Error Init Kafka Client: kafka: client has run out of available brokers to talk to: remote error: tls: bad certificate #486
Description
Hi Team,
We're using Kafka with TLS authentication, deployed using the Strimzi Kafka Operator.
We're attempting to deploy the Kafka Exporter using the image: danielqsj/kafka-exporter:v1.9.0
However, the pod is failing to start due to TLS authentication issues. The KafkaUser was created with admin permissions, and secrets were generated by the operator.
KafkaUser YAML:
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
name: kafka-exporter
namespace: kafka
labels:
argocd.argoproj.io/instance: kafka-resource-deployer
strimzi.io/cluster: kafkacluster
spec:
authentication:
type: tls
authorization:
type: simple
acls:
- resource:
type: topic
name: "*"
patternType: literal
operation: All
- resource:
type: group
name: "*"
patternType: literal
operation: All
- resource:
type: cluster
name: "*"
patternType: literal
operation: All
- resource:
type: transactionalId
name: "*"
patternType: literal
operation: All
Helm values.yaml for Kafka Exporter:
kafkaServer:
- kafkacluster-kafka-bootstrap.kafka.svc.cluster.local:9094
tls:
enabled: true
insecureSkipVerify: true
mountPath: /etc/kafka/tls
secretName: kafka-exporter
The required secret (kafka-exporter) is mounted, and TLS is enabled.
Pod Logs:
I0609 11:37:30.183261 1 kafka_exporter.go:850] Starting kafka_exporter (version=1.9.0)
F0609 11:37:31.038561 1 kafka_exporter.go:951] Error Init Kafka Client: kafka: client has run out of available brokers to talk to: remote error: tls: bad certificate
Issue: The exporter fails with remote error: tls: bad certificate.
What we've tried:
Ensured the KafkaUser has appropriate ACLs and TLS auth.
Verified that the secret is mounted in the correct path and contains user.crt, user.key, and ca.crt.
Question:
Is there anything we might be missing in either the TLS setup or the secret structure that could cause this TLS error?
Any help or guidance would be appreciated!