removed '/tmp/hsperfdata_1000680000/15' removed directory '/tmp/hsperfdata_1000680000' removed directory '/tmp/vertx-cache-801de32f-b436-4cef-a542-81d754ec858d' Auto-detected KUBERNETES_SERVICE_DNS_DOMAIN: cluster.local + exec /usr/bin/tini -w -e 143 -- java -Dlog4j2.configurationFile=file:/opt/strimzi/custom-config/log4j2.properties -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Dvertx.cacheDirBase=/tmp/vertx-cache -Djava.security.egd=file:/dev/./urandom -XX:+ExitOnOutOfMemoryError -XX:MinRAMPercentage=15 -XX:MaxRAMPercentage=20 -classpath :lib/io.strimzi.cluster-operator-0.34.0.redhat-00002.jar:lib/io.strimzi.api-0.34.0.redhat-00002.jar:lib/io.fabric8.kubernetes-model-common-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-apiextensions-6.3.1.redhat-00001.jar:lib/io.strimzi.config-model-0.34.0.redhat-00002.jar:lib/io.strimzi.operator-common-0.34.0.redhat-00002.jar:lib/io.strimzi.crd-annotations-0.34.0.redhat-00002.jar:lib/org.quartz-scheduler.quartz-2.3.2.redhat-00007.jar:lib/io.fabric8.openshift-client-6.3.1.redhat-00001.jar:lib/com.github.mifmif.generex-1.0.2.redhat-00003.jar:lib/dk.brics.automaton.automaton-1.11.8.redhat-1.jar:lib/io.fabric8.openshift-client-api-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-clusterautoscaling-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-operator-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-operatorhub-6.3.1.redhat-00001.jar:lib/io.fabric8.openshift-model-machine-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-whereabouts-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-monitoring-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-storageversionmigrator-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-tuned-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-console-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-config-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-machineconfig-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-miscellaneous-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-hive-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-installer-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-client-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-httpclient-jdk-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-client-api-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-gatewayapi-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-admissionregistration-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-autoscaling-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-batch-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-certificates-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-discovery-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-extensions-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-flowcontrol-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-metrics-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-scheduling-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-node-6.3.1.streams24-1-redhat-00002.jar:lib/org.slf4j.slf4j-api-1.7.36.redhat-00002.jar:lib/org.snakeyaml.snakeyaml-engine-2.5.0.redhat-00001.jar:lib/com.fasterxml.jackson.datatype.jackson-datatype-jsr310-2.14.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-core-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-events-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-policy-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-rbac-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-apps-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-storageclass-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-networking-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-coordination-6.3.1.redhat-00001.jar:lib/io.fabric8.openshift-model-6.3.1.redhat-00001.jar:lib/io.fabric8.zjsonpatch-0.3.0.redhat-00001.jar:lib/com.fasterxml.jackson.core.jackson-core-2.14.1.redhat-00001.jar:lib/com.fasterxml.jackson.core.jackson-databind-2.14.1.redhat-00001.jar:lib/com.fasterxml.jackson.core.jackson-annotations-2.14.1.redhat-00001.jar:lib/com.fasterxml.jackson.dataformat.jackson-dataformat-yaml-2.14.1.redhat-00001.jar:lib/org.yaml.snakeyaml-1.33.0.redhat-00001.jar:lib/io.vertx.vertx-core-4.3.7.redhat-00002.jar:lib/io.netty.netty-common-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-buffer-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-handler-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-handler-proxy-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-codec-http-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-codec-http2-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-resolver-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-resolver-dns-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-codec-dns-4.1.87.Final-redhat-00001.jar:lib/io.strimzi.certificate-manager-0.34.0.redhat-00002.jar:lib/org.apache.logging.log4j.log4j-core-2.17.2.redhat-00003.jar:lib/org.apache.logging.log4j.log4j-api-2.17.2.redhat-00003.jar:lib/org.apache.logging.log4j.log4j-slf4j-impl-2.17.2.redhat-00003.jar:lib/org.apache.logging.log4j.log4j-jul-2.17.2.redhat-00003.jar:lib/io.strimzi.kafka-oauth-server-0.12.0.redhat-00002.jar:lib/io.strimzi.kafka-oauth-server-plain-0.12.0.redhat-00002.jar:lib/io.strimzi.kafka-oauth-client-0.12.0.redhat-00002.jar:lib/io.strimzi.kafka-oauth-common-0.12.0.redhat-00002.jar:lib/com.nimbusds.nimbus-jose-jwt-9.10.0.redhat-00002.jar:lib/com.github.stephenc.jcip.jcip-annotations-1.0.1.redhat-00001.jar:lib/com.jayway.jsonpath.json-path-2.6.0.redhat-00002.jar:lib/net.minidev.json-smart-2.4.7.redhat-00001.jar:lib/net.minidev.accessors-smart-2.4.7.redhat-00001.jar:lib/org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:lib/com.github.luben.zstd-jni-1.5.2.3-redhat-00002.jar:lib/org.lz4.lz4-java-1.8.0.redhat-00002.jar:lib/org.xerial.snappy.snappy-java-1.1.8.4-redhat-00002.jar:lib/org.apache.zookeeper.zookeeper-3.6.3.redhat-00044.jar:lib/org.apache.yetus.audience-annotations-0.5.0.redhat-00002.jar:lib/io.netty.netty-transport-native-epoll-4.1.87.Final-redhat-00001.jar:lib/org.apache.zookeeper.zookeeper-jute-3.6.3.redhat-00044.jar:lib/io.netty.netty-transport-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-transport-native-epoll-4.1.87.Final-redhat-00001-linux-x86_64.jar:lib/io.netty.netty-transport-native-unix-common-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-transport-classes-epoll-4.1.87.Final-redhat-00001.jar:lib/io.micrometer.micrometer-core-1.9.5.redhat-00001.jar:lib/org.hdrhistogram.HdrHistogram-2.1.12.redhat-00001.jar:lib/org.latencyutils.LatencyUtils-2.0.3.redhat-00001.jar:lib/io.micrometer.micrometer-registry-prometheus-1.9.5.redhat-00001.jar:lib/io.prometheus.simpleclient_common-0.15.0.redhat-00001.jar:lib/io.prometheus.simpleclient-0.15.0.redhat-00001.jar:lib/io.prometheus.simpleclient_tracer_otel-0.15.0.redhat-00001.jar:lib/io.prometheus.simpleclient_tracer_common-0.15.0.redhat-00001.jar:lib/io.prometheus.simpleclient_tracer_otel_agent-0.15.0.redhat-00001.jar:lib/io.vertx.vertx-micrometer-metrics-4.3.7.redhat-00002.jar:lib/io.netty.netty-codec-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-codec-socks-4.1.87.Final-redhat-00001.jar io.strimzi.operator.cluster.Main 2023-04-02 19:48:47 INFO Main:79 - ClusterOperator 0.34.0.redhat-00002 is starting 2023-04-02 19:48:47 INFO Util:332 - Using config: PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin container: oci STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE: brew.registry.redhat.io/rh-osbs/amq-streams-strimzi-rhel8-operator:2.4.0-1 JAVA_OPTS: -Dlog4j2.configurationFile=file:/opt/strimzi/custom-config/log4j2.properties -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Dvertx.cacheDirBase=/tmp/vertx-cache -Djava.security.egd=file:/dev/./urandom -XX:+ExitOnOutOfMemoryError -XX:MinRAMPercentage=15 -XX:MaxRAMPercentage=20 STRIMZI_CUSTOM_KAFKA_MIRROR_MAKER2_LABELS: com.company=Red_Hat rht.prod_name=Red_Hat_Application_Foundations rht.prod_ver=2023.Q2 rht.comp=AMQ_Streams rht.comp_ver=2.4 rht.subcomp=kafka-mirror-maker2 rht.subcomp_t=application NSS_SDB_USE_CACHE: no STRIMZI_HOME: /opt/strimzi STRIMZI_CUSTOM_ZOOKEEPER_LABELS: com.company=Red_Hat rht.prod_name=Red_Hat_Application_Foundations rht.prod_ver=2023.Q2 rht.comp=AMQ_Streams rht.comp_ver=2.4 rht.subcomp=zookeeper rht.subcomp_t=infrastructure PWD: /opt/strimzi STRIMZI_LEADER_ELECTION_IDENTITY: strimzi-cluster-operator-7b5bc8455b-59bn4 KUBERNETES_PORT_443_TCP: tcp://172.30.0.1:443 JAVA_MAIN: io.strimzi.operator.cluster.Main STRIMZI_LEADER_ELECTION_ENABLED: true STRIMZI_NAMESPACE: * STRIMZI_CUSTOM_KAFKA_MIRROR_MAKER_LABELS: com.company=Red_Hat rht.prod_name=Red_Hat_Application_Foundations rht.prod_ver=2023.Q2 rht.comp=AMQ_Streams rht.comp_ver=2.4 rht.subcomp=kafka-mirror-maker rht.subcomp_t=application STRIMZI_DEFAULT_MAVEN_BUILDER: registry.access.redhat.com/ubi8/openjdk-11:1.10 STRIMZI_FEATURE_GATES: STRIMZI_CUSTOM_KAFKA_BRIDGE_SERVICE_LABELS: discovery.3scale.net=true JBOSS_IMAGE_VERSION: 2.4.0 STRIMZI_LOG_LEVEL: DEBUG KUBERNETES_SERVICE_DNS_DOMAIN: cluster.local STRIMZI_LEADER_ELECTION_LEASE_NAME: strimzi-cluster-operator KUBERNETES_SERVICE_PORT_HTTPS: 443 SHLVL: 0 STRIMZI_IMAGE_PULL_POLICY: IfNotPresent STRIMZI_DEFAULT_KAFKA_BRIDGE_IMAGE: brew.registry.redhat.io/rh-osbs/amq-streams-bridge-rhel8:2.4.0-1 KUBERNETES_PORT: tcp://172.30.0.1:443 STRIMZI_CUSTOM_KAFKA_BRIDGE_SERVICE_ANNOTATIONS: discovery.3scale.net/scheme=http discovery.3scale.net/port=8080 discovery.3scale.net/path=/ discovery.3scale.net/description-path=/openapi STRIMZI_KAFKA_MIRROR_MAKER_IMAGES: 3.3.1=brew.registry.redhat.io/rh-osbs/amq-streams-kafka-33-rhel8:2.4.0-2 3.4.0=brew.registry.redhat.io/rh-osbs/amq-streams-kafka-34-rhel8:2.4.0-2 STRIMZI_CUSTOM_CRUISE_CONTROL_LABELS: com.company=Red_Hat rht.prod_name=Red_Hat_Application_Foundations rht.prod_ver=2023.Q2 rht.comp=AMQ_Streams rht.comp_ver=2.4 rht.subcomp=cruise-control rht.subcomp_t=application TERM: xterm STRIMZI_FULL_RECONCILIATION_INTERVAL_MS: 30000 KUBERNETES_SERVICE_HOST: 172.30.0.1 JAVA_CLASSPATH: :lib/io.strimzi.cluster-operator-0.34.0.redhat-00002.jar:lib/io.strimzi.api-0.34.0.redhat-00002.jar:lib/io.fabric8.kubernetes-model-common-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-apiextensions-6.3.1.redhat-00001.jar:lib/io.strimzi.config-model-0.34.0.redhat-00002.jar:lib/io.strimzi.operator-common-0.34.0.redhat-00002.jar:lib/io.strimzi.crd-annotations-0.34.0.redhat-00002.jar:lib/org.quartz-scheduler.quartz-2.3.2.redhat-00007.jar:lib/io.fabric8.openshift-client-6.3.1.redhat-00001.jar:lib/com.github.mifmif.generex-1.0.2.redhat-00003.jar:lib/dk.brics.automaton.automaton-1.11.8.redhat-1.jar:lib/io.fabric8.openshift-client-api-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-clusterautoscaling-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-operator-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-operatorhub-6.3.1.redhat-00001.jar:lib/io.fabric8.openshift-model-machine-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-whereabouts-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-monitoring-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-storageversionmigrator-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-tuned-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-console-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-config-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-machineconfig-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-miscellaneous-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-hive-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.openshift-model-installer-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-client-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-httpclient-jdk-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-client-api-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-gatewayapi-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-admissionregistration-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-autoscaling-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-batch-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-certificates-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-discovery-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-extensions-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-flowcontrol-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-metrics-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-scheduling-6.3.1.streams24-1-redhat-00002.jar:lib/io.fabric8.kubernetes-model-node-6.3.1.streams24-1-redhat-00002.jar:lib/org.slf4j.slf4j-api-1.7.36.redhat-00002.jar:lib/org.snakeyaml.snakeyaml-engine-2.5.0.redhat-00001.jar:lib/com.fasterxml.jackson.datatype.jackson-datatype-jsr310-2.14.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-core-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-events-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-policy-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-rbac-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-apps-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-storageclass-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-networking-6.3.1.redhat-00001.jar:lib/io.fabric8.kubernetes-model-coordination-6.3.1.redhat-00001.jar:lib/io.fabric8.openshift-model-6.3.1.redhat-00001.jar:lib/io.fabric8.zjsonpatch-0.3.0.redhat-00001.jar:lib/com.fasterxml.jackson.core.jackson-core-2.14.1.redhat-00001.jar:lib/com.fasterxml.jackson.core.jackson-databind-2.14.1.redhat-00001.jar:lib/com.fasterxml.jackson.core.jackson-annotations-2.14.1.redhat-00001.jar:lib/com.fasterxml.jackson.dataformat.jackson-dataformat-yaml-2.14.1.redhat-00001.jar:lib/org.yaml.snakeyaml-1.33.0.redhat-00001.jar:lib/io.vertx.vertx-core-4.3.7.redhat-00002.jar:lib/io.netty.netty-common-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-buffer-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-handler-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-handler-proxy-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-codec-http-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-codec-http2-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-resolver-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-resolver-dns-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-codec-dns-4.1.87.Final-redhat-00001.jar:lib/io.strimzi.certificate-manager-0.34.0.redhat-00002.jar:lib/org.apache.logging.log4j.log4j-core-2.17.2.redhat-00003.jar:lib/org.apache.logging.log4j.log4j-api-2.17.2.redhat-00003.jar:lib/org.apache.logging.log4j.log4j-slf4j-impl-2.17.2.redhat-00003.jar:lib/org.apache.logging.log4j.log4j-jul-2.17.2.redhat-00003.jar:lib/io.strimzi.kafka-oauth-server-0.12.0.redhat-00002.jar:lib/io.strimzi.kafka-oauth-server-plain-0.12.0.redhat-00002.jar:lib/io.strimzi.kafka-oauth-client-0.12.0.redhat-00002.jar:lib/io.strimzi.kafka-oauth-common-0.12.0.redhat-00002.jar:lib/com.nimbusds.nimbus-jose-jwt-9.10.0.redhat-00002.jar:lib/com.github.stephenc.jcip.jcip-annotations-1.0.1.redhat-00001.jar:lib/com.jayway.jsonpath.json-path-2.6.0.redhat-00002.jar:lib/net.minidev.json-smart-2.4.7.redhat-00001.jar:lib/net.minidev.accessors-smart-2.4.7.redhat-00001.jar:lib/org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:lib/com.github.luben.zstd-jni-1.5.2.3-redhat-00002.jar:lib/org.lz4.lz4-java-1.8.0.redhat-00002.jar:lib/org.xerial.snappy.snappy-java-1.1.8.4-redhat-00002.jar:lib/org.apache.zookeeper.zookeeper-3.6.3.redhat-00044.jar:lib/org.apache.yetus.audience-annotations-0.5.0.redhat-00002.jar:lib/io.netty.netty-transport-native-epoll-4.1.87.Final-redhat-00001.jar:lib/org.apache.zookeeper.zookeeper-jute-3.6.3.redhat-00044.jar:lib/io.netty.netty-transport-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-transport-native-epoll-4.1.87.Final-redhat-00001-linux-x86_64.jar:lib/io.netty.netty-transport-native-unix-common-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-transport-classes-epoll-4.1.87.Final-redhat-00001.jar:lib/io.micrometer.micrometer-core-1.9.5.redhat-00001.jar:lib/org.hdrhistogram.HdrHistogram-2.1.12.redhat-00001.jar:lib/org.latencyutils.LatencyUtils-2.0.3.redhat-00001.jar:lib/io.micrometer.micrometer-registry-prometheus-1.9.5.redhat-00001.jar:lib/io.prometheus.simpleclient_common-0.15.0.redhat-00001.jar:lib/io.prometheus.simpleclient-0.15.0.redhat-00001.jar:lib/io.prometheus.simpleclient_tracer_otel-0.15.0.redhat-00001.jar:lib/io.prometheus.simpleclient_tracer_common-0.15.0.redhat-00001.jar:lib/io.prometheus.simpleclient_tracer_otel_agent-0.15.0.redhat-00001.jar:lib/io.vertx.vertx-micrometer-metrics-4.3.7.redhat-00002.jar:lib/io.netty.netty-codec-4.1.87.Final-redhat-00001.jar:lib/io.netty.netty-codec-socks-4.1.87.Final-redhat-00001.jar STRIMZI_CUSTOM_KAFKA_LABELS: com.company=Red_Hat rht.prod_name=Red_Hat_Application_Foundations rht.prod_ver=2023.Q2 rht.comp=AMQ_Streams rht.comp_ver=2.4 rht.subcomp=kafka-broker rht.subcomp_t=application STRIMZI_CUSTOM_KAFKA_CONNECT_LABELS: com.company=Red_Hat rht.prod_name=Red_Hat_Application_Foundations rht.prod_ver=2023.Q2 rht.comp=AMQ_Streams rht.comp_ver=2.4 rht.subcomp=kafka-connect rht.subcomp_t=application STRIMZI_CUSTOM_KAFKA_CONNECT_BUILD_LABELS: com.company=Red_Hat rht.prod_name=Red_Hat_Application_Foundations rht.prod_ver=2023.Q2 rht.comp=AMQ_Streams rht.comp_ver=2.4 rht.subcomp=kafka-connect-build rht.subcomp_t=application STRIMZI_DEFAULT_CRUISE_CONTROL_IMAGE: brew.registry.redhat.io/rh-osbs/amq-streams-kafka-34-rhel8:2.4.0-2 STRIMZI_CUSTOM_KAFKA_BRIDGE_LABELS: com.company=Red_Hat rht.prod_name=Red_Hat_Application_Foundations rht.prod_ver=2023.Q2 rht.comp=AMQ_Streams rht.comp_ver=2.4 rht.subcomp=kafka-bridge rht.subcomp_t=application JBOSS_IMAGE_NAME: amq-streams/strimzi-rhel8-operator STRIMZI_OPERATION_TIMEOUT_MS: 300000 COM_REDHAT_COMPONENT: amqstreams-operator-container KUBERNETES_PORT_443_TCP_ADDR: 172.30.0.1 STRIMZI_LEADER_ELECTION_LEASE_NAMESPACE: infra-namespace STRIMZI_KAFKA_MIRROR_MAKER_2_IMAGES: 3.3.1=brew.registry.redhat.io/rh-osbs/amq-streams-kafka-33-rhel8:2.4.0-2 3.4.0=brew.registry.redhat.io/rh-osbs/amq-streams-kafka-34-rhel8:2.4.0-2 KUBERNETES_PORT_443_TCP_PROTO: tcp STRIMZI_DEFAULT_USER_OPERATOR_IMAGE: brew.registry.redhat.io/rh-osbs/amq-streams-strimzi-rhel8-operator:2.4.0-1 KUBERNETES_SERVICE_PORT: 443 STRIMZI_CUSTOM_ENTITY_OPERATOR_LABELS: com.company=Red_Hat rht.prod_name=Red_Hat_Application_Foundations rht.prod_ver=2023.Q2 rht.comp=AMQ_Streams rht.comp_ver=2.4 rht.subcomp=entity-operator rht.subcomp_t=infrastructure STRIMZI_DEFAULT_KAFKA_EXPORTER_IMAGE: brew.registry.redhat.io/rh-osbs/amq-streams-kafka-34-rhel8:2.4.0-2 STRIMZI_DEFAULT_KAFKA_INIT_IMAGE: brew.registry.redhat.io/rh-osbs/amq-streams-strimzi-rhel8-operator:2.4.0-1 HOSTNAME: strimzi-cluster-operator-7b5bc8455b-59bn4 STRIMZI_CUSTOM_KAFKA_EXPORTER_LABELS: com.company=Red_Hat rht.prod_name=Red_Hat_Application_Foundations rht.prod_ver=2023.Q2 rht.comp=AMQ_Streams rht.comp_ver=2.4 rht.subcomp=kafka-exporter rht.subcomp_t=application STRIMZI_KAFKA_CONNECT_IMAGES: 3.3.1=brew.registry.redhat.io/rh-osbs/amq-streams-kafka-33-rhel8:2.4.0-2 3.4.0=brew.registry.redhat.io/rh-osbs/amq-streams-kafka-34-rhel8:2.4.0-2 STRIMZI_KAFKA_IMAGES: 3.3.1=brew.registry.redhat.io/rh-osbs/amq-streams-kafka-33-rhel8:2.4.0-2 3.4.0=brew.registry.redhat.io/rh-osbs/amq-streams-kafka-34-rhel8:2.4.0-2 KUBERNETES_PORT_443_TCP_PORT: 443 STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE: brew.registry.redhat.io/rh-osbs/amq-streams-kafka-34-rhel8:2.4.0-2 STRIMZI_OPERATOR_NAME: strimzi-cluster-operator-7b5bc8455b-59bn4 HOME: / MALLOC_ARENA_MAX: 2 STRIMZI_OPERATOR_NAMESPACE: infra-namespace 2023-04-02 19:48:48 INFO Main:82 - Cluster Operator configuration is ClusterOperatorConfig(namespaces=[*],reconciliationIntervalMs=30000,operationTimeoutMs=300000,connectBuildTimeoutMs=300000,createClusterRoles=false,networkPolicyGeneration=true,versions=versions{3.3.1={proto: 3.3 msg: 3.3 kafka-image: brew.registry.redhat.io/rh-osbs/amq-streams-kafka-33-rhel8:2.4.0-2 connect-image: brew.registry.redhat.io/rh-osbs/amq-streams-kafka-33-rhel8:2.4.0-2 mirrormaker-image: brew.registry.redhat.io/rh-osbs/amq-streams-kafka-33-rhel8:2.4.0-2 mirrormaker2-image: brew.registry.redhat.io/rh-osbs/amq-streams-kafka-33-rhel8:2.4.0-2}, 3.4.0={proto: 3.4 msg: 3.4 kafka-image: brew.registry.redhat.io/rh-osbs/amq-streams-kafka-34-rhel8:2.4.0-2 connect-image: brew.registry.redhat.io/rh-osbs/amq-streams-kafka-34-rhel8:2.4.0-2 mirrormaker-image: brew.registry.redhat.io/rh-osbs/amq-streams-kafka-34-rhel8:2.4.0-2 mirrormaker2-image: brew.registry.redhat.io/rh-osbs/amq-streams-kafka-34-rhel8:2.4.0-2}},imagePullPolicy=IfNotPresent,imagePullSecrets=null,operatorNamespace=infra-namespace,operatorNamespaceLabels=null,customResourceSelector=null,featureGates=FeatureGates(UseStrimziPodSets=true,UseKRaft=false,StableConnectIdentities=false),zkAdminSessionTimeoutMs=10000,dnsCacheTtlSec=30,podSetReconciliationOnly=false,podSetControllerWorkQueueSize=1024,operatorName=strimzi-cluster-operator-7b5bc8455b-59bn4,podSecurityProviderClass=io.strimzi.plugin.security.profiles.impl.BaselinePodSecurityProvider,leaderElectionConfig=LeaderElectionConfig{leaseName='strimzi-cluster-operator', namespace='infra-namespace', identity='strimzi-cluster-operator-7b5bc8455b-59bn4', leaseDuration=PT15S, renewDeadline=PT10S, retryPeriod=PT2S}) 2023-04-02 19:48:48 DEBUG LoggerFactory: - Using io.vertx.core.logging.SLF4JLogDelegateFactory 2023-04-02 19:48:48 DEBUG InternalLoggerFactory:59 - Using SLF4J as the default logging framework 2023-04-02 19:48:49 DEBUG Config:630 - Trying to configure client from Kubernetes config... 2023-04-02 19:48:49 DEBUG Config:636 - Did not find Kubernetes config at: [/.kube/config]. Ignoring. 2023-04-02 19:48:49 DEBUG Config:535 - Trying to configure client from service account... 2023-04-02 19:48:49 DEBUG Config:545 - Found service account host and port: 172.30.0.1:443 2023-04-02 19:48:49 DEBUG Config:551 - Found service account ca cert at: [/var/run/secrets/kubernetes.io/serviceaccount/ca.crt}]. 2023-04-02 19:48:49 DEBUG Config:558 - Found service account token at: [/var/run/secrets/kubernetes.io/serviceaccount/token]. 2023-04-02 19:48:49 DEBUG Config:849 - Trying to configure client namespace from Kubernetes service account namespace path... 2023-04-02 19:48:49 DEBUG Config:854 - Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace]. 2023-04-02 19:48:49 INFO Main:341 - Health and metrics server is ready on port 8080) 2023-04-02 19:48:49 INFO Main:250 - Waiting to become a leader 2023-04-02 19:48:49 DEBUG LeaderElector:85 - Leader election started 2023-04-02 19:48:49 DEBUG LeaderElector:150 - Attempting to acquire leader lease 'LeaseLock: infra-namespace - strimzi-cluster-operator (strimzi-cluster-operator-7b5bc8455b-59bn4)'... 2023-04-02 19:48:50 DEBUG LeaderElector:226 - Leader changed from null to strimzi-cluster-operator-7b5bc8455b-59bn4 2023-04-02 19:48:50 INFO LeaderElectionManager:119 - The new leader is strimzi-cluster-operator-7b5bc8455b-59bn4 2023-04-02 19:48:50 DEBUG LeaderElector:231 - Successfully Acquired leader lease 'LeaseLock: infra-namespace - strimzi-cluster-operator (strimzi-cluster-operator-7b5bc8455b-59bn4)' 2023-04-02 19:48:50 INFO LeaderElectionManager:100 - Started being a leader 2023-04-02 19:48:50 INFO Main:238 - I'm the new leader 2023-04-02 19:48:50 WARN PlatformFeaturesAvailability:167 - API Group route.openshift.io is supported 2023-04-02 19:48:50 WARN PlatformFeaturesAvailability:167 - API Group build.openshift.io is supported 2023-04-02 19:48:50 WARN PlatformFeaturesAvailability:167 - API Group image.openshift.io is supported 2023-04-02 19:48:50 INFO Main:127 - Environment facts gathered: PlatformFeaturesAvailability(KubernetesVersion=1.25,OpenShiftRoutes=true,OpenShiftBuilds=true,OpenShiftImageStreams=true) 2023-04-02 19:48:50 INFO PodSecurityProviderFactory:43 - Found PodSecurityProvider io.strimzi.plugin.security.profiles.impl.BaselinePodSecurityProvider 2023-04-02 19:48:50 INFO PodSecurityProviderFactory:62 - Initializing PodSecurityProvider io.strimzi.plugin.security.profiles.impl.BaselinePodSecurityProvider 2023-04-02 19:48:51 DEBUG LeaderElector:165 - Attempting to renew leader lease 'LeaseLock: infra-namespace - strimzi-cluster-operator (strimzi-cluster-operator-7b5bc8455b-59bn4)'... 2023-04-02 19:48:51 DEBUG LeaderElector:156 - Failed to acquire lease 'LeaseLock: infra-namespace - strimzi-cluster-operator (strimzi-cluster-operator-7b5bc8455b-59bn4)' retrying... 