Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/schema-registry] Helm Install Fails with Kafka JKS Secret Error when Using AWS MSK with SSL #31004

Open
Haebuk opened this issue Dec 12, 2024 · 0 comments
Open

[bitnami/schema-registry] Helm Install Fails with Kafka JKS Secret Error when Using AWS MSK with SSL #31004

Haebuk opened this issue Dec 12, 2024 · 0 comments
Assignees
@jotamartos
Labels
in-progress schema-registry tech-issues The user has a technical issue about an application

Comments

@Haebuk
Copy link

Haebuk commented Dec 12, 2024
edited by carrodher
Loading

Name and Version

bitnami/schema-registry 7.8.0

What architecture are you using?

amd64

What steps will reproduce the bug?

  1. Set up AWS MSK cluster with SSL encryption enabled
  2. Deploy Schema Registry on EKS using Helm chart
  3. Configure values.yaml with:
kafka:
  enabled: false

externalKafka:
  brokers:
    - SSL://<my-first-broker-endpoint>:9094
    - SSL://<my-second-broker-endpoint>:9094
  listener:
    protocol: SSL
  1. Run helm install schema-registry bitnami/schema-registry -f values.yaml
  2. The installation fails with an error requiring JKS files even though we're using AWS-managed certificates:
kafka: auth.kafka.jksSecret
A secret containing the Schema Registry JKS files is required when TLS encryption is enabled

What is the expected behavior?

The Helm chart should successfully install without requiring JKS files when using AWS MSK with SSL, as certificate management is handled by AWS MSK service.

Additional information

Using AWS MSK for Kafka cluster
Certificates are managed by AWS
Schema Registry is being deployed on EKS
No manual JKS management is needed in the AWS MSK environment

We already have several applications deployed on EKS successfully communicating with MSK without any additional certificate configuration, which makes this JKS requirement seem unnatural and inconsistent with our existing setup.
@Haebuk Haebuk added the tech-issues The user has a technical issue about an application label Dec 12, 2024
@github-actions github-actions bot added the triage Triage is needed label Dec 12, 2024
@github-actions github-actions bot removed the triage Triage is needed label Dec 13, 2024
@github-actions github-actions bot assigned jotamartos and unassigned javsalgar Dec 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in-progress schema-registry tech-issues The user has a technical issue about an application
4 participants
@javsalgar @jotamartos @carrodher @Haebuk