Hi all,
I am getting the below error for the code (which uses aiokafka APIs) that i have pasted below (also provided kafka resource yaml snippet). Instead of kafka broker hostname, if i give IP address, it works. Not sure why kafka broker (dns) hostname is not working. Please help.

Unable connect to "strimzi-kafka-kafka-external-bootstrap.kafka.svc.cluster.local:9094": [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'strimzi-kafka-kafka-external-bootstrap.kafka.svc.cluster.local'. (_ssl.c:1129)

Note: If i use confluent_kafka APIs (Consumer, Producer), i dont see this issue.

Code snippet:
context = create_ssl_context(

cafile='/etc/vcerts/cluster/ca.crt',

certfile='/etc/vcerts/client/user.crt',

keyfile='/etc/vcerts/client/user.key',

)

consumer = AIOKafkaConsumer(

my_topic, bootstrap_servers='strimzi-kafka-kafka-external-bootstrap.kafka.svc.cluster.local:9094',

auto_offset_reset='latest',

group_id=group_id,

security_protocol="SSL",

ssl_context=context)

await consumer.start() <=== This line throws the above error.

Kafka spec:

apiVersion: kafka.strimzi.io/v1beta2

kind: Kafka

metadata:

name: strimzi-kafka

spec:

kafka:

version: 3.0.0

replicas: 3

listeners:

- name: plain

port: 9092

type: internal

tls: false

- name: tls

port: 9093

type: internal

tls: true

authentication:

type: tls

- name: external

port: 9094

type: loadbalancer

tls: true

authentication:

type: tls

template:

clusterCaCert:

metadata:

....

1 - 1 of 1

Previous Topic Next Topic