2023-04-02 19:48:51 INFO ClusterOperator:94 - Creating ClusterOperator for namespace * 2023-04-02 19:48:51 INFO ClusterOperator:109 - Starting ClusterOperator for namespace * 2023-04-02 19:48:51 DEBUG DefaultSharedIndexInformer:161 - Ready to run resync and reflector for kafka.strimzi.io/v1beta2/kafkas with resync 0 2023-04-02 19:48:51 DEBUG DefaultSharedIndexInformer:240 - Resync skipped due to 0 full resync period for kafka.strimzi.io/v1beta2/kafkas 2023-04-02 19:48:51 WARN VersionUsageUtils:60 - The client is using resource type 'kafkas' with unstable version 'v1beta2' 2023-04-02 19:48:51 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:48:51 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:48:51 DEBUG Reflector:113 - Listing items (1) for kafka.strimzi.io/v1beta2/kafkas at v2352667 2023-04-02 19:48:51 DEBUG Reflector:188 - Starting watcher for kafka.strimzi.io/v1beta2/kafkas at v2352667 2023-04-02 19:48:51 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/apis/kafka.strimzi.io/v1beta2/kafkas?resourceVersion=2352667&allowWatchBookmarks=true&watch=true... 2023-04-02 19:48:52 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:48:52 DEBUG Reflector:119 - Watch started for kafka.strimzi.io/v1beta2/kafkas 2023-04-02 19:48:52 DEBUG DefaultSharedIndexInformer:161 - Ready to run resync and reflector for kafka.strimzi.io/v1beta2/kafkaconnects with resync 0 2023-04-02 19:48:52 DEBUG DefaultSharedIndexInformer:240 - Resync skipped due to 0 full resync period for kafka.strimzi.io/v1beta2/kafkaconnects 2023-04-02 19:48:52 WARN VersionUsageUtils:60 - The client is using resource type 'kafkaconnects' with unstable version 'v1beta2' 2023-04-02 19:48:52 DEBUG Reflector:113 - Listing items (0) for kafka.strimzi.io/v1beta2/kafkaconnects at v2352674 2023-04-02 19:48:52 DEBUG Reflector:188 - Starting watcher for kafka.strimzi.io/v1beta2/kafkaconnects at v2352674 2023-04-02 19:48:52 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/apis/kafka.strimzi.io/v1beta2/kafkaconnects?resourceVersion=2352674&allowWatchBookmarks=true&watch=true... 2023-04-02 19:48:52 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:48:52 DEBUG Reflector:119 - Watch started for kafka.strimzi.io/v1beta2/kafkaconnects 2023-04-02 19:48:52 DEBUG DefaultSharedIndexInformer:161 - Ready to run resync and reflector for kafka.strimzi.io/v1beta2/kafkamirrormaker2s with resync 0 2023-04-02 19:48:52 DEBUG DefaultSharedIndexInformer:240 - Resync skipped due to 0 full resync period for kafka.strimzi.io/v1beta2/kafkamirrormaker2s 2023-04-02 19:48:52 WARN VersionUsageUtils:60 - The client is using resource type 'kafkamirrormaker2s' with unstable version 'v1beta2' 2023-04-02 19:48:52 DEBUG Reflector:113 - Listing items (0) for kafka.strimzi.io/v1beta2/kafkamirrormaker2s at v2352676 2023-04-02 19:48:52 DEBUG Reflector:188 - Starting watcher for kafka.strimzi.io/v1beta2/kafkamirrormaker2s at v2352676 2023-04-02 19:48:52 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/apis/kafka.strimzi.io/v1beta2/kafkamirrormaker2s?resourceVersion=2352676&allowWatchBookmarks=true&watch=true... 2023-04-02 19:48:52 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:48:52 DEBUG Reflector:119 - Watch started for kafka.strimzi.io/v1beta2/kafkamirrormaker2s 2023-04-02 19:48:52 DEBUG DefaultSharedIndexInformer:161 - Ready to run resync and reflector for core.strimzi.io/v1beta2/strimzipodsets with resync 0 2023-04-02 19:48:52 DEBUG DefaultSharedIndexInformer:240 - Resync skipped due to 0 full resync period for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:48:52 WARN VersionUsageUtils:60 - The client is using resource type 'strimzipodsets' with unstable version 'v1beta2' 2023-04-02 19:48:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:48:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:48:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:48:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:48:52 DEBUG Reflector:113 - Listing items (2) for core.strimzi.io/v1beta2/strimzipodsets at v2352676 2023-04-02 19:48:52 DEBUG Reflector:188 - Starting watcher for core.strimzi.io/v1beta2/strimzipodsets at v2352676 2023-04-02 19:48:52 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/apis/core.strimzi.io/v1beta2/strimzipodsets?resourceVersion=2352676&allowWatchBookmarks=true&watch=true... 2023-04-02 19:48:52 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:48:52 DEBUG Reflector:119 - Watch started for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:48:52 DEBUG DefaultSharedIndexInformer:161 - Ready to run resync and reflector for v1/pods with resync 0 2023-04-02 19:48:52 DEBUG DefaultSharedIndexInformer:240 - Resync skipped due to 0 full resync period for v1/pods 2023-04-02 19:48:52 DEBUG Reflector:113 - Listing items (10) for v1/pods at v2352676 2023-04-02 19:48:52 DEBUG Reflector:188 - Starting watcher for v1/pods at v2352676 2023-04-02 19:48:52 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/api/v1/pods?labelSelector=strimzi.io%2Fkind&resourceVersion=2352676&allowWatchBookmarks=true&watch=true... 2023-04-02 19:48:53 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:48:53 DEBUG Reflector:119 - Watch started for v1/pods 2023-04-02 19:48:53 INFO StrimziPodSetController:548 - Starting the StrimziPodSet controller 2023-04-02 19:48:53 INFO StrimziPodSetController:517 - Starting StrimziPodSet controller for namespace * 2023-04-02 19:48:53 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/apis/kafka.strimzi.io/v1beta2/kafkas?allowWatchBookmarks=true&watch=true... 2023-04-02 19:48:53 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 was ADDED 2023-04-02 19:48:53 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:48:53 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 was ADDED 2023-04-02 19:48:53 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:48:53 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-entity-operator-74dc75fb48-zn2pl in namespace namespace-0 was ADDED 2023-04-02 19:48:53 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-entity-operator-74dc75fb48-zn2pl in namespace namespace-0 which was ADDED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:48:53 DEBUG StrimziPodSetController:240 - Pod strimzi-cluster-operator-7b5bc8455b-59bn4 in namespace infra-namespace was ADDED 2023-04-02 19:48:53 DEBUG StrimziPodSetController:257 - Pod strimzi-cluster-operator-7b5bc8455b-59bn4 in namespace infra-namespace which was ADDED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:48:53 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-exporter-d768b547b-fcvwn in namespace namespace-0 was ADDED 2023-04-02 19:48:53 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-kafka-exporter-d768b547b-fcvwn in namespace namespace-0 which was ADDED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:48:53 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 was ADDED 2023-04-02 19:48:53 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper is already enqueued => ignoring 2023-04-02 19:48:53 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was ADDED 2023-04-02 19:48:53 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka is already enqueued => ignoring 2023-04-02 19:48:53 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 was ADDED 2023-04-02 19:48:53 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka is already enqueued => ignoring 2023-04-02 19:48:53 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 was ADDED 2023-04-02 19:48:53 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper is already enqueued => ignoring 2023-04-02 19:48:53 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 was ADDED 2023-04-02 19:48:53 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka is already enqueued => ignoring 2023-04-02 19:48:53 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 was ADDED 2023-04-02 19:48:53 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper is already enqueued => ignoring 2023-04-02 19:48:53 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-cruise-control-8574757b45-mvphn in namespace namespace-0 was ADDED 2023-04-02 19:48:53 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-cruise-control-8574757b45-mvphn in namespace namespace-0 which was ADDED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:48:53 INFO StrimziPodSetController:520 - Waiting for informers to sync 2023-04-02 19:48:53 INFO StrimziPodSetController:525 - Informers are in-sync 2023-04-02 19:48:53 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:48:53 INFO StrimziPodSetController:343 - Reconciliation #1(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:48:53 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:48:53 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/apis/kafka.strimzi.io/v1beta2/kafkamirrormakers?allowWatchBookmarks=true&watch=true... 2023-04-02 19:48:53 INFO ClusterOperator:124 - Opened watch for Kafka operator 2023-04-02 19:48:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:48:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:48:53 INFO OperatorWatcher:38 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Kafka my-cluster-8ba803c1 in namespace namespace-0 was ADDED 2023-04-02 19:48:53 DEBUG AbstractOperator:373 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:48:53 DEBUG AbstractOperator:376 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Lock lock::namespace-0::Kafka::my-cluster-8ba803c1 acquired 2023-04-02 19:48:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:48:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:48:53 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:48:53 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/apis/kafka.strimzi.io/v1beta2/kafkaconnects?allowWatchBookmarks=true&watch=true... 2023-04-02 19:48:53 INFO ClusterOperator:124 - Opened watch for KafkaMirrorMaker operator 2023-04-02 19:48:53 DEBUG StrimziPodSetController:444 - Reconciliation #1(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:48:53 DEBUG StrimziPodSetController:444 - Reconciliation #1(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:48:53 DEBUG StrimziPodSetController:444 - Reconciliation #1(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:48:53 INFO StrimziPodSetController:379 - Reconciliation #1(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:48:53 INFO AbstractOperator:239 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Kafka my-cluster-8ba803c1 will be checked for creation or modification 2023-04-02 19:48:53 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:48:53 INFO StrimziPodSetController:343 - Reconciliation #3(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:48:53 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:48:53 DEBUG StrimziPodSetController:444 - Reconciliation #3(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:48:53 INFO ClusterOperator:124 - Opened watch for KafkaConnect operator 2023-04-02 19:48:53 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/apis/kafka.strimzi.io/v1beta2/kafkabridges?allowWatchBookmarks=true&watch=true... 2023-04-02 19:48:53 DEBUG StrimziPodSetController:444 - Reconciliation #3(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:48:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:48:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:48:53 DEBUG KafkaAssemblyOperator:281 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Status is already set. No need to set initial status 2023-04-02 19:48:53 DEBUG StrimziPodSetController:444 - Reconciliation #3(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:48:53 INFO StrimziPodSetController:379 - Reconciliation #3(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:48:53 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:48:53 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:48:53 INFO ClusterOperator:124 - Opened watch for KafkaBridge operator 2023-04-02 19:48:53 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/apis/kafka.strimzi.io/v1beta2/kafkamirrormaker2s?allowWatchBookmarks=true&watch=true... 2023-04-02 19:48:53 DEBUG Ca:812 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): cluster-ca: The CA certificate in secret my-cluster-8ba803c1-cluster-ca-cert already exists and does not need renewing 2023-04-02 19:48:53 DEBUG Ca:667 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): cluster-ca renewalType NOOP 2023-04-02 19:48:53 DEBUG Ca:812 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): clients-ca: The CA certificate in secret my-cluster-8ba803c1-clients-ca-cert already exists and does not need renewing 2023-04-02 19:48:53 DEBUG Ca:667 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): clients-ca renewalType NOOP 2023-04-02 19:48:53 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:48:53 INFO ClusterOperator:124 - Opened watch for KafkaMirrorMaker2 operator 2023-04-02 19:48:53 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/apis/kafka.strimzi.io/v1beta2/kafkaconnectors?allowWatchBookmarks=true&watch=true... 2023-04-02 19:48:53 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-cluster-ca-cert already exists, updating it 2023-04-02 19:48:53 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-clients-ca-cert already exists, updating it 2023-04-02 19:48:53 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca-cert diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca-cert diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca-cert diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca-cert diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:48:53 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-clients-ca-cert in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:48:53 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cluster-ca-cert in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:48:53 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/apis/kafka.strimzi.io/v1beta2/kafkarebalances?allowWatchBookmarks=true&watch=true... 2023-04-02 19:48:53 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-cluster-ca already exists, updating it 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:48:53 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cluster-ca in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:48:53 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-clients-ca already exists, updating it 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:48:53 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-clients-ca in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:48:53 DEBUG Ca:1241 - Secret namespace-0/my-cluster-8ba803c1-cluster-operator-certs generation anno = 1, current CA generation = 1 2023-04-02 19:48:53 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:48:53 INFO ClusterOperator:136 - Setting up periodic reconciliation for namespace * 2023-04-02 19:48:53 INFO Main:208 - Cluster Operator verticle started in namespace * without label selector 2023-04-02 19:48:53 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-cluster-operator-certs already exists, updating it 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-operator-certs diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-operator-certs diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-operator-certs diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:48:53 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-operator-certs diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:48:53 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cluster-operator-certs in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:48:54 DEBUG CaReconciler:490 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current cluster CA cert generation 1 2023-04-02 19:48:54 DEBUG CaReconciler:496 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-exporter-d768b547b-fcvwn cluster CA cert generation 0 2023-04-02 19:48:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:48:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:48:54 DEBUG VersionChangeCreator:260 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): No Kafka version change 2023-04-02 19:48:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:48:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy namespace-0/my-cluster-8ba803c1-network-policy-zookeeper already exists, updating it 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/spec/policyTypes"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/status"} 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:48:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:48:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:48:54 DEBUG ZooKeeperReconciler:349 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Kafka.spec.kafka.version is unchanged therefore no change to Zookeeper is required 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount namespace-0/my-cluster-8ba803c1-zookeeper already exists, updating it 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount my-cluster-8ba803c1-zookeeper in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-zookeeper-0 already exists, updating it 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/status"} 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-zookeeper-1 already exists, updating it 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/status"} 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-zookeeper-2 already exists, updating it 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/status"} 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/my-cluster-8ba803c1-zookeeper-client already exists, updating it 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/spec/clusterIP"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/spec/clusterIPs"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/spec/internalTrafficPolicy"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/spec/sessionAffinity"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/status"} 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service my-cluster-8ba803c1-zookeeper-client in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/my-cluster-8ba803c1-zookeeper-nodes already exists, updating it 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/spec/clusterIPs"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/spec/internalTrafficPolicy"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/spec/sessionAffinity"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/status"} 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service my-cluster-8ba803c1-zookeeper-nodes in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:48:54 DEBUG Ca:202 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): cluster-ca: Reconciling zookeeper certificates 2023-04-02 19:48:54 DEBUG Ca:489 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-zookeeper-0 already exists 2023-04-02 19:48:54 DEBUG Ca:489 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-zookeeper-1 already exists 2023-04-02 19:48:54 DEBUG Ca:489 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-zookeeper-2 already exists 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-zookeeper-nodes already exists, updating it 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:48:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:48:54 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-zookeeper-nodes in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:48:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-zookeeper-config already exists, updating it 2023-04-02 19:48:55 DEBUG ConfigMapOperator:52 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-zookeeper-config in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:48:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PodDisruptionBudget namespace-0/my-cluster-8ba803c1-zookeeper already exists, updating it 2023-04-02 19:48:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:48:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:48:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:48:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:48:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:48:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/status"} 2023-04-02 19:48:55 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PodDisruptionBudget my-cluster-8ba803c1-zookeeper in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:48:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:48:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:48:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:48:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:48:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet namespace-0/my-cluster-8ba803c1-zookeeper already exists, updating it 2023-04-02 19:48:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:48:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:48:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:48:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:48:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:48:55 DEBUG ResourceDiff:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet my-cluster-8ba803c1-zookeeper differs: {"op":"replace","path":"/spec/pods/0/spec/terminationGracePeriodSeconds","value":30} 2023-04-02 19:48:55 DEBUG ResourceDiff:63 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current StrimziPodSet my-cluster-8ba803c1-zookeeper path /spec/pods/0/spec/terminationGracePeriodSeconds has value 30 2023-04-02 19:48:55 DEBUG ResourceDiff:64 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Desired StrimziPodSet my-cluster-8ba803c1-zookeeper path /spec/pods/0/spec/terminationGracePeriodSeconds has value 30 2023-04-02 19:48:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:48:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:48:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:48:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:48:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:48:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:48:55 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 has been patched 2023-04-02 19:48:55 DEBUG ZooKeeperRoller:76 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-1 does not need to be rolled 2023-04-02 19:48:55 DEBUG ZooKeeperRoller:76 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-2 does not need to be rolled 2023-04-02 19:48:55 DEBUG ZooKeeperRoller:76 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-0 does not need to be rolled 2023-04-02 19:48:55 DEBUG ReconcilerUtils:88 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Checking readiness of pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 2023-04-02 19:48:55 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 to get ready 2023-04-02 19:48:55 DEBUG ReconcilerUtils:88 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Checking readiness of pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 2023-04-02 19:48:55 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 to get ready 2023-04-02 19:48:55 DEBUG ReconcilerUtils:88 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Checking readiness of pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 2023-04-02 19:48:55 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 to get ready 2023-04-02 19:48:55 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 is ready 2023-04-02 19:48:55 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 is ready 2023-04-02 19:49:07 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2352755 for v1/pods 2023-04-02 19:49:07 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:49:07 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:49:07 INFO StrimziPodSetController:343 - Reconciliation #4(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:49:07 DEBUG StrimziPodSetController:444 - Reconciliation #4(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:07 DEBUG StrimziPodSetController:444 - Reconciliation #4(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:07 DEBUG StrimziPodSetController:444 - Reconciliation #4(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:07 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/readyPods","value":3} 2023-04-02 19:49:07 DEBUG StatusDiff:48 - Current Status path /readyPods has value 2 2023-04-02 19:49:07 DEBUG StatusDiff:49 - Desired Status path /readyPods has value 3 2023-04-02 19:49:07 DEBUG StrimziPodSetController:398 - Reconciliation #4(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Updating status of StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 2023-04-02 19:49:07 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:07 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:07 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:07 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:07 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:07 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:07 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2352760 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:49:07 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 was MODIFIED 2023-04-02 19:49:07 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:49:07 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:07 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:07 INFO StrimziPodSetController:379 - Reconciliation #4(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:49:07 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:07 INFO StrimziPodSetController:343 - Reconciliation #5(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:49:07 DEBUG StrimziPodSetController:444 - Reconciliation #5(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:07 DEBUG StrimziPodSetController:444 - Reconciliation #5(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:07 DEBUG StrimziPodSetController:444 - Reconciliation #5(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:07 INFO StrimziPodSetController:379 - Reconciliation #5(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:49:07 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:08 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 is ready 2023-04-02 19:49:08 DEBUG ZooKeeperReconciler:912 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Verifying that Zookeeper is configured to run with 3 replicas 2023-04-02 19:49:08 DEBUG ZookeeperScaler:76 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating Zookeeper Scaler for cluster my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181 2023-04-02 19:49:08 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for ZooKeeperAdmin connection to my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181 to get connected 2023-04-02 19:49:08 DEBUG ZookeeperScaler:159 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Received event WatchedEvent state:SyncConnected type:None path:null from ZooKeeperAdmin client connected to my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181 2023-04-02 19:49:09 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ZooKeeperAdmin connection to my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181 is connected 2023-04-02 19:49:09 DEBUG ZookeeperScaler:217 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current Zookeeper configuration is {server.2=my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2888:3888:participant;127.0.0.1:12181, server.1=my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2888:3888:participant;127.0.0.1:12181, server.3=my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2888:3888:participant;127.0.0.1:12181} 2023-04-02 19:49:09 DEBUG ZookeeperScaler:200 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): The Zookeeper server configuration is already up to date 2023-04-02 19:49:09 DEBUG ZookeeperScaler:159 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Received event WatchedEvent state:Closed type:None path:null from ZooKeeperAdmin client connected to my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181 2023-04-02 19:49:09 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Endpoints resource my-cluster-8ba803c1-zookeeper-client in namespace namespace-0 to get ready 2023-04-02 19:49:09 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Endpoints resource my-cluster-8ba803c1-zookeeper-client in namespace namespace-0 is ready 2023-04-02 19:49:09 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Endpoints resource my-cluster-8ba803c1-zookeeper-nodes in namespace namespace-0 to get ready 2023-04-02 19:49:09 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Endpoints resource my-cluster-8ba803c1-zookeeper-nodes in namespace namespace-0 is ready 2023-04-02 19:49:09 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:09 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy namespace-0/my-cluster-8ba803c1-network-policy-kafka already exists, updating it 