-
Task
-
Resolution: Done
-
Major
-
ConsoleDot CY23Q1, January Clean-Up, January Clean-Up round 2, June 2023 DevProd, DevProd June 2023 Release II, DevProd June Release Part III, DevProd June 2023 Release Part IV, DevProd June 2023 Release V, DevProd June 2023 Release VI, July 24, July 28th Dev Prod, July 28th Dev Prod- Round 2, Aug Release , Aug Release #2, Aug #3, Aug #4, DevProd Release Completed Items (August 15, 2023), Release-Aug, Aug #2
-
None
-
2
-
False
-
-
False
-
Unset
-
None
Some teams are expecting `cacert` to always be present in the kafka broker config – some are not. Some are expecting a `nil`/`null` value for it, some are expecting the key to be absent, etc. etc.
In theory, we should not need a ca cert because the managed kafka cert is signed by a well-known certificate authority.
But, as a short term solution (since different apps/libraries are handling the abscence of the key differently), we are going to have clowder provide the `cacert` in the cdappconfig.json.
I am adding the DigiCert High Assurance EV Root CA to the 'clowder-oauth' vault secret used in stage – then updating clowder to parse the cacert out of this secret and insert it into cdappconfig.json