Strimzi
Certificate Authority (CA) called the cluster CA #6537
Unanswered
sreejesh-radhakrishnan-db
asked this question in
Q&A
Replies: 2 comments 1 reply
-
|
You can use the Strimzi provided CA or you can supply your own CA. Those are the two options. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
@scholzj how the private key for Cluster CA are stored? can anyone who has access to GKE cluster be able to decode it ? |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
It is stored as a Kubernetes Secret. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
From Strimzi Document: "To support encryption, each Strimzi component needs its own private keys and public key
certificates. All component certificates are signed by an internal Certificate Authority (CA) called
the cluster CA."
Q:
Is there any way we can switch off this encryption between each Strimzi component? and we setup our own inter pod mtls!
Rationale:
Company Security Control Office is worried a self signed certificate is issued on Cloud , which could pose a security risk.
We are talking about 200+ applications needing to use KAFKA on their clusters, so bank is not ready to issue a workload Intermediate root CA which clearly violate the policy and wider risk. Hence we wont be able to override the cluster-ca cert with our own.
Beta Was this translation helpful? Give feedback.
All reactions