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/spec/policyTypes"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/status"} 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy my-cluster-8ba803c1-network-policy-kafka in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:49:09 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:09 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-kafka-0 already exists, updating it 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/status"} 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-kafka-1 already exists, updating it 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/status"} 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-kafka-2 already exists, updating it 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/status"} 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount namespace-0/my-cluster-8ba803c1-kafka already exists, updating it 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount my-cluster-8ba803c1-kafka in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:49:09 DEBUG AbstractNonNamespacedResourceOperator:100 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ClusterRoleBinding strimzi-namespace-0-my-cluster-8ba803c1-kafka-init does not exist, noop 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:151 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Reconciling existing Service resources [my-cluster-8ba803c1-kafka-brokers, my-cluster-8ba803c1-kafka-bootstrap] against the desired Service resources 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:160 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/[] should be deleted 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/my-cluster-8ba803c1-kafka-brokers already exists, updating it 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/my-cluster-8ba803c1-kafka-bootstrap already exists, updating it 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/spec/clusterIPs"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/spec/internalTrafficPolicy"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/spec/sessionAffinity"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/status"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service my-cluster-8ba803c1-kafka-brokers in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/spec/clusterIP"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/spec/clusterIPs"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/spec/internalTrafficPolicy"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/spec/sessionAffinity"} 2023-04-02 19:49:09 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/status"} 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service my-cluster-8ba803c1-kafka-bootstrap in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:151 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Reconciling existing Ingress resources [] against the desired Ingress resources 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:160 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ingress namespace-0/[] should be deleted 2023-04-02 19:49:09 DEBUG KafkaListenersReconciler:739 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Validating secret [] with custom TLS listener certificates 2023-04-02 19:49:09 DEBUG KafkaListenersReconciler:827 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Adding certificate to status for listener: tls 2023-04-02 19:49:09 DEBUG Ca:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): cluster-ca: Reconciling kafka broker certificates 2023-04-02 19:49:09 DEBUG Ca:489 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-kafka-0 already exists 2023-04-02 19:49:09 DEBUG Ca:489 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-kafka-1 already exists 2023-04-02 19:49:09 DEBUG Ca:489 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-kafka-2 already exists 2023-04-02 19:49:09 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-kafka-brokers already exists, updating it 2023-04-02 19:49:09 DEBUG ResourceDiff:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-kafka-brokers differs: {"op":"replace","path":"/metadata/annotations/strimzi.io~1clients-ca-cert-generation","value":"1"} 2023-04-02 19:49:09 DEBUG ResourceDiff:63 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current Secret my-cluster-8ba803c1-kafka-brokers path /metadata/annotations/strimzi.io~1clients-ca-cert-generation has value 2023-04-02 19:49:09 DEBUG ResourceDiff:64 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Desired Secret my-cluster-8ba803c1-kafka-brokers path /metadata/annotations/strimzi.io~1clients-ca-cert-generation has value 2023-04-02 19:49:10 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-kafka-brokers in namespace namespace-0 has been patched 2023-04-02 19:49:10 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-kafka-0 already exists, updating it 2023-04-02 19:49:10 DEBUG ConfigMapOperator:52 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-kafka-0 in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:49:10 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-kafka-1 already exists, updating it 2023-04-02 19:49:10 DEBUG ConfigMapOperator:52 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-kafka-1 in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:49:10 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-kafka-2 already exists, updating it 2023-04-02 19:49:10 DEBUG ConfigMapOperator:52 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-kafka-2 in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:49:10 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PodDisruptionBudget namespace-0/my-cluster-8ba803c1-kafka already exists, updating it 2023-04-02 19:49:10 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:49:10 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:49:10 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:49:10 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:49:10 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:49:10 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/status"} 2023-04-02 19:49:10 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): PodDisruptionBudget my-cluster-8ba803c1-kafka in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:49:10 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet namespace-0/my-cluster-8ba803c1-kafka already exists, updating it 2023-04-02 19:49:10 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:49:10 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:49:10 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:49:10 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:49:10 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:49:10 DEBUG ResourceDiff:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet my-cluster-8ba803c1-kafka differs: {"op":"replace","path":"/spec/pods/0/metadata/annotations/strimzi.io~1clients-ca-cert-generation","value":"1"} 2023-04-02 19:49:10 DEBUG ResourceDiff:63 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current StrimziPodSet my-cluster-8ba803c1-kafka path /spec/pods/0/metadata/annotations/strimzi.io~1clients-ca-cert-generation has value 2023-04-02 19:49:10 DEBUG ResourceDiff:64 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Desired StrimziPodSet my-cluster-8ba803c1-kafka path /spec/pods/0/metadata/annotations/strimzi.io~1clients-ca-cert-generation has value 2023-04-02 19:49:10 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 has been patched 2023-04-02 19:49:10 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2352797 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:49:10 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 was MODIFIED 2023-04-02 19:49:10 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:49:10 INFO StrimziPodSetController:343 - Reconciliation #6(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:49:10 DEBUG StrimziPodSetController:444 - Reconciliation #6(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:10 DEBUG StrimziPodSetController:444 - Reconciliation #6(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:10 DEBUG StrimziPodSetController:444 - Reconciliation #6(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:10 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/observedGeneration","value":2} 2023-04-02 19:49:10 DEBUG StatusDiff:48 - Current Status path /observedGeneration has value 1 2023-04-02 19:49:10 DEBUG StatusDiff:49 - Desired Status path /observedGeneration has value 2 2023-04-02 19:49:10 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/currentPods","value":0} 2023-04-02 19:49:10 DEBUG StatusDiff:48 - Current Status path /currentPods has value 3 2023-04-02 19:49:10 DEBUG StatusDiff:49 - Desired Status path /currentPods has value 0 2023-04-02 19:49:10 DEBUG StrimziPodSetController:398 - Reconciliation #6(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Updating status of StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 2023-04-02 19:49:10 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:10 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:10 INFO StrimziPodSetController:379 - Reconciliation #6(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:49:10 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:10 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2352800 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:49:10 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 was MODIFIED 2023-04-02 19:49:10 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:49:10 INFO StrimziPodSetController:343 - Reconciliation #7(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:49:10 DEBUG KafkaRoller:220 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Verifying cluster pods are up-to-date. 2023-04-02 19:49:10 DEBUG StrimziPodSetController:444 - Reconciliation #7(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:10 DEBUG StrimziPodSetController:444 - Reconciliation #7(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:10 DEBUG StrimziPodSetController:444 - Reconciliation #7(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:10 INFO StrimziPodSetController:379 - Reconciliation #7(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:49:10 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:10 DEBUG KafkaRoller:228 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Initial order for updating pods (rolling restart or dynamic update) is [my-cluster-8ba803c1-kafka-0, my-cluster-8ba803c1-kafka-1, my-cluster-8ba803c1-kafka-2] 2023-04-02 19:49:10 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-0 after a delay of 0 MILLISECONDS 2023-04-02 19:49:10 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:10 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091,my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091,my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:11 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-0 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:11 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:11 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 2 2023-04-02 19:49:11 DEBUG KafkaAvailability:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 0 can be rolled 2023-04-02 19:49:11 DEBUG KafkaAvailability:216 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:11 DEBUG KafkaAvailability:51 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:11 DEBUG KafkaAvailability:202 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:49:11 DEBUG KafkaAvailability:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:49:11 DEBUG KafkaAvailability:161 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 6 topics 2023-04-02 19:49:11 DEBUG KafkaAvailability:170 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 6 topics 2023-04-02 19:49:11 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi-topic-operator-kstreams-topic-store-changelog has min.insync.replicas=1. 2023-04-02 19:49:11 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.modeltrainingsamples has min.insync.replicas=1. 2023-04-02 19:49:11 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic has min.insync.replicas=2. 2023-04-02 19:49:11 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __consumer_offsets has min.insync.replicas=1. 2023-04-02 19:49:11 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.metrics has min.insync.replicas=1. 2023-04-02 19:49:11 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.partitionmetricsamples has min.insync.replicas=1. 2023-04-02 19:49:11 DEBUG KafkaRoller:372 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-0 can be rolled now 2023-04-02 19:49:11 DEBUG KafkaRoller:682 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 2023-04-02 19:49:11 INFO PodOperator:54 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 2023-04-02 19:49:11 DEBUG PodOperator:60 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for pod my-cluster-8ba803c1-kafka-0 to be deleted 2023-04-02 19:49:11 DEBUG AbstractNamespacedResourceOperator:115 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods namespace-0/my-cluster-8ba803c1-kafka-0 exist, deleting it 2023-04-02 19:49:11 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/api/v1/namespaces/namespace-0/pods?fieldSelector=metadata.name%3Dmy-cluster-8ba803c1-kafka-0&allowWatchBookmarks=true&watch=true... 2023-04-02 19:49:11 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:49:11 DEBUG ResourceSupport:174 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Opened watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@27357d14 for evaluation of observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:49:11 DEBUG ResourceSupport:204 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:49:11 DEBUG ResourceSupport:184 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pre-check is not complete yet, let's wait for the watch: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:49:11 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2352807 for v1/pods 2023-04-02 19:49:11 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:49:11 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:49:11 INFO StrimziPodSetController:343 - Reconciliation #8(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:49:11 DEBUG StrimziPodSetController:444 - Reconciliation #8(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:11 DEBUG StrimziPodSetController:444 - Reconciliation #8(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:11 DEBUG StrimziPodSetController:444 - Reconciliation #8(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:11 INFO StrimziPodSetController:379 - Reconciliation #8(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:49:11 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:11 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2352813 for v1/pods 2023-04-02 19:49:11 DEBUG ResourceSupport:204 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:49:11 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:49:11 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:49:11 INFO StrimziPodSetController:343 - Reconciliation #9(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:49:11 DEBUG StrimziPodSetController:444 - Reconciliation #9(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:11 DEBUG StrimziPodSetController:444 - Reconciliation #9(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:11 DEBUG StrimziPodSetController:444 - Reconciliation #9(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:11 INFO StrimziPodSetController:379 - Reconciliation #9(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:49:11 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:12 DEBUG ResourceSupport:204 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:49:14 DEBUG ResourceSupport:204 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:49:14 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2352827 for v1/pods 2023-04-02 19:49:14 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:49:14 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:49:14 INFO StrimziPodSetController:343 - Reconciliation #10(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #10(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #10(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #10(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/readyPods","value":2} 2023-04-02 19:49:14 DEBUG StatusDiff:48 - Current Status path /readyPods has value 3 2023-04-02 19:49:14 DEBUG StatusDiff:49 - Desired Status path /readyPods has value 2 2023-04-02 19:49:14 DEBUG StrimziPodSetController:398 - Reconciliation #10(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Updating status of StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 2023-04-02 19:49:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:14 INFO StrimziPodSetController:379 - Reconciliation #10(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:49:14 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:14 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2352830 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:49:14 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 was MODIFIED 2023-04-02 19:49:14 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:49:14 INFO StrimziPodSetController:343 - Reconciliation #11(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #11(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #11(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #11(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 INFO StrimziPodSetController:379 - Reconciliation #11(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:49:14 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:14 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2352833 for v1/pods 2023-04-02 19:49:14 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:49:14 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:49:14 INFO StrimziPodSetController:343 - Reconciliation #12(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #12(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #12(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #12(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 INFO StrimziPodSetController:379 - Reconciliation #12(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:49:14 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:14 DEBUG ResourceSupport:204 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:49:14 DEBUG AbstractNamespacedResourceOperator:212 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods namespace-0/my-cluster-8ba803c1-kafka-0 has been deleted 2023-04-02 19:49:14 DEBUG ResourceSupport:200 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:49:14 DEBUG Reflector:225 - Event received DELETED Pod resourceVersion v2352834 for v1/pods 2023-04-02 19:49:14 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was DELETED 2023-04-02 19:49:14 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:49:14 DEBUG ResourceSupport:59 - Closing io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@27357d14 2023-04-02 19:49:14 INFO StrimziPodSetController:343 - Reconciliation #13(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:49:14 DEBUG AbstractWatchManager:226 - Force closing the watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@27357d14 2023-04-02 19:49:14 DEBUG Watcher:43 - Watcher closed 2023-04-02 19:49:14 DEBUG StrimziPodSetController:433 - Reconciliation #13(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Creating pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 2023-04-02 19:49:14 DEBUG WatchConnectionManager:60 - Closing websocket io.fabric8.kubernetes.client.jdkhttp.JdkWebSocketImpl@1045bac4 2023-04-02 19:49:14 DEBUG ResourceSupport:162 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Completing watch future 2023-04-02 19:49:14 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-0 in namespace namespace-0 to get deleted 2023-04-02 19:49:14 DEBUG WatcherWebSocketListener:69 - WebSocket close received. code: 1000, reason: 2023-04-02 19:49:14 DEBUG AbstractWatchManager:127 - Ignoring already closed/closing connection 2023-04-02 19:49:14 DEBUG PodOperator:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 finished 2023-04-02 19:49:14 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-0 in namespace namespace-0 is deleted 2023-04-02 19:49:14 DEBUG PodOperator:77 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-0 was deleted 2023-04-02 19:49:14 DEBUG KafkaRoller:689 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for restarted pod my-cluster-8ba803c1-kafka-0 to become ready 2023-04-02 19:49:14 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-0 in namespace namespace-0 to get ready 2023-04-02 19:49:14 DEBUG KubernetesRestartEventPublisher:74 - Publishing K8s event, time MicroTime(time=2023-04-02T19:49:14.412568Z, additionalProperties={}), type, Normal, reason, CaCertHasOldGeneration, note, Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, pod, ObjectReference(apiVersion=null, fieldPath=null, kind=Pod, name=my-cluster-8ba803c1-kafka-0, namespace=namespace-0, resourceVersion=null, uid=null, additionalProperties={}) 2023-04-02 19:49:14 DEBUG KubernetesRestartEventPublisher:74 - Publishing K8s event, time MicroTime(time=2023-04-02T19:49:14.412568Z, additionalProperties={}), type, Normal, reason, PodHasOldRevision, note, Pod has old revision, pod, ObjectReference(apiVersion=null, fieldPath=null, kind=Pod, name=my-cluster-8ba803c1-kafka-0, namespace=namespace-0, resourceVersion=null, uid=null, additionalProperties={}) 2023-04-02 19:49:14 DEBUG Reflector:225 - Event received ADDED Pod resourceVersion v2352840 for v1/pods 2023-04-02 19:49:14 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was ADDED 2023-04-02 19:49:14 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #13(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #13(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2352841 for v1/pods 2023-04-02 19:49:14 INFO StrimziPodSetController:379 - Reconciliation #13(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:49:14 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:14 INFO StrimziPodSetController:343 - Reconciliation #14(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #14(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #14(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #14(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2352845 for v1/pods 2023-04-02 19:49:14 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/currentPods","value":1} 2023-04-02 19:49:14 DEBUG StatusDiff:48 - Current Status path /currentPods has value 0 2023-04-02 19:49:14 DEBUG StatusDiff:49 - Desired Status path /currentPods has value 1 2023-04-02 19:49:14 DEBUG StrimziPodSetController:398 - Reconciliation #14(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Updating status of StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 2023-04-02 19:49:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:14 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:49:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:14 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:49:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:14 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:49:14 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka is already enqueued => ignoring 2023-04-02 19:49:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:14 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2352846 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:49:14 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 was MODIFIED 2023-04-02 19:49:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:14 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka is already enqueued => ignoring 2023-04-02 19:49:14 INFO StrimziPodSetController:379 - Reconciliation #14(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:49:14 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:14 INFO StrimziPodSetController:343 - Reconciliation #15(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #15(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #15(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 DEBUG StrimziPodSetController:444 - Reconciliation #15(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:14 INFO StrimziPodSetController:379 - Reconciliation #15(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:49:14 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:20 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2352881 for v1/pods 2023-04-02 19:49:20 DEBUG StrimziPodSetController:240 - Pod strimzi-cluster-operator-7b5bc8455b-59bn4 in namespace infra-namespace was MODIFIED 2023-04-02 19:49:20 DEBUG StrimziPodSetController:257 - Pod strimzi-cluster-operator-7b5bc8455b-59bn4 in namespace infra-namespace which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:49:22 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2352892 for v1/pods 2023-04-02 19:49:22 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:49:22 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:49:22 INFO StrimziPodSetController:343 - Reconciliation #16(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:49:22 DEBUG StrimziPodSetController:444 - Reconciliation #16(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:22 DEBUG StrimziPodSetController:444 - Reconciliation #16(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:22 DEBUG StrimziPodSetController:444 - Reconciliation #16(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:22 INFO StrimziPodSetController:379 - Reconciliation #16(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:49:22 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:23 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2352905 for v1/pods 2023-04-02 19:49:23 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:49:23 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:49:23 INFO StrimziPodSetController:343 - Reconciliation #17(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:49:23 DEBUG StrimziPodSetController:444 - Reconciliation #17(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:23 DEBUG StrimziPodSetController:444 - Reconciliation #17(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:23 DEBUG StrimziPodSetController:444 - Reconciliation #17(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:23 INFO StrimziPodSetController:379 - Reconciliation #17(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:49:23 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:23 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:49:23 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:23 