all-things-risingwave

How to workaround certificate reloading issue in librdkafka when certificates are rotated frequently?

I was looking into rising wave, and saw that its using the rdkafka for the kafka library. From what I can tell <https://github.com/confluentinc/librdkafka/issues/2868|from librdkafkaissues>, librdkafka does not support reloading certificates when they are rotated. We deploy in an environment where our certs have a somewhat short shelf life, and are auto rotated for us. Do you know of any way to workaround this?

Aa

Aaron Stockton

Asked on Apr 07, 2023

  • One possible workaround is to periodically restart the Kafka client application to reload the certificates.
  • Another approach is to implement a custom certificate reloading mechanism in your application code.
  • You can also consider using a proxy server that handles the certificate rotation and forwards requests to the Kafka cluster with updated certificates.
Apr 07, 2023Edited by