Hi all,
I am getting the below error for the code (which uses aiokafka APIs) that i have pasted below (also provided kafka resource yaml snippet). Instead of kafka broker hostname, if i give IP address, it works. Not sure why kafka broker (dns) hostname is not working. Please help.
Unable connect to "strimzi-kafka-kafka-external-bootstrap.kafka.svc.cluster.local:9094": [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'strimzi-kafka-kafka-external-bootstrap.kafka.svc.cluster.local'. (_ssl.c:1129)
Note: If i use confluent_kafka APIs (Consumer, Producer), i dont see this issue.
Code snippet:
context = create_ssl_context(
cafile='/etc/vcerts/cluster/ca.crt',
certfile='/etc/vcerts/client/user.crt',
keyfile='/etc/vcerts/client/user.key',
)
consumer = AIOKafkaConsumer(
my_topic, bootstrap_servers='strimzi-kafka-kafka-external-bootstrap.kafka.svc.cluster.local:9094',
auto_offset_reset='latest',
group_id=group_id,
security_protocol="SSL",
ssl_context=context)
await consumer.start() <=== This line throws the above error.
Kafka spec:
apiVersion: kafka.strimzi.io/v1beta2
kind: Kafka
metadata:
name: strimzi-kafka
spec:
kafka:
version: 3.0.0
replicas: 3
listeners:
- name: plain
port: 9092
type: internal
tls: false
- name: tls
port: 9093
type: internal
tls: true
authentication:
type: tls
- name: external
port: 9094
type: loadbalancer
tls: true
authentication:
type: tls
template:
clusterCaCert:
metadata:
....