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:23 DEBUG AbstractOperator:373 - Reconciliation #18(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:49:23 WARN VersionUsageUtils:60 - The client is using resource type 'kafkamirrormakers' with unstable version 'v1beta2' 2023-04-02 19:49:24 WARN VersionUsageUtils:60 - The client is using resource type 'kafkabridges' with unstable version 'v1beta2' 2023-04-02 19:49:24 WARN VersionUsageUtils:60 - The client is using resource type 'kafkarebalances' with unstable version 'v1beta2' 2023-04-02 19:49:24 WARN VersionUsageUtils:60 - The client is using resource type 'kafkaconnectors' with unstable version 'v1beta2' 2023-04-02 19:49:33 DEBUG AbstractOperator:388 - Reconciliation #18(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:49:40 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353030 for v1/pods 2023-04-02 19:49:40 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:49:40 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:49:40 INFO StrimziPodSetController:343 - Reconciliation #19(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:49:40 DEBUG StrimziPodSetController:444 - Reconciliation #19(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:40 DEBUG StrimziPodSetController:444 - Reconciliation #19(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:40 DEBUG StrimziPodSetController:444 - Reconciliation #19(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:40 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/readyPods","value":3} 2023-04-02 19:49:40 DEBUG StatusDiff:48 - Current Status path /readyPods has value 2 2023-04-02 19:49:40 DEBUG StatusDiff:49 - Desired Status path /readyPods has value 3 2023-04-02 19:49:40 DEBUG StrimziPodSetController:398 - Reconciliation #19(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Updating status of StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 2023-04-02 19:49:40 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:40 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:40 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:40 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:40 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:40 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:40 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:40 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:40 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2353035 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:49:40 INFO StrimziPodSetController:379 - Reconciliation #19(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:49:40 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 was MODIFIED 2023-04-02 19:49:40 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:49:40 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:40 INFO StrimziPodSetController:343 - Reconciliation #20(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:49:40 DEBUG StrimziPodSetController:444 - Reconciliation #20(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:40 DEBUG StrimziPodSetController:444 - Reconciliation #20(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:40 DEBUG StrimziPodSetController:444 - Reconciliation #20(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:49:40 INFO StrimziPodSetController:379 - Reconciliation #20(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:49:40 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:49:41 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-0 in namespace namespace-0 is ready 2023-04-02 19:49:41 DEBUG KafkaRoller:691 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-0 is now ready 2023-04-02 19:49:41 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 0 MILLISECONDS 2023-04-02 19:49:41 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:41 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:41 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:41 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 2 2023-04-02 19:49:41 DEBUG KafkaAvailability:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 1 can be rolled 2023-04-02 19:49:41 DEBUG KafkaAvailability:216 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:41 DEBUG KafkaAvailability:51 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:41 DEBUG KafkaAvailability:202 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:49:41 DEBUG KafkaAvailability:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:49:41 DEBUG KafkaAvailability:161 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 7 topics 2023-04-02 19:49:41 DEBUG KafkaAvailability:170 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 7 topics 2023-04-02 19:49:41 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic has min.insync.replicas=2. 2023-04-02 19:49:41 INFO KafkaAvailability:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic/0 will be under-replicated (ISR={2,1}, replicas=[1,0,2], min.insync.replicas=2) if broker 1 is restarted. 2023-04-02 19:49:41 DEBUG KafkaAvailability:86 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Restart pod 1 would remove it from ISR, stalling producers with acks=all 2023-04-02 19:49:41 DEBUG KafkaRoller:378 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 cannot be updated right now 2023-04-02 19:49:41 INFO KafkaRoller:327 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to io.strimzi.operator.cluster.operator.resource.KafkaRoller$UnforceableProblem: Pod my-cluster-8ba803c1-kafka-1 cannot be updated right now., retrying after at least 250ms 2023-04-02 19:49:41 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 0 MILLISECONDS 2023-04-02 19:49:41 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:41 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:41 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:41 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 2 2023-04-02 19:49:41 DEBUG KafkaRoller:366 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 is controller and there are other pods to verify. Non-controller pods will be verified first. 2023-04-02 19:49:41 INFO KafkaRoller:327 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to ForceableProblem: Pod my-cluster-8ba803c1-kafka-2 is controller and there are other pods to verify. Non-controller pods will be verified first, retrying after at least 250ms 2023-04-02 19:49:42 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 250 MILLISECONDS 2023-04-02 19:49:42 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:42 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:42 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:42 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 2 2023-04-02 19:49:42 DEBUG KafkaAvailability:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 1 can be rolled 2023-04-02 19:49:42 DEBUG KafkaAvailability:216 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:42 DEBUG KafkaAvailability:51 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:42 DEBUG KafkaAvailability:202 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:49:42 DEBUG KafkaAvailability:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:49:42 DEBUG KafkaAvailability:161 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 7 topics 2023-04-02 19:49:42 DEBUG KafkaAvailability:170 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 7 topics 2023-04-02 19:49:42 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic has min.insync.replicas=2. 2023-04-02 19:49:42 INFO KafkaAvailability:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic/0 will be under-replicated (ISR={2,1}, replicas=[1,0,2], min.insync.replicas=2) if broker 1 is restarted. 2023-04-02 19:49:42 DEBUG KafkaAvailability:86 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Restart pod 1 would remove it from ISR, stalling producers with acks=all 2023-04-02 19:49:42 DEBUG KafkaRoller:378 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 cannot be updated right now 2023-04-02 19:49:42 INFO KafkaRoller:327 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to io.strimzi.operator.cluster.operator.resource.KafkaRoller$UnforceableProblem: Pod my-cluster-8ba803c1-kafka-1 cannot be updated right now., retrying after at least 500ms 2023-04-02 19:49:42 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 250 MILLISECONDS 2023-04-02 19:49:42 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:42 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:42 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:42 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is -1 2023-04-02 19:49:42 DEBUG KafkaAvailability:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 2 can be rolled 2023-04-02 19:49:42 DEBUG KafkaAvailability:216 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:42 DEBUG KafkaAvailability:51 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:42 DEBUG KafkaAvailability:202 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:49:42 DEBUG KafkaAvailability:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:49:42 DEBUG KafkaAvailability:161 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 6 topics 2023-04-02 19:49:42 DEBUG KafkaAvailability:170 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 6 topics 2023-04-02 19:49:42 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic has min.insync.replicas=2. 2023-04-02 19:49:42 INFO KafkaAvailability:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic/0 will be under-replicated (ISR={2,1}, replicas=[1,0,2], min.insync.replicas=2) if broker 2 is restarted. 2023-04-02 19:49:42 DEBUG KafkaAvailability:86 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Restart pod 2 would remove it from ISR, stalling producers with acks=all 2023-04-02 19:49:42 DEBUG KafkaRoller:378 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 cannot be updated right now 2023-04-02 19:49:42 INFO KafkaRoller:327 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to io.strimzi.operator.cluster.operator.resource.KafkaRoller$UnforceableProblem: Pod my-cluster-8ba803c1-kafka-2 cannot be updated right now., retrying after at least 500ms 2023-04-02 19:49:42 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 500 MILLISECONDS 2023-04-02 19:49:42 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:42 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:42 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:42 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 2 2023-04-02 19:49:42 DEBUG KafkaAvailability:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 1 can be rolled 2023-04-02 19:49:42 DEBUG KafkaAvailability:216 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:42 DEBUG KafkaAvailability:51 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:42 DEBUG KafkaAvailability:202 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:49:42 DEBUG KafkaAvailability:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:49:42 DEBUG KafkaAvailability:161 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 7 topics 2023-04-02 19:49:43 DEBUG KafkaAvailability:170 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 7 topics 2023-04-02 19:49:43 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic has min.insync.replicas=2. 2023-04-02 19:49:43 INFO KafkaAvailability:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic/0 will be under-replicated (ISR={2,1}, replicas=[1,0,2], min.insync.replicas=2) if broker 1 is restarted. 2023-04-02 19:49:43 DEBUG KafkaAvailability:86 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Restart pod 1 would remove it from ISR, stalling producers with acks=all 2023-04-02 19:49:43 DEBUG KafkaRoller:378 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 cannot be updated right now 2023-04-02 19:49:43 INFO KafkaRoller:327 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to io.strimzi.operator.cluster.operator.resource.KafkaRoller$UnforceableProblem: Pod my-cluster-8ba803c1-kafka-1 cannot be updated right now., retrying after at least 1000ms 2023-04-02 19:49:43 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 500 MILLISECONDS 2023-04-02 19:49:43 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:43 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:43 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:43 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 2 2023-04-02 19:49:43 DEBUG KafkaRoller:366 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 is controller and there are other pods to verify. Non-controller pods will be verified first. 2023-04-02 19:49:43 INFO KafkaRoller:327 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to ForceableProblem: Pod my-cluster-8ba803c1-kafka-2 is controller and there are other pods to verify. Non-controller pods will be verified first, retrying after at least 1000ms 2023-04-02 19:49:44 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 1000 MILLISECONDS 2023-04-02 19:49:44 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:44 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:44 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:44 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is -1 2023-04-02 19:49:44 DEBUG KafkaAvailability:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 1 can be rolled 2023-04-02 19:49:44 DEBUG KafkaAvailability:216 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:44 DEBUG KafkaAvailability:51 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:44 DEBUG KafkaAvailability:202 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:49:44 DEBUG KafkaAvailability:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:49:44 DEBUG KafkaAvailability:161 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 7 topics 2023-04-02 19:49:44 DEBUG KafkaAvailability:170 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 7 topics 2023-04-02 19:49:44 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic has min.insync.replicas=2. 2023-04-02 19:49:44 INFO KafkaAvailability:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic/0 will be under-replicated (ISR={2,1}, replicas=[1,0,2], min.insync.replicas=2) if broker 1 is restarted. 2023-04-02 19:49:44 DEBUG KafkaAvailability:86 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Restart pod 1 would remove it from ISR, stalling producers with acks=all 2023-04-02 19:49:44 DEBUG KafkaRoller:378 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 cannot be updated right now 2023-04-02 19:49:44 INFO KafkaRoller:327 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to io.strimzi.operator.cluster.operator.resource.KafkaRoller$UnforceableProblem: Pod my-cluster-8ba803c1-kafka-1 cannot be updated right now., retrying after at least 2000ms 2023-04-02 19:49:44 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 1000 MILLISECONDS 2023-04-02 19:49:44 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:44 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:44 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:44 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 2 2023-04-02 19:49:44 DEBUG KafkaRoller:366 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 is controller and there are other pods to verify. Non-controller pods will be verified first. 2023-04-02 19:49:44 INFO KafkaRoller:327 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to ForceableProblem: Pod my-cluster-8ba803c1-kafka-2 is controller and there are other pods to verify. Non-controller pods will be verified first, retrying after at least 2000ms 2023-04-02 19:49:46 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 2000 MILLISECONDS 2023-04-02 19:49:46 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:46 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:46 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:46 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 2 2023-04-02 19:49:46 DEBUG KafkaAvailability:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 1 can be rolled 2023-04-02 19:49:46 DEBUG KafkaAvailability:216 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:46 DEBUG KafkaAvailability:51 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:46 DEBUG KafkaAvailability:202 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:49:46 DEBUG KafkaAvailability:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:49:46 DEBUG KafkaAvailability:161 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 7 topics 2023-04-02 19:49:46 DEBUG KafkaAvailability:170 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 7 topics 2023-04-02 19:49:46 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic has min.insync.replicas=2. 2023-04-02 19:49:46 INFO KafkaAvailability:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic/0 will be under-replicated (ISR={2,1}, replicas=[1,0,2], min.insync.replicas=2) if broker 1 is restarted. 2023-04-02 19:49:46 DEBUG KafkaAvailability:86 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Restart pod 1 would remove it from ISR, stalling producers with acks=all 2023-04-02 19:49:46 DEBUG KafkaRoller:378 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 cannot be updated right now 2023-04-02 19:49:46 INFO KafkaRoller:327 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to io.strimzi.operator.cluster.operator.resource.KafkaRoller$UnforceableProblem: Pod my-cluster-8ba803c1-kafka-1 cannot be updated right now., retrying after at least 4000ms 2023-04-02 19:49:46 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 2000 MILLISECONDS 2023-04-02 19:49:46 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:46 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:46 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:46 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is -1 2023-04-02 19:49:46 DEBUG KafkaAvailability:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 2 can be rolled 2023-04-02 19:49:46 DEBUG KafkaAvailability:216 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:46 DEBUG KafkaAvailability:51 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:46 DEBUG KafkaAvailability:202 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:49:46 DEBUG KafkaAvailability:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:49:46 DEBUG KafkaAvailability:161 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 6 topics 2023-04-02 19:49:46 DEBUG KafkaAvailability:170 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 6 topics 2023-04-02 19:49:46 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic has min.insync.replicas=2. 2023-04-02 19:49:46 INFO KafkaAvailability:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic/0 will be under-replicated (ISR={2,1}, replicas=[1,0,2], min.insync.replicas=2) if broker 2 is restarted. 2023-04-02 19:49:46 DEBUG KafkaAvailability:86 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Restart pod 2 would remove it from ISR, stalling producers with acks=all 2023-04-02 19:49:46 DEBUG KafkaRoller:378 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 cannot be updated right now 2023-04-02 19:49:46 INFO KafkaRoller:327 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to io.strimzi.operator.cluster.operator.resource.KafkaRoller$UnforceableProblem: Pod my-cluster-8ba803c1-kafka-2 cannot be updated right now., retrying after at least 4000ms 2023-04-02 19:49:50 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 4000 MILLISECONDS 2023-04-02 19:49:50 DEBUG Config:630 - Trying to configure client from Kubernetes config... 2023-04-02 19:49:50 DEBUG Config:636 - Did not find Kubernetes config at: [/.kube/config]. Ignoring. 2023-04-02 19:49:50 DEBUG Config:535 - Trying to configure client from service account... 2023-04-02 19:49:50 DEBUG Config:545 - Found service account host and port: 172.30.0.1:443 2023-04-02 19:49:50 DEBUG Config:551 - Found service account ca cert at: [/var/run/secrets/kubernetes.io/serviceaccount/ca.crt}]. 2023-04-02 19:49:50 DEBUG Config:558 - Found service account token at: [/var/run/secrets/kubernetes.io/serviceaccount/token]. 2023-04-02 19:49:50 DEBUG Config:849 - Trying to configure client namespace from Kubernetes service account namespace path... 2023-04-02 19:49:50 DEBUG Config:854 - Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace]. 2023-04-02 19:49:50 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:50 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:50 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:50 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 2 2023-04-02 19:49:50 DEBUG KafkaAvailability:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 1 can be rolled 2023-04-02 19:49:50 DEBUG KafkaAvailability:216 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:50 DEBUG KafkaAvailability:51 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:50 DEBUG KafkaAvailability:202 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:49:50 DEBUG KafkaAvailability:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:49:50 DEBUG KafkaAvailability:161 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 7 topics 2023-04-02 19:49:50 DEBUG KafkaAvailability:170 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 7 topics 2023-04-02 19:49:50 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic has min.insync.replicas=2. 2023-04-02 19:49:50 INFO KafkaAvailability:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic/0 will be under-replicated (ISR={2,1}, replicas=[1,0,2], min.insync.replicas=2) if broker 1 is restarted. 2023-04-02 19:49:50 DEBUG KafkaAvailability:86 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Restart pod 1 would remove it from ISR, stalling producers with acks=all 2023-04-02 19:49:50 DEBUG KafkaRoller:378 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 cannot be updated right now 2023-04-02 19:49:50 INFO KafkaRoller:327 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to io.strimzi.operator.cluster.operator.resource.KafkaRoller$UnforceableProblem: Pod my-cluster-8ba803c1-kafka-1 cannot be updated right now., retrying after at least 8000ms 2023-04-02 19:49:50 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 4000 MILLISECONDS 2023-04-02 19:49:50 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:50 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:50 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:50 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 2 2023-04-02 19:49:50 DEBUG KafkaRoller:366 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 is controller and there are other pods to verify. Non-controller pods will be verified first. 2023-04-02 19:49:50 INFO KafkaRoller:327 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to ForceableProblem: Pod my-cluster-8ba803c1-kafka-2 is controller and there are other pods to verify. Non-controller pods will be verified first, retrying after at least 8000ms 2023-04-02 19:49:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:53 INFO AbstractOperator:380 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Reconciliation is in progress 2023-04-02 19:49:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:53 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:49:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:53 DEBUG AbstractOperator:373 - Reconciliation #21(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:49:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:49:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:49:58 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 8000 MILLISECONDS 2023-04-02 19:49:58 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:58 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:58 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:58 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 2 2023-04-02 19:49:58 DEBUG KafkaAvailability:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 1 can be rolled 2023-04-02 19:49:58 DEBUG KafkaAvailability:216 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:58 DEBUG KafkaAvailability:51 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:49:58 DEBUG KafkaAvailability:202 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:49:58 DEBUG KafkaAvailability:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:49:58 DEBUG KafkaAvailability:161 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 7 topics 2023-04-02 19:49:58 DEBUG KafkaAvailability:170 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 7 topics 2023-04-02 19:49:58 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic has min.insync.replicas=2. 2023-04-02 19:49:58 INFO KafkaAvailability:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic/0 will be under-replicated (ISR={2,1}, replicas=[1,0,2], min.insync.replicas=2) if broker 1 is restarted. 2023-04-02 19:49:58 DEBUG KafkaAvailability:86 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Restart pod 1 would remove it from ISR, stalling producers with acks=all 2023-04-02 19:49:58 DEBUG KafkaRoller:378 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 cannot be updated right now 2023-04-02 19:49:58 INFO KafkaRoller:327 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to io.strimzi.operator.cluster.operator.resource.KafkaRoller$UnforceableProblem: Pod my-cluster-8ba803c1-kafka-1 cannot be updated right now., retrying after at least 16000ms 2023-04-02 19:49:58 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 8000 MILLISECONDS 2023-04-02 19:49:58 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:58 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:49:58 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:49:58 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 2 2023-04-02 19:49:58 DEBUG KafkaRoller:366 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 is controller and there are other pods to verify. Non-controller pods will be verified first. 2023-04-02 19:49:58 INFO KafkaRoller:327 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to ForceableProblem: Pod my-cluster-8ba803c1-kafka-2 is controller and there are other pods to verify. Non-controller pods will be verified first, retrying after at least 16000ms 2023-04-02 19:50:03 DEBUG AbstractOperator:388 - Reconciliation #21(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:50:14 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 16000 MILLISECONDS 2023-04-02 19:50:14 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:50:14 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:50:14 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:50:14 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 2 2023-04-02 19:50:14 DEBUG KafkaAvailability:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 1 can be rolled 2023-04-02 19:50:14 DEBUG KafkaAvailability:216 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:50:14 DEBUG KafkaAvailability:51 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:50:14 DEBUG KafkaAvailability:202 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:50:14 DEBUG KafkaAvailability:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:50:14 DEBUG KafkaAvailability:161 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 7 topics 2023-04-02 19:50:14 DEBUG KafkaAvailability:170 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 7 topics 2023-04-02 19:50:14 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.partitionmetricsamples has min.insync.replicas=1. 2023-04-02 19:50:14 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic has min.insync.replicas=2. 2023-04-02 19:50:14 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi-topic-operator-kstreams-topic-store-changelog has min.insync.replicas=1. 2023-04-02 19:50:14 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.modeltrainingsamples has min.insync.replicas=1. 2023-04-02 19:50:14 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __consumer_offsets has min.insync.replicas=1. 2023-04-02 19:50:14 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.metrics has min.insync.replicas=1. 2023-04-02 19:50:14 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): my-topic-979356188-68329333 has min.insync.replicas=1. 2023-04-02 19:50:14 DEBUG KafkaAvailability:112 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): my-topic-979356188-68329333/0 will be under-replicated (ISR={1}, replicas=[1], min.insync.replicas=1) if broker 1 is restarted, but there are only 1 replicas. 2023-04-02 19:50:14 DEBUG KafkaRoller:372 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 can be rolled now 2023-04-02 19:50:14 DEBUG KafkaRoller:682 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 2023-04-02 19:50:14 INFO PodOperator:54 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 2023-04-02 19:50:14 DEBUG PodOperator:60 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for pod my-cluster-8ba803c1-kafka-1 to be deleted 2023-04-02 19:50:14 DEBUG AbstractNamespacedResourceOperator:115 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods namespace-0/my-cluster-8ba803c1-kafka-1 exist, deleting it 2023-04-02 19:50:14 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/api/v1/namespaces/namespace-0/pods?fieldSelector=metadata.name%3Dmy-cluster-8ba803c1-kafka-1&allowWatchBookmarks=true&watch=true... 2023-04-02 19:50:15 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:50:15 DEBUG ResourceSupport:174 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Opened watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@84a7c30 for evaluation of observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-1 2023-04-02 19:50:15 DEBUG ResourceSupport:204 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-1 2023-04-02 19:50:15 DEBUG ResourceSupport:184 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pre-check is not complete yet, let's wait for the watch: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-1 2023-04-02 19:50:15 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353276 for v1/pods 2023-04-02 19:50:15 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:50:15 DEBUG ResourceSupport:204 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-1 2023-04-02 19:50:15 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:50:15 INFO StrimziPodSetController:343 - Reconciliation #22(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:50:15 DEBUG StrimziPodSetController:444 - Reconciliation #22(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:15 DEBUG StrimziPodSetController:444 - Reconciliation #22(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:15 DEBUG StrimziPodSetController:444 - Reconciliation #22(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:15 INFO StrimziPodSetController:379 - Reconciliation #22(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:50:15 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:50:15 DEBUG ResourceSupport:204 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-1 2023-04-02 19:50:15 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353283 for v1/pods 2023-04-02 19:50:15 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:50:15 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:50:15 INFO StrimziPodSetController:343 - Reconciliation #23(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:50:15 DEBUG StrimziPodSetController:444 - Reconciliation #23(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:15 DEBUG StrimziPodSetController:444 - Reconciliation #23(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:15 DEBUG StrimziPodSetController:444 - Reconciliation #23(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:15 INFO StrimziPodSetController:379 - Reconciliation #23(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:50:15 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:50:17 DEBUG ResourceSupport:204 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-1 2023-04-02 19:50:17 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353299 for v1/pods 2023-04-02 19:50:17 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:50:17 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:50:17 INFO StrimziPodSetController:343 - Reconciliation #24(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:50:17 DEBUG StrimziPodSetController:444 - Reconciliation #24(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:17 DEBUG StrimziPodSetController:444 - Reconciliation #24(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:17 DEBUG StrimziPodSetController:444 - Reconciliation #24(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:17 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/readyPods","value":2} 2023-04-02 19:50:17 DEBUG StatusDiff:48 - Current Status path /readyPods has value 3 2023-04-02 19:50:17 DEBUG StatusDiff:49 - Desired Status path /readyPods has value 2 2023-04-02 19:50:17 DEBUG StrimziPodSetController:398 - Reconciliation #24(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Updating status of StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 2023-04-02 19:50:17 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG ResourceSupport:204 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-1 2023-04-02 19:50:17 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353301 for v1/pods 2023-04-02 19:50:17 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:50:17 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:50:17 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2353303 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:50:17 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 was MODIFIED 2023-04-02 19:50:17 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka is already enqueued => ignoring 2023-04-02 19:50:17 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG AbstractNamespacedResourceOperator:212 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods namespace-0/my-cluster-8ba803c1-kafka-1 has been deleted 2023-04-02 19:50:17 DEBUG ResourceSupport:200 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-1 2023-04-02 19:50:17 INFO StrimziPodSetController:379 - Reconciliation #24(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:50:17 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:50:17 INFO StrimziPodSetController:343 - Reconciliation #25(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:50:17 DEBUG StrimziPodSetController:444 - Reconciliation #25(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:17 DEBUG StrimziPodSetController:444 - Reconciliation #25(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:17 DEBUG StrimziPodSetController:444 - Reconciliation #25(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:17 INFO StrimziPodSetController:379 - Reconciliation #25(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:50:17 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:50:17 DEBUG Reflector:225 - Event received DELETED Pod resourceVersion v2353304 for v1/pods 2023-04-02 19:50:17 DEBUG ResourceSupport:59 - Closing io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@84a7c30 2023-04-02 19:50:17 DEBUG AbstractWatchManager:226 - Force closing the watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@84a7c30 2023-04-02 19:50:17 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 was DELETED 2023-04-02 19:50:17 DEBUG Watcher:43 - Watcher closed 2023-04-02 19:50:17 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:50:17 DEBUG WatchConnectionManager:60 - Closing websocket io.fabric8.kubernetes.client.jdkhttp.JdkWebSocketImpl@2e7ae4d9 2023-04-02 19:50:17 INFO StrimziPodSetController:343 - Reconciliation #26(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:50:17 DEBUG StrimziPodSetController:444 - Reconciliation #26(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:17 DEBUG StrimziPodSetController:433 - Reconciliation #26(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Creating pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 2023-04-02 19:50:17 DEBUG ResourceSupport:162 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Completing watch future 2023-04-02 19:50:17 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-1 in namespace namespace-0 to get deleted 2023-04-02 19:50:17 DEBUG WatcherWebSocketListener:69 - WebSocket close received. code: 1000, reason: 2023-04-02 19:50:17 DEBUG AbstractWatchManager:127 - Ignoring already closed/closing connection 2023-04-02 19:50:17 DEBUG PodOperator:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 finished 2023-04-02 19:50:17 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-1 in namespace namespace-0 is deleted 2023-04-02 19:50:17 DEBUG PodOperator:77 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 was deleted 2023-04-02 19:50:17 DEBUG KafkaRoller:689 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for restarted pod my-cluster-8ba803c1-kafka-1 to become ready 2023-04-02 19:50:17 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-1 in namespace namespace-0 to get ready 2023-04-02 19:50:17 DEBUG KubernetesRestartEventPublisher:74 - Publishing K8s event, time MicroTime(time=2023-04-02T19:50:17.466765Z, additionalProperties={}), type, Normal, reason, CaCertHasOldGeneration, note, Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, pod, ObjectReference(apiVersion=null, fieldPath=null, kind=Pod, name=my-cluster-8ba803c1-kafka-1, namespace=namespace-0, resourceVersion=null, uid=null, additionalProperties={}) 2023-04-02 19:50:17 DEBUG StrimziPodSetController:444 - Reconciliation #26(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:17 DEBUG Reflector:225 - Event received ADDED Pod resourceVersion v2353309 for v1/pods 2023-04-02 19:50:17 INFO StrimziPodSetController:379 - Reconciliation #26(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:50:17 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:50:17 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 was ADDED 2023-04-02 19:50:17 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:50:17 INFO StrimziPodSetController:343 - Reconciliation #27(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:50:17 DEBUG StrimziPodSetController:444 - Reconciliation #27(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:17 DEBUG StrimziPodSetController:444 - Reconciliation #27(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:17 DEBUG StrimziPodSetController:444 - Reconciliation #27(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:17 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/currentPods","value":2} 2023-04-02 19:50:17 DEBUG StatusDiff:48 - Current Status path /currentPods has value 1 2023-04-02 19:50:17 DEBUG StatusDiff:49 - Desired Status path /currentPods has value 2 2023-04-02 19:50:17 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353310 for v1/pods 2023-04-02 19:50:17 DEBUG StrimziPodSetController:398 - Reconciliation #27(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Updating status of StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 2023-04-02 19:50:17 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:50:17 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:50:17 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG KubernetesRestartEventPublisher:74 - Publishing K8s event, time MicroTime(time=2023-04-02T19:50:17.466765Z, additionalProperties={}), type, Normal, reason, PodHasOldRevision, note, Pod has old revision, pod, ObjectReference(apiVersion=null, fieldPath=null, kind=Pod, name=my-cluster-8ba803c1-kafka-1, namespace=namespace-0, resourceVersion=null, uid=null, additionalProperties={}) 2023-04-02 19:50:17 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353314 for v1/pods 2023-04-02 19:50:17 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:50:17 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka is already enqueued => ignoring 2023-04-02 19:50:17 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2353316 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:50:17 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:17 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 was MODIFIED 2023-04-02 19:50:17 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka is already enqueued => ignoring 2023-04-02 19:50:17 INFO StrimziPodSetController:379 - Reconciliation #27(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:50:17 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:50:17 INFO StrimziPodSetController:343 - Reconciliation #28(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:50:17 DEBUG StrimziPodSetController:444 - Reconciliation #28(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:17 DEBUG StrimziPodSetController:444 - Reconciliation #28(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:17 DEBUG StrimziPodSetController:444 - Reconciliation #28(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:17 INFO StrimziPodSetController:379 - Reconciliation #28(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:50:17 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:50:20 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353329 for v1/pods 2023-04-02 19:50:20 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:50:20 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:50:20 INFO StrimziPodSetController:343 - Reconciliation #29(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:50:20 DEBUG StrimziPodSetController:444 - Reconciliation #29(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:20 DEBUG StrimziPodSetController:444 - Reconciliation #29(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:20 DEBUG StrimziPodSetController:444 - Reconciliation #29(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:20 INFO StrimziPodSetController:379 - Reconciliation #29(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:50:20 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:50:21 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353339 for v1/pods 2023-04-02 19:50:21 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:50:21 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:50:21 INFO StrimziPodSetController:343 - Reconciliation #30(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:50:21 DEBUG StrimziPodSetController:444 - Reconciliation #30(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:21 DEBUG StrimziPodSetController:444 - Reconciliation #30(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:21 DEBUG StrimziPodSetController:444 - Reconciliation #30(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:21 INFO StrimziPodSetController:379 - Reconciliation #30(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:50:21 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:50:23 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:50:23 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:23 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:23 DEBUG AbstractOperator:373 - Reconciliation #31(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:50:33 DEBUG AbstractOperator:388 - Reconciliation #31(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:50:39 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353475 for v1/pods 2023-04-02 19:50:39 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:50:39 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:50:39 INFO StrimziPodSetController:343 - Reconciliation #32(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:50:39 DEBUG StrimziPodSetController:444 - Reconciliation #32(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:39 DEBUG StrimziPodSetController:444 - Reconciliation #32(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:39 DEBUG StrimziPodSetController:444 - Reconciliation #32(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:39 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/readyPods","value":3} 2023-04-02 19:50:39 DEBUG StatusDiff:48 - Current Status path /readyPods has value 2 2023-04-02 19:50:39 DEBUG StatusDiff:49 - Desired Status path /readyPods has value 3 2023-04-02 19:50:39 DEBUG StrimziPodSetController:398 - Reconciliation #32(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Updating status of StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 2023-04-02 19:50:39 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:39 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:39 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:39 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:39 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:39 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:39 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2353480 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:50:39 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 was MODIFIED 2023-04-02 19:50:39 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:50:39 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:39 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:39 INFO StrimziPodSetController:379 - Reconciliation #32(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:50:39 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:50:39 INFO StrimziPodSetController:343 - Reconciliation #33(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:50:39 DEBUG StrimziPodSetController:444 - Reconciliation #33(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:39 DEBUG StrimziPodSetController:444 - Reconciliation #33(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:39 DEBUG StrimziPodSetController:444 - Reconciliation #33(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:50:39 INFO StrimziPodSetController:379 - Reconciliation #33(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:50:39 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:50:40 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-1 in namespace namespace-0 is ready 2023-04-02 19:50:40 DEBUG KafkaRoller:691 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 is now ready 2023-04-02 19:50:40 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 16000 MILLISECONDS 2023-04-02 19:50:40 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:50:40 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:50:40 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:50:40 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is -1 2023-04-02 19:50:40 DEBUG KafkaAvailability:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 2 can be rolled 2023-04-02 19:50:40 DEBUG KafkaAvailability:216 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:50:40 DEBUG KafkaAvailability:51 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:50:40 DEBUG KafkaAvailability:202 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:50:40 DEBUG KafkaAvailability:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:50:40 DEBUG KafkaAvailability:161 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 6 topics 2023-04-02 19:50:40 DEBUG KafkaAvailability:170 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 6 topics 2023-04-02 19:50:40 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.partitionmetricsamples has min.insync.replicas=1. 2023-04-02 19:50:40 INFO KafkaAvailability:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.partitionmetricsamples/1 will be under-replicated (ISR={2}, replicas=[2,1], min.insync.replicas=1) if broker 2 is restarted. 2023-04-02 19:50:40 DEBUG KafkaAvailability:86 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Restart pod 2 would remove it from ISR, stalling producers with acks=all 2023-04-02 19:50:40 DEBUG KafkaRoller:378 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 cannot be updated right now 2023-04-02 19:50:40 INFO KafkaRoller:327 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to io.strimzi.operator.cluster.operator.resource.KafkaRoller$UnforceableProblem: Pod my-cluster-8ba803c1-kafka-2 cannot be updated right now., retrying after at least 32000ms 2023-04-02 19:50:51 DEBUG Config:630 - Trying to configure client from Kubernetes config... 2023-04-02 19:50:51 DEBUG Config:636 - Did not find Kubernetes config at: [/.kube/config]. Ignoring. 2023-04-02 19:50:51 DEBUG Config:535 - Trying to configure client from service account... 2023-04-02 19:50:51 DEBUG Config:545 - Found service account host and port: 172.30.0.1:443 2023-04-02 19:50:51 DEBUG Config:551 - Found service account ca cert at: [/var/run/secrets/kubernetes.io/serviceaccount/ca.crt}]. 2023-04-02 19:50:51 DEBUG Config:558 - Found service account token at: [/var/run/secrets/kubernetes.io/serviceaccount/token]. 2023-04-02 19:50:51 DEBUG Config:849 - Trying to configure client namespace from Kubernetes service account namespace path... 2023-04-02 19:50:51 DEBUG Config:854 - Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace]. 2023-04-02 19:50:51 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:51 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:53 INFO AbstractOperator:380 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Reconciliation is in progress 2023-04-02 19:50:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:53 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:50:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:53 DEBUG AbstractOperator:373 - Reconciliation #34(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:50:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:50:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:50:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:03 DEBUG AbstractOperator:388 - Reconciliation #34(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:51:12 DEBUG KafkaRoller:303 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 32000 MILLISECONDS 2023-04-02 19:51:12 DEBUG ReconcilerUtils:188 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:51:12 INFO KafkaRoller:535 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 needs to be restarted. Reason: [Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, Pod has old revision] 2023-04-02 19:51:12 DEBUG KafkaRoller:747 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:51:12 DEBUG KafkaRoller:800 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 2 2023-04-02 19:51:12 DEBUG KafkaAvailability:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 2 can be rolled 2023-04-02 19:51:12 DEBUG KafkaAvailability:216 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:51:12 DEBUG KafkaAvailability:51 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:51:12 DEBUG KafkaAvailability:202 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:51:12 DEBUG KafkaAvailability:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:51:12 DEBUG KafkaAvailability:161 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 6 topics 2023-04-02 19:51:12 DEBUG KafkaAvailability:170 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 6 topics 2023-04-02 19:51:12 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi-topic-operator-kstreams-topic-store-changelog has min.insync.replicas=1. 2023-04-02 19:51:12 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __consumer_offsets has min.insync.replicas=1. 2023-04-02 19:51:12 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.partitionmetricsamples has min.insync.replicas=1. 2023-04-02 19:51:12 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.metrics has min.insync.replicas=1. 2023-04-02 19:51:12 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.modeltrainingsamples has min.insync.replicas=1. 2023-04-02 19:51:12 DEBUG KafkaAvailability:101 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic has min.insync.replicas=2. 2023-04-02 19:51:12 DEBUG KafkaRoller:372 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 can be rolled now 2023-04-02 19:51:12 DEBUG KafkaRoller:682 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 2023-04-02 19:51:12 INFO PodOperator:54 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 2023-04-02 19:51:12 DEBUG PodOperator:60 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for pod my-cluster-8ba803c1-kafka-2 to be deleted 2023-04-02 19:51:12 DEBUG AbstractNamespacedResourceOperator:115 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods namespace-0/my-cluster-8ba803c1-kafka-2 exist, deleting it 2023-04-02 19:51:12 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/api/v1/namespaces/namespace-0/pods?fieldSelector=metadata.name%3Dmy-cluster-8ba803c1-kafka-2&allowWatchBookmarks=true&watch=true... 2023-04-02 19:51:12 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:51:12 DEBUG ResourceSupport:174 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Opened watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@48b38223 for evaluation of observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-2 2023-04-02 19:51:12 DEBUG ResourceSupport:204 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-2 2023-04-02 19:51:12 DEBUG ResourceSupport:184 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pre-check is not complete yet, let's wait for the watch: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-2 2023-04-02 19:51:12 DEBUG ResourceSupport:204 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-2 2023-04-02 19:51:12 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353690 for v1/pods 2023-04-02 19:51:12 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:51:12 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:51:12 INFO StrimziPodSetController:343 - Reconciliation #35(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:51:12 DEBUG StrimziPodSetController:444 - Reconciliation #35(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:12 DEBUG StrimziPodSetController:444 - Reconciliation #35(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:12 DEBUG StrimziPodSetController:444 - Reconciliation #35(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:12 INFO StrimziPodSetController:379 - Reconciliation #35(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:51:12 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:51:12 DEBUG ResourceSupport:204 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-2 2023-04-02 19:51:12 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353696 for v1/pods 2023-04-02 19:51:12 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:51:12 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:51:12 INFO StrimziPodSetController:343 - Reconciliation #36(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:51:12 DEBUG StrimziPodSetController:444 - Reconciliation #36(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:12 DEBUG StrimziPodSetController:444 - Reconciliation #36(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:12 DEBUG StrimziPodSetController:444 - Reconciliation #36(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:12 INFO StrimziPodSetController:379 - Reconciliation #36(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:51:12 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:51:14 DEBUG ResourceSupport:204 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-2 2023-04-02 19:51:14 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353707 for v1/pods 2023-04-02 19:51:14 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:51:14 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:51:14 INFO StrimziPodSetController:343 - Reconciliation #37(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #37(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #37(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #37(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/readyPods","value":2} 2023-04-02 19:51:14 DEBUG StatusDiff:48 - Current Status path /readyPods has value 3 2023-04-02 19:51:14 DEBUG StatusDiff:49 - Desired Status path /readyPods has value 2 2023-04-02 19:51:14 DEBUG StrimziPodSetController:398 - Reconciliation #37(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Updating status of StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 2023-04-02 19:51:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2353710 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:51:14 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 was MODIFIED 2023-04-02 19:51:14 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:51:14 INFO StrimziPodSetController:379 - Reconciliation #37(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:51:14 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:51:14 INFO StrimziPodSetController:343 - Reconciliation #38(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #38(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #38(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #38(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 INFO StrimziPodSetController:379 - Reconciliation #38(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:51:14 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:51:14 DEBUG ResourceSupport:204 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-2 2023-04-02 19:51:14 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353715 for v1/pods 2023-04-02 19:51:14 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:51:14 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:51:14 INFO StrimziPodSetController:343 - Reconciliation #39(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #39(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #39(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #39(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 INFO StrimziPodSetController:379 - Reconciliation #39(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:51:14 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:51:14 DEBUG AbstractNamespacedResourceOperator:212 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods namespace-0/my-cluster-8ba803c1-kafka-2 has been deleted 2023-04-02 19:51:14 DEBUG ResourceSupport:200 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-2 2023-04-02 19:51:14 DEBUG ResourceSupport:59 - Closing io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@48b38223 2023-04-02 19:51:14 DEBUG AbstractWatchManager:226 - Force closing the watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@48b38223 2023-04-02 19:51:14 DEBUG Watcher:43 - Watcher closed 2023-04-02 19:51:14 DEBUG WatchConnectionManager:60 - Closing websocket io.fabric8.kubernetes.client.jdkhttp.JdkWebSocketImpl@7ae082c5 2023-04-02 19:51:14 DEBUG ResourceSupport:162 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Completing watch future 2023-04-02 19:51:14 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-2 in namespace namespace-0 to get deleted 2023-04-02 19:51:14 DEBUG Reflector:225 - Event received DELETED Pod resourceVersion v2353716 for v1/pods 2023-04-02 19:51:14 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 was DELETED 2023-04-02 19:51:14 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:51:14 INFO StrimziPodSetController:343 - Reconciliation #40(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #40(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 DEBUG WatcherWebSocketListener:69 - WebSocket close received. code: 1000, reason: 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #40(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 DEBUG AbstractWatchManager:127 - Ignoring already closed/closing connection 2023-04-02 19:51:14 DEBUG StrimziPodSetController:433 - Reconciliation #40(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Creating pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 2023-04-02 19:51:14 DEBUG PodOperator:69 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 finished 2023-04-02 19:51:14 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-2 in namespace namespace-0 is deleted 2023-04-02 19:51:14 DEBUG PodOperator:77 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 was deleted 2023-04-02 19:51:14 DEBUG KubernetesRestartEventPublisher:74 - Publishing K8s event, time MicroTime(time=2023-04-02T19:51:14.799505Z, additionalProperties={}), type, Normal, reason, CaCertHasOldGeneration, note, Pod has old clients-ca certificate generation, Pod has old cluster-ca certificate generation, pod, ObjectReference(apiVersion=null, fieldPath=null, kind=Pod, name=my-cluster-8ba803c1-kafka-2, namespace=namespace-0, resourceVersion=null, uid=null, additionalProperties={}) 2023-04-02 19:51:14 DEBUG KafkaRoller:689 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for restarted pod my-cluster-8ba803c1-kafka-2 to become ready 2023-04-02 19:51:14 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-2 in namespace namespace-0 to get ready 2023-04-02 19:51:14 INFO StrimziPodSetController:379 - Reconciliation #40(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:51:14 DEBUG Reflector:225 - Event received ADDED Pod resourceVersion v2353721 for v1/pods 2023-04-02 19:51:14 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:51:14 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 was ADDED 2023-04-02 19:51:14 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:51:14 INFO StrimziPodSetController:343 - Reconciliation #41(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #41(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #41(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #41(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/currentPods","value":3} 2023-04-02 19:51:14 DEBUG StatusDiff:48 - Current Status path /currentPods has value 2 2023-04-02 19:51:14 DEBUG StatusDiff:49 - Desired Status path /currentPods has value 3 2023-04-02 19:51:14 DEBUG StrimziPodSetController:398 - Reconciliation #41(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Updating status of StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 2023-04-02 19:51:14 DEBUG KubernetesRestartEventPublisher:74 - Publishing K8s event, time MicroTime(time=2023-04-02T19:51:14.799505Z, additionalProperties={}), type, Normal, reason, PodHasOldRevision, note, Pod has old revision, pod, ObjectReference(apiVersion=null, fieldPath=null, kind=Pod, name=my-cluster-8ba803c1-kafka-2, namespace=namespace-0, resourceVersion=null, uid=null, additionalProperties={}) 2023-04-02 19:51:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:14 INFO StrimziPodSetController:379 - Reconciliation #41(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:51:14 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:51:14 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353724 for v1/pods 2023-04-02 19:51:14 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:51:14 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:51:14 INFO StrimziPodSetController:343 - Reconciliation #42(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #42(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #42(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 DEBUG StrimziPodSetController:444 - Reconciliation #42(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:14 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/currentPods","value":3} 2023-04-02 19:51:14 DEBUG StatusDiff:48 - Current Status path /currentPods has value 2 2023-04-02 19:51:14 DEBUG StatusDiff:49 - Desired Status path /currentPods has value 3 2023-04-02 19:51:14 DEBUG StrimziPodSetController:398 - Reconciliation #42(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Updating status of StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 2023-04-02 19:51:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:14 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2353726 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:51:14 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 was MODIFIED 2023-04-02 19:51:14 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:51:14 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353728 for v1/pods 2023-04-02 19:51:14 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:51:14 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka is already enqueued => ignoring 2023-04-02 19:51:15 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:15 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:15 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:15 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:15 INFO StrimziPodSetController:379 - Reconciliation #42(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:51:15 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:51:15 INFO StrimziPodSetController:343 - Reconciliation #43(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:51:15 DEBUG StrimziPodSetController:444 - Reconciliation #43(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:15 DEBUG StrimziPodSetController:444 - Reconciliation #43(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:15 DEBUG StrimziPodSetController:444 - Reconciliation #43(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:15 INFO StrimziPodSetController:379 - Reconciliation #43(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:51:15 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:51:20 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353779 for v1/pods 2023-04-02 19:51:20 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:51:20 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:51:20 INFO StrimziPodSetController:343 - Reconciliation #44(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:51:20 DEBUG StrimziPodSetController:444 - Reconciliation #44(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:20 DEBUG StrimziPodSetController:444 - Reconciliation #44(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:20 DEBUG StrimziPodSetController:444 - Reconciliation #44(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:20 INFO StrimziPodSetController:379 - Reconciliation #44(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:51:20 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:51:21 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353791 for v1/pods 2023-04-02 19:51:21 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:51:21 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:51:21 INFO StrimziPodSetController:343 - Reconciliation #45(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:51:21 DEBUG StrimziPodSetController:444 - Reconciliation #45(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:21 DEBUG StrimziPodSetController:444 - Reconciliation #45(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:21 DEBUG StrimziPodSetController:444 - Reconciliation #45(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:21 INFO StrimziPodSetController:379 - Reconciliation #45(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:51:21 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:51:23 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:51:23 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:23 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:23 DEBUG AbstractOperator:373 - Reconciliation #46(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:51:33 DEBUG AbstractOperator:388 - Reconciliation #46(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:51:39 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353888 for v1/pods 2023-04-02 19:51:39 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:51:39 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:51:39 INFO StrimziPodSetController:343 - Reconciliation #47(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:51:39 DEBUG StrimziPodSetController:444 - Reconciliation #47(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:39 DEBUG StrimziPodSetController:444 - Reconciliation #47(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:39 DEBUG StrimziPodSetController:444 - Reconciliation #47(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:39 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/readyPods","value":3} 2023-04-02 19:51:39 DEBUG StatusDiff:48 - Current Status path /readyPods has value 2 2023-04-02 19:51:39 DEBUG StatusDiff:49 - Desired Status path /readyPods has value 3 2023-04-02 19:51:39 DEBUG StrimziPodSetController:398 - Reconciliation #47(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Updating status of StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 2023-04-02 19:51:39 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:39 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:39 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:39 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:39 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:39 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:39 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2353895 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:51:39 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 was MODIFIED 2023-04-02 19:51:39 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:51:39 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-2 in namespace namespace-0 is ready 2023-04-02 19:51:39 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:39 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:39 DEBUG KafkaRoller:691 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 is now ready 2023-04-02 19:51:39 INFO StrimziPodSetController:379 - Reconciliation #47(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:51:39 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:51:39 INFO StrimziPodSetController:343 - Reconciliation #48(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:51:39 DEBUG StrimziPodSetController:444 - Reconciliation #48(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:39 DEBUG StrimziPodSetController:444 - Reconciliation #48(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:39 DEBUG StrimziPodSetController:444 - Reconciliation #48(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:51:39 INFO StrimziPodSetController:379 - Reconciliation #48(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:51:39 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:51:39 DEBUG ReconcilerUtils:88 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Checking readiness of pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 2023-04-02 19:51:39 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-0 in namespace namespace-0 to get ready 2023-04-02 19:51:39 DEBUG ReconcilerUtils:88 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Checking readiness of pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 2023-04-02 19:51:39 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-1 in namespace namespace-0 to get ready 2023-04-02 19:51:39 DEBUG ReconcilerUtils:88 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Checking readiness of pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 2023-04-02 19:51:39 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-2 in namespace namespace-0 to get ready 2023-04-02 19:51:39 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-0 in namespace namespace-0 is ready 2023-04-02 19:51:39 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-1 in namespace namespace-0 is ready 2023-04-02 19:51:39 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-2 in namespace namespace-0 is ready 2023-04-02 19:51:39 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Endpoints resource my-cluster-8ba803c1-kafka-bootstrap in namespace namespace-0 to get ready 2023-04-02 19:51:39 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Endpoints resource my-cluster-8ba803c1-kafka-bootstrap in namespace namespace-0 is ready 2023-04-02 19:51:39 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Endpoints resource my-cluster-8ba803c1-kafka-brokers in namespace namespace-0 to get ready 2023-04-02 19:51:39 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Endpoints resource my-cluster-8ba803c1-kafka-brokers in namespace namespace-0 is ready 2023-04-02 19:51:39 DEBUG KafkaReconciler:1176 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Attempt to get clusterId 2023-04-02 19:51:39 DEBUG KafkaReconciler:1184 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for clusterId using my-cluster-8ba803c1-kafka-bootstrap.namespace-0.svc:9091 2023-04-02 19:51:39 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/api/v1/namespaces/namespace-0/configmaps?fieldSelector=metadata.name%3Dmy-cluster-8ba803c1-kafka-config&allowWatchBookmarks=true&watch=true... 2023-04-02 19:51:39 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:51:39 DEBUG ResourceSupport:174 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Opened watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@7e88cfc0 for evaluation of observe deletion of ConfigMap namespace-0/my-cluster-8ba803c1-kafka-config 2023-04-02 19:51:39 DEBUG AbstractNamespacedResourceOperator:220 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-kafka-config has been already deleted in pre-check 2023-04-02 19:51:39 DEBUG ResourceSupport:180 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pre-check is already complete, no need to wait for the watch: observe deletion of ConfigMap namespace-0/my-cluster-8ba803c1-kafka-config 2023-04-02 19:51:39 DEBUG ResourceSupport:59 - Closing io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@7e88cfc0 2023-04-02 19:51:39 DEBUG AbstractWatchManager:226 - Force closing the watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@7e88cfc0 2023-04-02 19:51:39 DEBUG Watcher:43 - Watcher closed 2023-04-02 19:51:39 DEBUG WatchConnectionManager:60 - Closing websocket io.fabric8.kubernetes.client.jdkhttp.JdkWebSocketImpl@65dadf64 2023-04-02 19:51:39 DEBUG ResourceSupport:162 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Completing watch future 2023-04-02 19:51:39 DEBUG WatcherWebSocketListener:69 - WebSocket close received. code: 1000, reason: 2023-04-02 19:51:39 DEBUG AbstractWatchManager:127 - Ignoring already closed/closing connection 2023-04-02 19:51:39 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount namespace-0/my-cluster-8ba803c1-entity-operator already exists, updating it 2023-04-02 19:51:39 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:51:39 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:51:39 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:51:39 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:51:39 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount my-cluster-8ba803c1-entity-operator in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:51:40 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Role namespace-0/my-cluster-8ba803c1-entity-operator already exists, updating it 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Role my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Role my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Role my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Role my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:51:40 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Role my-cluster-8ba803c1-entity-operator in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:51:40 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): RoleBinding namespace-0/my-cluster-8ba803c1-entity-topic-operator-role already exists, updating it 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-topic-operator-role diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-topic-operator-role diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-topic-operator-role diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-topic-operator-role diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:51:40 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): RoleBinding my-cluster-8ba803c1-entity-topic-operator-role in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:51:40 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): RoleBinding namespace-0/my-cluster-8ba803c1-entity-user-operator-role already exists, updating it 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-user-operator-role diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-user-operator-role diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-user-operator-role diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-user-operator-role diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:51:40 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): RoleBinding my-cluster-8ba803c1-entity-user-operator-role in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:51:40 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-entity-topic-operator-config already exists, updating it 2023-04-02 19:51:40 DEBUG ConfigMapOperator:52 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-entity-topic-operator-config in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:51:40 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-entity-user-operator-config already exists, updating it 2023-04-02 19:51:40 DEBUG ConfigMapOperator:52 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-entity-user-operator-config in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:51:40 DEBUG AbstractNamespacedResourceOperator:118 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-entity-operator-certs does not exist, noop 2023-04-02 19:51:40 DEBUG Ca:1241 - Secret namespace-0/my-cluster-8ba803c1-entity-topic-operator-certs generation anno = 0, current CA generation = 1 2023-04-02 19:51:40 DEBUG ModelUtils:142 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for pod entity-operator need to be regenerated because: certificate needs to be renewed 2023-04-02 19:51:40 INFO Ca:399 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Generating certificate Subject(organizationName='io.strimzi', commonName='my-cluster-8ba803c1-entity-topic-operator', dnsNames=[], ipAddresses=[]), signed by CA cluster-ca 2023-04-02 19:51:40 DEBUG OpenSslCertManager:632 - Running command [openssl, req, -new, -batch, -nodes, -keyout, /tmp/tls15786290695940897548key, -out, /tmp/tls6736332732977962599csr, -subj, /O=io.strimzi/CN=my-cluster-8ba803c1-entity-topic-operator] 2023-04-02 19:51:40 DEBUG OpenSslCertManager:655 - Got result 0 2023-04-02 19:51:40 DEBUG OpenSslCertManager:632 - Running command [openssl, ca, -utf8, -batch, -notext, -in, /tmp/tls6736332732977962599csr, -out, /tmp/tls8105528604016507698cert, -cert, /tmp/2390127370425292781.tmp, -keyfile, /tmp/6457832572265985054.tmp, -startdate, 20230402195140Z, -enddate, 20240401195140Z, -config, /tmp/4841046092751938433.tmp] 2023-04-02 19:51:40 DEBUG OpenSslCertManager:655 - Got result 0 2023-04-02 19:51:40 DEBUG OpenSslCertManager:110 - File not deleted, because it did not exist: /tmp/2390127370425292781.srl 2023-04-02 19:51:40 DEBUG OpenSslCertManager:632 - Running command [openssl, pkcs12, -export, -in, /tmp/tls8105528604016507698cert, -inkey, /tmp/tls15786290695940897548key, -name, my-cluster-8ba803c1-entity-topic-operator, -out, /tmp/tls7022646008922025193p12, -passout, pass:TVOCqfxM6lZj, -certpbe, aes-128-cbc, -keypbe, aes-128-cbc, -macalg, sha256] 2023-04-02 19:51:40 DEBUG OpenSslCertManager:655 - Got result 0 2023-04-02 19:51:40 DEBUG ModelUtils:150 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): End generating certificates 2023-04-02 19:51:40 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-entity-topic-operator-certs already exists, updating it 2023-04-02 19:51:40 DEBUG ResourceDiff:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-entity-topic-operator-certs differs: {"op":"replace","path":"/metadata/annotations/strimzi.io~1cluster-ca-cert-generation","value":"1"} 2023-04-02 19:51:40 DEBUG ResourceDiff:63 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current Secret my-cluster-8ba803c1-entity-topic-operator-certs path /metadata/annotations/strimzi.io~1cluster-ca-cert-generation has value 2023-04-02 19:51:40 DEBUG ResourceDiff:64 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Desired Secret my-cluster-8ba803c1-entity-topic-operator-certs path /metadata/annotations/strimzi.io~1cluster-ca-cert-generation has value 2023-04-02 19:51:40 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-entity-topic-operator-certs in namespace namespace-0 has been patched 2023-04-02 19:51:40 DEBUG Ca:1241 - Secret namespace-0/my-cluster-8ba803c1-entity-user-operator-certs generation anno = 0, current CA generation = 1 2023-04-02 19:51:40 DEBUG ModelUtils:142 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for pod entity-operator need to be regenerated because: certificate needs to be renewed 2023-04-02 19:51:40 INFO Ca:399 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Generating certificate Subject(organizationName='io.strimzi', commonName='my-cluster-8ba803c1-entity-user-operator', dnsNames=[], ipAddresses=[]), signed by CA cluster-ca 2023-04-02 19:51:40 DEBUG OpenSslCertManager:632 - Running command [openssl, req, -new, -batch, -nodes, -keyout, /tmp/tls11654108595644651181key, -out, /tmp/tls1735205676747434206csr, -subj, /O=io.strimzi/CN=my-cluster-8ba803c1-entity-user-operator] 2023-04-02 19:51:40 DEBUG OpenSslCertManager:655 - Got result 0 2023-04-02 19:51:40 DEBUG OpenSslCertManager:632 - Running command [openssl, ca, -utf8, -batch, -notext, -in, /tmp/tls1735205676747434206csr, -out, /tmp/tls814195012995934626cert, -cert, /tmp/13234137221852266299.tmp, -keyfile, /tmp/2787620771117832557.tmp, -startdate, 20230402195140Z, -enddate, 20240401195140Z, -config, /tmp/1266048007292338580.tmp] 2023-04-02 19:51:40 DEBUG OpenSslCertManager:655 - Got result 0 2023-04-02 19:51:40 DEBUG OpenSslCertManager:110 - File not deleted, because it did not exist: /tmp/13234137221852266299.srl 2023-04-02 19:51:40 DEBUG OpenSslCertManager:632 - Running command [openssl, pkcs12, -export, -in, /tmp/tls814195012995934626cert, -inkey, /tmp/tls11654108595644651181key, -name, my-cluster-8ba803c1-entity-user-operator, -out, /tmp/tls16905991703450492471p12, -passout, pass:Zb6Pfh3ggLGx, -certpbe, aes-128-cbc, -keypbe, aes-128-cbc, -macalg, sha256] 2023-04-02 19:51:40 DEBUG OpenSslCertManager:655 - Got result 0 2023-04-02 19:51:40 DEBUG ModelUtils:150 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): End generating certificates 2023-04-02 19:51:40 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-entity-user-operator-certs already exists, updating it 2023-04-02 19:51:40 DEBUG ResourceDiff:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-entity-user-operator-certs differs: {"op":"replace","path":"/metadata/annotations/strimzi.io~1cluster-ca-cert-generation","value":"1"} 2023-04-02 19:51:40 DEBUG ResourceDiff:63 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current Secret my-cluster-8ba803c1-entity-user-operator-certs path /metadata/annotations/strimzi.io~1cluster-ca-cert-generation has value 2023-04-02 19:51:40 DEBUG ResourceDiff:64 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Desired Secret my-cluster-8ba803c1-entity-user-operator-certs path /metadata/annotations/strimzi.io~1cluster-ca-cert-generation has value 2023-04-02 19:51:40 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-entity-user-operator-certs in namespace namespace-0 has been patched 2023-04-02 19:51:40 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment namespace-0/my-cluster-8ba803c1-entity-operator already exists, updating it 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:51:40 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:51:40 DEBUG ResourceDiff:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment my-cluster-8ba803c1-entity-operator differs: {"op":"remove","path":"/spec/progressDeadlineSeconds"} 2023-04-02 19:51:40 DEBUG ResourceDiff:63 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current Deployment my-cluster-8ba803c1-entity-operator path /spec/progressDeadlineSeconds has value 600 2023-04-02 19:51:40 DEBUG ResourceDiff:64 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Desired Deployment my-cluster-8ba803c1-entity-operator path /spec/progressDeadlineSeconds has value 2023-04-02 19:51:41 DEBUG OperationSupport:660 - Recieved warning(s) from request https://172.30.0.1:443/apis/apps/v1/namespaces/namespace-0/deployments/my-cluster-8ba803c1-entity-operator: [299 - "would violate PodSecurity \"restricted:latest\": seccompProfile (pod or containers \"topic-operator\", \"user-operator\", \"tls-sidecar\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"] 2023-04-02 19:51:41 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment my-cluster-8ba803c1-entity-operator in namespace namespace-0 has been patched 2023-04-02 19:51:41 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Deployment resource my-cluster-8ba803c1-entity-operator in namespace namespace-0 to get observed 2023-04-02 19:51:41 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353908 for v1/pods 2023-04-02 19:51:41 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-entity-operator-74dc75fb48-zn2pl in namespace namespace-0 was MODIFIED 2023-04-02 19:51:41 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-entity-operator-74dc75fb48-zn2pl in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:51:42 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment resource my-cluster-8ba803c1-entity-operator in namespace namespace-0 is observed 2023-04-02 19:51:42 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Deployment resource my-cluster-8ba803c1-entity-operator in namespace namespace-0 to get ready 2023-04-02 19:51:42 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353930 for v1/pods 2023-04-02 19:51:42 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-entity-operator-74dc75fb48-zn2pl in namespace namespace-0 was MODIFIED 2023-04-02 19:51:42 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-entity-operator-74dc75fb48-zn2pl in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:51:42 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353932 for v1/pods 2023-04-02 19:51:42 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-entity-operator-74dc75fb48-zn2pl in namespace namespace-0 was MODIFIED 2023-04-02 19:51:42 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-entity-operator-74dc75fb48-zn2pl in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:51:42 DEBUG Reflector:225 - Event received DELETED Pod resourceVersion v2353933 for v1/pods 2023-04-02 19:51:42 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-entity-operator-74dc75fb48-zn2pl in namespace namespace-0 was DELETED 2023-04-02 19:51:42 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-entity-operator-74dc75fb48-zn2pl in namespace namespace-0 which was DELETED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:51:42 DEBUG Reflector:225 - Event received ADDED Pod resourceVersion v2353937 for v1/pods 2023-04-02 19:51:42 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 was ADDED 2023-04-02 19:51:42 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 which was ADDED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:51:42 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353938 for v1/pods 2023-04-02 19:51:42 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 was MODIFIED 2023-04-02 19:51:42 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:51:42 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353944 for v1/pods 2023-04-02 19:51:42 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 was MODIFIED 2023-04-02 19:51:42 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:51:44 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2353973 for v1/pods 2023-04-02 19:51:44 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 was MODIFIED 2023-04-02 19:51:44 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:51:46 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354005 for v1/pods 2023-04-02 19:51:46 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 was MODIFIED 2023-04-02 19:51:46 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:51:51 DEBUG Config:630 - Trying to configure client from Kubernetes config... 2023-04-02 19:51:51 DEBUG Config:636 - Did not find Kubernetes config at: [/.kube/config]. Ignoring. 2023-04-02 19:51:51 DEBUG Config:535 - Trying to configure client from service account... 2023-04-02 19:51:51 DEBUG Config:545 - Found service account host and port: 172.30.0.1:443 2023-04-02 19:51:51 DEBUG Config:551 - Found service account ca cert at: [/var/run/secrets/kubernetes.io/serviceaccount/ca.crt}]. 2023-04-02 19:51:51 DEBUG Config:558 - Found service account token at: [/var/run/secrets/kubernetes.io/serviceaccount/token]. 2023-04-02 19:51:51 DEBUG Config:849 - Trying to configure client namespace from Kubernetes service account namespace path... 2023-04-02 19:51:51 DEBUG Config:854 - Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace]. 2023-04-02 19:51:51 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:51 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:53 INFO AbstractOperator:380 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Reconciliation is in progress 2023-04-02 19:51:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:53 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:51:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG AbstractOperator:373 - Reconciliation #49(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:51:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:51:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:51:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:52:03 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354089 for v1/pods 2023-04-02 19:52:03 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 was MODIFIED 2023-04-02 19:52:03 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:03 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354091 for v1/pods 2023-04-02 19:52:03 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 was MODIFIED 2023-04-02 19:52:03 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:03 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354092 for v1/pods 2023-04-02 19:52:03 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 was MODIFIED 2023-04-02 19:52:03 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:03 DEBUG AbstractOperator:388 - Reconciliation #49(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:52:23 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:52:23 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:52:23 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:52:23 DEBUG AbstractOperator:373 - Reconciliation #50(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:52:33 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354281 for v1/pods 2023-04-02 19:52:33 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 was MODIFIED 2023-04-02 19:52:33 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:33 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment resource my-cluster-8ba803c1-entity-operator in namespace namespace-0 is ready 2023-04-02 19:52:33 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy namespace-0/my-cluster-8ba803c1-network-policy-cruise-control already exists, updating it 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control diff {"op":"remove","path":"/spec/policyTypes"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control diff {"op":"remove","path":"/status"} 2023-04-02 19:52:33 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:52:33 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount namespace-0/my-cluster-8ba803c1-cruise-control already exists, updating it 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:52:33 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount my-cluster-8ba803c1-cruise-control in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:52:33 DEBUG LoggingUtils:84 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): logging is not set, using default loggers 2023-04-02 19:52:33 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-cruise-control-config already exists, updating it 2023-04-02 19:52:33 DEBUG ConfigMapOperator:52 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-cruise-control-config in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:52:33 DEBUG AbstractModel:478 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Generating certificates 2023-04-02 19:52:33 DEBUG Ca:171 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): cluster-ca: Reconciling Cruise Control certificates 2023-04-02 19:52:33 DEBUG Ca:489 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for cruise-control already exists 2023-04-02 19:52:33 DEBUG AbstractModel:484 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): End generating certificates 2023-04-02 19:52:33 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-cruise-control-certs already exists, updating it 2023-04-02 19:52:33 DEBUG ResourceDiff:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cruise-control-certs differs: {"op":"replace","path":"/metadata/annotations/strimzi.io~1cluster-ca-cert-generation","value":"1"} 2023-04-02 19:52:33 DEBUG ResourceDiff:63 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current Secret my-cluster-8ba803c1-cruise-control-certs path /metadata/annotations/strimzi.io~1cluster-ca-cert-generation has value 2023-04-02 19:52:33 DEBUG ResourceDiff:64 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Desired Secret my-cluster-8ba803c1-cruise-control-certs path /metadata/annotations/strimzi.io~1cluster-ca-cert-generation has value 2023-04-02 19:52:33 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cruise-control-certs in namespace namespace-0 has been patched 2023-04-02 19:52:33 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-cruise-control-api already exists, updating it 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cruise-control-api diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cruise-control-api diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cruise-control-api diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cruise-control-api diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:52:33 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cruise-control-api in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:52:33 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/my-cluster-8ba803c1-cruise-control already exists, updating it 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/spec/clusterIP"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/spec/clusterIPs"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/spec/internalTrafficPolicy"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/spec/sessionAffinity"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/status"} 2023-04-02 19:52:33 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service my-cluster-8ba803c1-cruise-control in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:52:33 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment namespace-0/my-cluster-8ba803c1-cruise-control already exists, updating it 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:52:33 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:52:33 DEBUG ResourceDiff:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment my-cluster-8ba803c1-cruise-control differs: {"op":"remove","path":"/spec/progressDeadlineSeconds"} 2023-04-02 19:52:33 DEBUG ResourceDiff:63 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current Deployment my-cluster-8ba803c1-cruise-control path /spec/progressDeadlineSeconds has value 600 2023-04-02 19:52:33 DEBUG ResourceDiff:64 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Desired Deployment my-cluster-8ba803c1-cruise-control path /spec/progressDeadlineSeconds has value 2023-04-02 19:52:33 DEBUG OperationSupport:660 - Recieved warning(s) from request https://172.30.0.1:443/apis/apps/v1/namespaces/namespace-0/deployments/my-cluster-8ba803c1-cruise-control: [299 - "would violate PodSecurity \"restricted:latest\": seccompProfile (pod or container \"cruise-control\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"] 2023-04-02 19:52:33 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment my-cluster-8ba803c1-cruise-control in namespace namespace-0 has been patched 2023-04-02 19:52:33 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Deployment resource my-cluster-8ba803c1-cruise-control in namespace namespace-0 to get observed 2023-04-02 19:52:33 DEBUG Reflector:225 - Event received ADDED Pod resourceVersion v2354294 for v1/pods 2023-04-02 19:52:33 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-cruise-control-5cfb9f8f58-n2b8p in namespace namespace-0 was ADDED 2023-04-02 19:52:33 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-cruise-control-5cfb9f8f58-n2b8p in namespace namespace-0 which was ADDED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:33 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354295 for v1/pods 2023-04-02 19:52:33 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-cruise-control-5cfb9f8f58-n2b8p in namespace namespace-0 was MODIFIED 2023-04-02 19:52:33 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-cruise-control-5cfb9f8f58-n2b8p in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:33 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354301 for v1/pods 2023-04-02 19:52:33 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-cruise-control-5cfb9f8f58-n2b8p in namespace namespace-0 was MODIFIED 2023-04-02 19:52:33 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-cruise-control-5cfb9f8f58-n2b8p in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:33 DEBUG AbstractOperator:388 - Reconciliation #50(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:52:34 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment resource my-cluster-8ba803c1-cruise-control in namespace namespace-0 is observed 2023-04-02 19:52:34 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Deployment resource my-cluster-8ba803c1-cruise-control in namespace namespace-0 to get ready 2023-04-02 19:52:36 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354332 for v1/pods 2023-04-02 19:52:36 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-cruise-control-5cfb9f8f58-n2b8p in namespace namespace-0 was MODIFIED 2023-04-02 19:52:36 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-cruise-control-5cfb9f8f58-n2b8p in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:36 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354346 for v1/pods 2023-04-02 19:52:36 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-cruise-control-5cfb9f8f58-n2b8p in namespace namespace-0 was MODIFIED 2023-04-02 19:52:36 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-cruise-control-5cfb9f8f58-n2b8p in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:51 DEBUG Config:630 - Trying to configure client from Kubernetes config... 2023-04-02 19:52:51 DEBUG Config:636 - Did not find Kubernetes config at: [/.kube/config]. Ignoring. 2023-04-02 19:52:51 DEBUG Config:535 - Trying to configure client from service account... 2023-04-02 19:52:51 DEBUG Config:545 - Found service account host and port: 172.30.0.1:443 2023-04-02 19:52:51 DEBUG Config:551 - Found service account ca cert at: [/var/run/secrets/kubernetes.io/serviceaccount/ca.crt}]. 2023-04-02 19:52:51 DEBUG Config:558 - Found service account token at: [/var/run/secrets/kubernetes.io/serviceaccount/token]. 2023-04-02 19:52:51 DEBUG Config:849 - Trying to configure client namespace from Kubernetes service account namespace path... 2023-04-02 19:52:51 DEBUG Config:854 - Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace]. 2023-04-02 19:52:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:52:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:52:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:52:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:52:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:52:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:52:53 INFO AbstractOperator:380 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Reconciliation is in progress 2023-04-02 19:52:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:52:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:52:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:52:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:52:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:52:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:52:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:52:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:52:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:52:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:52:53 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:52:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:52:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:52:53 DEBUG AbstractOperator:373 - Reconciliation #51(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:52:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:52:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:52:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:52:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:52:54 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354461 for v1/pods 2023-04-02 19:52:54 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-cruise-control-5cfb9f8f58-n2b8p in namespace namespace-0 was MODIFIED 2023-04-02 19:52:54 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-cruise-control-5cfb9f8f58-n2b8p in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:54 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354468 for v1/pods 2023-04-02 19:52:54 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-cruise-control-8574757b45-mvphn in namespace namespace-0 was MODIFIED 2023-04-02 19:52:54 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-cruise-control-8574757b45-mvphn in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:54 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment resource my-cluster-8ba803c1-cruise-control in namespace namespace-0 is ready 2023-04-02 19:52:54 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount namespace-0/my-cluster-8ba803c1-kafka-exporter already exists, updating it 2023-04-02 19:52:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:52:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:52:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:52:54 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:52:54 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount my-cluster-8ba803c1-kafka-exporter in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:52:54 DEBUG Ca:1241 - Secret namespace-0/my-cluster-8ba803c1-kafka-exporter-certs generation anno = 0, current CA generation = 1 2023-04-02 19:52:54 DEBUG ModelUtils:142 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for pod kafka-exporter need to be regenerated because: certificate needs to be renewed 2023-04-02 19:52:54 INFO Ca:399 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Generating certificate Subject(organizationName='io.strimzi', commonName='my-cluster-8ba803c1-kafka-exporter', dnsNames=[], ipAddresses=[]), signed by CA cluster-ca 2023-04-02 19:52:54 DEBUG OpenSslCertManager:632 - Running command [openssl, req, -new, -batch, -nodes, -keyout, /tmp/tls631736619064797069key, -out, /tmp/tls5413729972685469519csr, -subj, /O=io.strimzi/CN=my-cluster-8ba803c1-kafka-exporter] 2023-04-02 19:52:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:52:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:52:55 DEBUG OpenSslCertManager:655 - Got result 0 2023-04-02 19:52:55 DEBUG OpenSslCertManager:632 - Running command [openssl, ca, -utf8, -batch, -notext, -in, /tmp/tls5413729972685469519csr, -out, /tmp/tls5167760438334461272cert, -cert, /tmp/10882733080544159424.tmp, -keyfile, /tmp/3275239776016165605.tmp, -startdate, 20230402195255Z, -enddate, 20240401195255Z, -config, /tmp/10556334565969368274.tmp] 2023-04-02 19:52:55 DEBUG OpenSslCertManager:655 - Got result 0 2023-04-02 19:52:55 DEBUG OpenSslCertManager:110 - File not deleted, because it did not exist: /tmp/10882733080544159424.srl 2023-04-02 19:52:55 DEBUG OpenSslCertManager:632 - Running command [openssl, pkcs12, -export, -in, /tmp/tls5167760438334461272cert, -inkey, /tmp/tls631736619064797069key, -name, my-cluster-8ba803c1-kafka-exporter, -out, /tmp/tls9767759584371051561p12, -passout, pass:mik1p5EGJmSv, -certpbe, aes-128-cbc, -keypbe, aes-128-cbc, -macalg, sha256] 2023-04-02 19:52:55 DEBUG OpenSslCertManager:655 - Got result 0 2023-04-02 19:52:55 DEBUG ModelUtils:150 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): End generating certificates 2023-04-02 19:52:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-kafka-exporter-certs already exists, updating it 2023-04-02 19:52:55 DEBUG ResourceDiff:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-kafka-exporter-certs differs: {"op":"replace","path":"/metadata/annotations/strimzi.io~1cluster-ca-cert-generation","value":"1"} 2023-04-02 19:52:55 DEBUG ResourceDiff:63 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current Secret my-cluster-8ba803c1-kafka-exporter-certs path /metadata/annotations/strimzi.io~1cluster-ca-cert-generation has value 2023-04-02 19:52:55 DEBUG ResourceDiff:64 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Desired Secret my-cluster-8ba803c1-kafka-exporter-certs path /metadata/annotations/strimzi.io~1cluster-ca-cert-generation has value 2023-04-02 19:52:55 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-kafka-exporter-certs in namespace namespace-0 has been patched 2023-04-02 19:52:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment namespace-0/my-cluster-8ba803c1-kafka-exporter already exists, updating it 2023-04-02 19:52:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:52:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:52:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:52:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:52:55 DEBUG ResourceDiff:57 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:52:55 DEBUG ResourceDiff:62 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment my-cluster-8ba803c1-kafka-exporter differs: {"op":"remove","path":"/spec/progressDeadlineSeconds"} 2023-04-02 19:52:55 DEBUG ResourceDiff:63 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current Deployment my-cluster-8ba803c1-kafka-exporter path /spec/progressDeadlineSeconds has value 600 2023-04-02 19:52:55 DEBUG ResourceDiff:64 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Desired Deployment my-cluster-8ba803c1-kafka-exporter path /spec/progressDeadlineSeconds has value 2023-04-02 19:52:55 DEBUG Reflector:225 - Event received ADDED Pod resourceVersion v2354491 for v1/pods 2023-04-02 19:52:55 DEBUG OperationSupport:660 - Recieved warning(s) from request https://172.30.0.1:443/apis/apps/v1/namespaces/namespace-0/deployments/my-cluster-8ba803c1-kafka-exporter: [299 - "would violate PodSecurity \"restricted:latest\": seccompProfile (pod or container \"my-cluster-8ba803c1-kafka-exporter\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"] 2023-04-02 19:52:55 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354494 for v1/pods 2023-04-02 19:52:55 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment my-cluster-8ba803c1-kafka-exporter in namespace namespace-0 has been patched 2023-04-02 19:52:55 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354498 for v1/pods 2023-04-02 19:52:55 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Deployment resource my-cluster-8ba803c1-kafka-exporter in namespace namespace-0 to get observed 2023-04-02 19:52:55 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-exporter-7c74d778b9-pv4bt in namespace namespace-0 was ADDED 2023-04-02 19:52:55 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-kafka-exporter-7c74d778b9-pv4bt in namespace namespace-0 which was ADDED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:55 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-exporter-7c74d778b9-pv4bt in namespace namespace-0 was MODIFIED 2023-04-02 19:52:55 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-kafka-exporter-7c74d778b9-pv4bt in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:55 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-exporter-7c74d778b9-pv4bt in namespace namespace-0 was MODIFIED 2023-04-02 19:52:55 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-kafka-exporter-7c74d778b9-pv4bt in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:55 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment resource my-cluster-8ba803c1-kafka-exporter in namespace namespace-0 is observed 2023-04-02 19:52:55 DEBUG Util:135 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Deployment resource my-cluster-8ba803c1-kafka-exporter in namespace namespace-0 to get ready 2023-04-02 19:52:55 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354500 for v1/pods 2023-04-02 19:52:55 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-cruise-control-8574757b45-mvphn in namespace namespace-0 was MODIFIED 2023-04-02 19:52:55 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-cruise-control-8574757b45-mvphn in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:55 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354502 for v1/pods 2023-04-02 19:52:55 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-cruise-control-8574757b45-mvphn in namespace namespace-0 was MODIFIED 2023-04-02 19:52:55 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-cruise-control-8574757b45-mvphn in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:55 DEBUG Reflector:225 - Event received DELETED Pod resourceVersion v2354503 for v1/pods 2023-04-02 19:52:55 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-cruise-control-8574757b45-mvphn in namespace namespace-0 was DELETED 2023-04-02 19:52:55 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-cruise-control-8574757b45-mvphn in namespace namespace-0 which was DELETED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:57 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354513 for v1/pods 2023-04-02 19:52:57 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-exporter-7c74d778b9-pv4bt in namespace namespace-0 was MODIFIED 2023-04-02 19:52:57 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-kafka-exporter-7c74d778b9-pv4bt in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:52:57 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354524 for v1/pods 2023-04-02 19:52:57 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-exporter-7c74d778b9-pv4bt in namespace namespace-0 was MODIFIED 2023-04-02 19:52:57 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-kafka-exporter-7c74d778b9-pv4bt in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:53:03 DEBUG AbstractOperator:388 - Reconciliation #51(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:53:23 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:53:23 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:23 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:23 DEBUG AbstractOperator:373 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:53:25 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354726 for v1/pods 2023-04-02 19:53:25 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-exporter-7c74d778b9-pv4bt in namespace namespace-0 was MODIFIED 2023-04-02 19:53:25 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-kafka-exporter-7c74d778b9-pv4bt in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:53:25 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354730 for v1/pods 2023-04-02 19:53:25 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-exporter-d768b547b-fcvwn in namespace namespace-0 was MODIFIED 2023-04-02 19:53:25 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-kafka-exporter-d768b547b-fcvwn in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:53:26 DEBUG Util:157 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment resource my-cluster-8ba803c1-kafka-exporter in namespace namespace-0 is ready 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:118 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount namespace-0/my-cluster-8ba803c1-kafka-jmx-trans does not exist, noop 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:118 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-jmxtrans-config does not exist, noop 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:118 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deployment namespace-0/my-cluster-8ba803c1-kafka-jmx-trans does not exist, noop 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG StatusDiff:42 - Ignoring Status diff {"op":"replace","path":"/conditions/0/lastTransitionTime","value":"2023-04-02T19:49:09.451518030Z"} 2023-04-02 19:53:26 DEBUG StatusDiff:42 - Ignoring Status diff {"op":"replace","path":"/conditions/1/lastTransitionTime","value":"2023-04-02T19:53:26.085624039Z"} 2023-04-02 19:53:26 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/listeners/1/certificates/0","value":"-----BEGIN CERTIFICATE-----\nMIIFLTCCAxWgAwIBAgIUEOKORKN1+vHVaFCqF0t6veTqhKowDQYJKoZIhvcNAQEN\nBQAwLTETMBEGA1UECgwKaW8uc3RyaW16aTEWMBQGA1UEAwwNY2x1c3Rlci1jYSB2\nMTAeFw0yMzA0MDIxOTQzMDFaFw0yNDA0MDExOTQzMDFaMC0xEzARBgNVBAoMCmlv\nLnN0cmltemkxFjAUBgNVBAMMDWNsdXN0ZXItY2EgdjEwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCeeynSfF+vVBSgFQbBvht2FaT2OEVRPJkdRsmetprW\neM0fiUdJSrWtEkRP0M2xe8dKB1PMBYCs9Zu8HmSCaEk52ghPIjmE/V9jShC3Dhnk\ny0SUVVXD8+IGD7jKsVqLah6zCa8wP7j9DOD11LirFD2YLTd9zwR8RZ83plvxlkye\nroi61zvTrnUEC7IWxuRuFlYAMcRJwpMFQnD2/IB5G4Gn3RyXQsCa+XQYXGCdXeJC\nWDi4RZr0raMxwu5WhT7qNpRY/yKO9nkyGpUzHYpZRHPJYsFYqYwqg+aJPzPCBaRH\nBskMpD/S/zQiWjnqyl3O0/kkDZ/xD8kFWXC1tRYnuyR+WO60jF9HRgL6TUEbfcNe\nrjm04MpthUA8xRTYBJlCn/wEm05c14eSaO1e6julWZh1z7xr+4P08G0Ce3w1IY9m\noUBc4N5Z953gDbZcE5rMCCMlJHZtibumRDN89s/h1w0F3Qb/ijYnAceiXiicBKMl\nA1s1RQ9jFtfKprtz0aDiLBIQwrYYjyQXkxUBYnw3tqrPs347BgvrUw+mvyi51ego\nOs7NnZyfUzw9Mook1D9iBELYjhUqait2pbKoPu9Ob1ZG21F7jQ3ecgGTFrO7RpdV\ncRSkRehhBjbPLCxxnV1kvivyKgtDl4hhqiC+heIXIXGs3/NkH6K6nQgrGQlM3eXf\nNwIDAQABo0UwQzAdBgNVHQ4EFgQUUmMS+R1RxIBONf6rVuejGjs7/60wEgYDVR0T\nAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIB\nADzk7Rn16AYzN44F3J+h4cR5rWFkK0NT1WZ3/nvy6b3S0GW/phSXFOM/G1rYQlfn\nU+Jzd6Zxcs2epeeh+yuBrumUC1J6GVwa9tr3ZwJvGhheo4TViz0KwnOhx2gmriL4\nltYq7R69WLT6xNDcML9VyHq1+4r1x6LpExUGiVHjfcXR5SYgs66jnnBBECErJeFi\nuhdb42H1Gb7gCu1g6kujMJ1gi2YBhaTcspf4uqBSZuTet3i7CXprSxwS1nuAhJya\n83JNsQOwDZMXnJw/dVjLSIXC1O3UjVzy26NnGyUXD10KEV+rLxhNUlQTOqexgzs6\nIlxHjipKzYKR6DHWgY3idc4eVCb4DPf2DU/EM+2W7xg9J8sbOM2fpzOp0I5ptMj5\nmGmwvTKI09xBW+Edq6ij1P9e/QqOQ1iSTUwmdy1KY7BO0Pg9CoU9QeSCs3pZ6CnY\nNlkGkKZMFeQGwEpoOioaMVDXM1yoqfBscEIY3gc0+Mx0aJe/F5KhS13mGK1hJ13X\nGbXg/nmus/Cj9hAcBg7M9pyhnMND+Uxc9V7ISxG9hr4pDDNANwMUGA9hiLyN388X\nuvYXHaOH3CFjadJ9GizlCwTBA9l1HwIMWmW5uHw+iwtfQ1ouWo+3lHkcSMITWfwd\nU9G+VIZlZ3q7tNB2COI91icXGgMTEQfnk3CJ1/QTdL/n\n-----END CERTIFICATE-----\n"} 2023-04-02 19:53:26 DEBUG StatusDiff:48 - Current Status path /listeners/1/certificates/0 has value "-----BEGIN CERTIFICATE-----\nMIIFLTCCAxWgAwIBAgIUEKsCZtHDHXVoxMz6MrrL23wveDMwDQYJKoZIhvcNAQEN\nBQAwLTETMBEGA1UECgwKaW8uc3RyaW16aTEWMBQGA1UEAwwNY2x1c3Rlci1jYSB2\nMDAeFw0yMzA0MDIxOTM3MzZaFw0yNDA0MDExOTM3MzZaMC0xEzARBgNVBAoMCmlv\nLnN0cmltemkxFjAUBgNVBAMMDWNsdXN0ZXItY2EgdjAwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQC3rv6saKAOCR4XBQz7R1jzBo6RNIwRrw331dOFQ9yx\ngXKh4/I4sBVCQ4/LGPQ6O00JFEzYxJ6rDDzqsaYKq957NGcsBydNctV/nsyp/Xmv\nAvCbo5FSIgWSJgMPO9zUDdAjrZrH7b/R9TG2+B5BPrU3FUNQvA9AKWpPL1zCYQkT\ndUBXkEJQp/gm/Zu4J0G6dbHp4OK4Tw4gsK4OsNJ3ZpaULvtXZQA4iu4e+SLGGq+9\nQU5iKxpA1A5VVLs9izMKHhSZ+DIxrvms8exvNuvB8UBimDAt+0IvnMXXNL5ZLii2\npX3zPz79uR2AO7Uwz5P+0Q8yxklMjQEMAEnb60JEBDe9SxKvEshI9CNWfGvRuQpv\nZ9y4HJzidVuZ9N/vqMEgxRfekLDizFjHTA9Jo4mxaJ0RZenS0H00O2V6DTMtuPgh\ncK2PB3K8hdHl1AbYn5wmOAbtptjHKIX0fBkfJZxDhpWat/0vl4Xt2SjKGG4tzhq1\nV4mTVVtipzu3xrwkUOjxa8N7WBPG8wdpM5jXb3avSYc4/62i4O58G7Rrs3sLYTik\njqWqRb6Bs7SDxoUbfoFU3DbdjuGgaKNHLnZJ53mdkjVGrQgFBQ2fuPNrPng4DDAD\nBQ/frjII/OMDs5ECmSgXAdEvsGe4kumaLFoG7CRF+ED60hz3cp/qTW3pVF3pBbU4\nlwIDAQABo0UwQzAdBgNVHQ4EFgQU8CbZhX8X0NNsMdnMSNtn5efCIvMwEgYDVR0T\nAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIB\nAIw73faD6lxpsWsG2T9JMikAWr0FI/sn1Au8uGReLLOGY/Vv7//p81Tlq+WCl+72\nDgmpYuOdIzihZoEJKfv+uG6/ktXSRhFZjPpT03DsF9RzKQYxL+eOAvH8tR56B0Nd\nJr3VvEp6XbkFm99KyKqBZF1Ah5m+DV9o0FS2hcA47n1naiBWUbJF4Upo8OEM435m\nEXh2qYaPwYLcfcwp9uKG/Uy1T/hO+LTCNc/Ihol4vYchf6lHVnVibSUZ35qRj5Jh\nyFXCeuOBufgG/gNREppyxSUoHzid+8VWFnE/0tQ1cTdHRntRLCSZQ7AXmkOr3BB0\nBBoVs2vzvwYqPK6ZVeZCQ5x8q2Xuh1DfHuwsVmGbMkTArmUasskqE3O204ITLpT7\n/m3jH+M6fBAdiaVlmb/3Ux52mKJRlWF6mAvpgOPN252IZBEk+otRRnJg7h5S09ma\njAyf1vjx6+lVDFDYyF0Xb4KNY12UUdvj1Mnh9hQHck2pZQFoSbDRx8Q0i37FiZ/O\nWGJ8KADWC/kwkOQtPjDnk231LVjqGxSgkVq2l+G24SFdgr1ahU6EZ8IYx1q/IImc\nb/bTnD0ok6IGvo/rXq3LxsqkeGMSIolyFgolp3vLGlkNpYKG814jA413nV5opOuV\nM+qV2zT5HhbaCo452IBfdl/z0QfdvgFFVM14szxgSvet\n-----END CERTIFICATE-----\n" 2023-04-02 19:53:26 DEBUG StatusDiff:49 - Desired Status path /listeners/1/certificates/0 has value "-----BEGIN CERTIFICATE-----\nMIIFLTCCAxWgAwIBAgIUEOKORKN1+vHVaFCqF0t6veTqhKowDQYJKoZIhvcNAQEN\nBQAwLTETMBEGA1UECgwKaW8uc3RyaW16aTEWMBQGA1UEAwwNY2x1c3Rlci1jYSB2\nMTAeFw0yMzA0MDIxOTQzMDFaFw0yNDA0MDExOTQzMDFaMC0xEzARBgNVBAoMCmlv\nLnN0cmltemkxFjAUBgNVBAMMDWNsdXN0ZXItY2EgdjEwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCeeynSfF+vVBSgFQbBvht2FaT2OEVRPJkdRsmetprW\neM0fiUdJSrWtEkRP0M2xe8dKB1PMBYCs9Zu8HmSCaEk52ghPIjmE/V9jShC3Dhnk\ny0SUVVXD8+IGD7jKsVqLah6zCa8wP7j9DOD11LirFD2YLTd9zwR8RZ83plvxlkye\nroi61zvTrnUEC7IWxuRuFlYAMcRJwpMFQnD2/IB5G4Gn3RyXQsCa+XQYXGCdXeJC\nWDi4RZr0raMxwu5WhT7qNpRY/yKO9nkyGpUzHYpZRHPJYsFYqYwqg+aJPzPCBaRH\nBskMpD/S/zQiWjnqyl3O0/kkDZ/xD8kFWXC1tRYnuyR+WO60jF9HRgL6TUEbfcNe\nrjm04MpthUA8xRTYBJlCn/wEm05c14eSaO1e6julWZh1z7xr+4P08G0Ce3w1IY9m\noUBc4N5Z953gDbZcE5rMCCMlJHZtibumRDN89s/h1w0F3Qb/ijYnAceiXiicBKMl\nA1s1RQ9jFtfKprtz0aDiLBIQwrYYjyQXkxUBYnw3tqrPs347BgvrUw+mvyi51ego\nOs7NnZyfUzw9Mook1D9iBELYjhUqait2pbKoPu9Ob1ZG21F7jQ3ecgGTFrO7RpdV\ncRSkRehhBjbPLCxxnV1kvivyKgtDl4hhqiC+heIXIXGs3/NkH6K6nQgrGQlM3eXf\nNwIDAQABo0UwQzAdBgNVHQ4EFgQUUmMS+R1RxIBONf6rVuejGjs7/60wEgYDVR0T\nAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIB\nADzk7Rn16AYzN44F3J+h4cR5rWFkK0NT1WZ3/nvy6b3S0GW/phSXFOM/G1rYQlfn\nU+Jzd6Zxcs2epeeh+yuBrumUC1J6GVwa9tr3ZwJvGhheo4TViz0KwnOhx2gmriL4\nltYq7R69WLT6xNDcML9VyHq1+4r1x6LpExUGiVHjfcXR5SYgs66jnnBBECErJeFi\nuhdb42H1Gb7gCu1g6kujMJ1gi2YBhaTcspf4uqBSZuTet3i7CXprSxwS1nuAhJya\n83JNsQOwDZMXnJw/dVjLSIXC1O3UjVzy26NnGyUXD10KEV+rLxhNUlQTOqexgzs6\nIlxHjipKzYKR6DHWgY3idc4eVCb4DPf2DU/EM+2W7xg9J8sbOM2fpzOp0I5ptMj5\nmGmwvTKI09xBW+Edq6ij1P9e/QqOQ1iSTUwmdy1KY7BO0Pg9CoU9QeSCs3pZ6CnY\nNlkGkKZMFeQGwEpoOioaMVDXM1yoqfBscEIY3gc0+Mx0aJe/F5KhS13mGK1hJ13X\nGbXg/nmus/Cj9hAcBg7M9pyhnMND+Uxc9V7ISxG9hr4pDDNANwMUGA9hiLyN388X\nuvYXHaOH3CFjadJ9GizlCwTBA9l1HwIMWmW5uHw+iwtfQ1ouWo+3lHkcSMITWfwd\nU9G+VIZlZ3q7tNB2COI91icXGgMTEQfnk3CJ1/QTdL/n\n-----END CERTIFICATE-----\n" 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG Reflector:225 - Event received MODIFIED Kafka resourceVersion v2354744 for kafka.strimzi.io/v1beta2/kafkas 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 INFO OperatorWatcher:38 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Kafka my-cluster-8ba803c1 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:26 INFO CrdOperator:133 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Status of Kafka my-cluster-8ba803c1 in namespace namespace-0 has been updated 2023-04-02 19:53:26 DEBUG AbstractOperator:373 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:53:26 DEBUG AbstractOperator:330 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Completed status update 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG AbstractOperator:568 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Updated metric strimzi.resource.state[tag(kind=Kafka),tag(name=my-cluster-8ba803c1),tag(reason=none),tag(resource-namespace=namespace-0)] = 1 2023-04-02 19:53:26 INFO AbstractOperator:510 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): reconciled 2023-04-02 19:53:26 DEBUG AbstractOperator:376 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Lock lock::namespace-0::Kafka::my-cluster-8ba803c1 acquired 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 INFO AbstractOperator:239 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka my-cluster-8ba803c1 will be checked for creation or modification 2023-04-02 19:53:26 DEBUG AbstractOperator:447 - Reconciliation #2(watch) Kafka(namespace-0/my-cluster-8ba803c1): Lock lock::namespace-0::Kafka::my-cluster-8ba803c1 released 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG KafkaAssemblyOperator:281 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Status is already set. No need to set initial status 2023-04-02 19:53:26 DEBUG Ca:812 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): cluster-ca: The CA certificate in secret my-cluster-8ba803c1-cluster-ca-cert already exists and does not need renewing 2023-04-02 19:53:26 DEBUG Ca:667 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): cluster-ca renewalType NOOP 2023-04-02 19:53:26 DEBUG Ca:812 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): clients-ca: The CA certificate in secret my-cluster-8ba803c1-clients-ca-cert already exists and does not need renewing 2023-04-02 19:53:26 DEBUG Ca:667 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): clients-ca renewalType NOOP 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-cluster-ca-cert already exists, updating it 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cluster-ca-cert in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-clients-ca-cert already exists, updating it 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca-cert diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca-cert diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca-cert diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca-cert diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-clients-ca-cert in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-cluster-ca already exists, updating it 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-clients-ca already exists, updating it 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-clients-ca in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cluster-ca in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:26 DEBUG Ca:1241 - Secret namespace-0/my-cluster-8ba803c1-cluster-operator-certs generation anno = 1, current CA generation = 1 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-cluster-operator-certs already exists, updating it 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-operator-certs diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-operator-certs diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-operator-certs diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-operator-certs diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cluster-operator-certs in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:26 DEBUG CaReconciler:490 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current cluster CA cert generation 1 2023-04-02 19:53:26 DEBUG CaReconciler:496 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 cluster CA cert generation 1 2023-04-02 19:53:26 DEBUG CaReconciler:496 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-exporter-d768b547b-fcvwn cluster CA cert generation 0 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG VersionChangeCreator:260 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): No Kafka version change 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy namespace-0/my-cluster-8ba803c1-network-policy-zookeeper already exists, updating it 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/spec/policyTypes"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/status"} 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG ZooKeeperReconciler:349 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka.spec.kafka.version is unchanged therefore no change to Zookeeper is required 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount namespace-0/my-cluster-8ba803c1-zookeeper already exists, updating it 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount my-cluster-8ba803c1-zookeeper in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-zookeeper-0 already exists, updating it 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/status"} 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-zookeeper-1 already exists, updating it 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/status"} 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-zookeeper-2 already exists, updating it 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/status"} 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/my-cluster-8ba803c1-zookeeper-client already exists, updating it 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/spec/clusterIP"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/spec/clusterIPs"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/spec/internalTrafficPolicy"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/spec/sessionAffinity"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/status"} 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Service my-cluster-8ba803c1-zookeeper-client in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/my-cluster-8ba803c1-zookeeper-nodes already exists, updating it 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/spec/clusterIPs"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/spec/internalTrafficPolicy"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/spec/sessionAffinity"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/status"} 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Service my-cluster-8ba803c1-zookeeper-nodes in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:26 DEBUG Ca:202 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): cluster-ca: Reconciling zookeeper certificates 2023-04-02 19:53:26 DEBUG Ca:489 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-zookeeper-0 already exists 2023-04-02 19:53:26 DEBUG Ca:489 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-zookeeper-1 already exists 2023-04-02 19:53:26 DEBUG Ca:489 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-zookeeper-2 already exists 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-zookeeper-nodes already exists, updating it 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-zookeeper-nodes in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-zookeeper-config already exists, updating it 2023-04-02 19:53:26 DEBUG ConfigMapOperator:52 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-zookeeper-config in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PodDisruptionBudget namespace-0/my-cluster-8ba803c1-zookeeper already exists, updating it 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/status"} 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PodDisruptionBudget my-cluster-8ba803c1-zookeeper in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet namespace-0/my-cluster-8ba803c1-zookeeper already exists, updating it 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:26 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:26 DEBUG ResourceDiff:62 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet my-cluster-8ba803c1-zookeeper differs: {"op":"replace","path":"/spec/pods/0/spec/terminationGracePeriodSeconds","value":30} 2023-04-02 19:53:26 DEBUG ResourceDiff:63 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current StrimziPodSet my-cluster-8ba803c1-zookeeper path /spec/pods/0/spec/terminationGracePeriodSeconds has value 30 2023-04-02 19:53:26 DEBUG ResourceDiff:64 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired StrimziPodSet my-cluster-8ba803c1-zookeeper path /spec/pods/0/spec/terminationGracePeriodSeconds has value 30 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:26 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 has been patched 2023-04-02 19:53:26 DEBUG ZooKeeperRoller:76 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-1 does not need to be rolled 2023-04-02 19:53:26 DEBUG ZooKeeperRoller:76 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-2 does not need to be rolled 2023-04-02 19:53:26 DEBUG ZooKeeperRoller:76 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-0 does not need to be rolled 2023-04-02 19:53:26 DEBUG ReconcilerUtils:88 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Checking readiness of pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 2023-04-02 19:53:26 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 to get ready 2023-04-02 19:53:26 DEBUG ReconcilerUtils:88 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Checking readiness of pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 2023-04-02 19:53:26 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 to get ready 2023-04-02 19:53:26 DEBUG ReconcilerUtils:88 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Checking readiness of pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 2023-04-02 19:53:26 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 to get ready 2023-04-02 19:53:26 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 is ready 2023-04-02 19:53:26 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 is ready 2023-04-02 19:53:26 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 is ready 2023-04-02 19:53:26 DEBUG ZooKeeperReconciler:912 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Verifying that Zookeeper is configured to run with 3 replicas 2023-04-02 19:53:26 DEBUG ZookeeperScaler:76 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Creating Zookeeper Scaler for cluster my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181 2023-04-02 19:53:26 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for ZooKeeperAdmin connection to my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181 to get connected 2023-04-02 19:53:27 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354753 for v1/pods 2023-04-02 19:53:27 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-exporter-d768b547b-fcvwn in namespace namespace-0 was MODIFIED 2023-04-02 19:53:27 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-kafka-exporter-d768b547b-fcvwn in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:53:27 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354754 for v1/pods 2023-04-02 19:53:27 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-exporter-d768b547b-fcvwn in namespace namespace-0 was MODIFIED 2023-04-02 19:53:27 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-kafka-exporter-d768b547b-fcvwn in namespace namespace-0 which was MODIFIED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:53:27 DEBUG Reflector:225 - Event received DELETED Pod resourceVersion v2354756 for v1/pods 2023-04-02 19:53:27 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-exporter-d768b547b-fcvwn in namespace namespace-0 was DELETED 2023-04-02 19:53:27 DEBUG StrimziPodSetController:257 - Pod my-cluster-8ba803c1-kafka-exporter-d768b547b-fcvwn in namespace namespace-0 which was DELETED does not seem to be controlled by any StrimziPodSet and will be ignored 2023-04-02 19:53:27 DEBUG ZookeeperScaler:159 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Received event WatchedEvent state:SyncConnected type:None path:null from ZooKeeperAdmin client connected to my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181 2023-04-02 19:53:27 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ZooKeeperAdmin connection to my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181 is connected 2023-04-02 19:53:27 DEBUG ZookeeperScaler:217 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Zookeeper configuration is {server.2=my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2888:3888:participant;127.0.0.1:12181, server.1=my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2888:3888:participant;127.0.0.1:12181, server.3=my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2888:3888:participant;127.0.0.1:12181} 2023-04-02 19:53:27 DEBUG ZookeeperScaler:200 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): The Zookeeper server configuration is already up to date 2023-04-02 19:53:27 DEBUG ZookeeperScaler:159 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Received event WatchedEvent state:Closed type:None path:null from ZooKeeperAdmin client connected to my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181 2023-04-02 19:53:27 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Endpoints resource my-cluster-8ba803c1-zookeeper-client in namespace namespace-0 to get ready 2023-04-02 19:53:27 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Endpoints resource my-cluster-8ba803c1-zookeeper-client in namespace namespace-0 is ready 2023-04-02 19:53:27 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Endpoints resource my-cluster-8ba803c1-zookeeper-nodes in namespace namespace-0 to get ready 2023-04-02 19:53:27 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Endpoints resource my-cluster-8ba803c1-zookeeper-nodes in namespace namespace-0 is ready 2023-04-02 19:53:27 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:27 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:27 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy namespace-0/my-cluster-8ba803c1-network-policy-kafka already exists, updating it 2023-04-02 19:53:27 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:27 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:53:27 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:27 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:27 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:27 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/spec/policyTypes"} 2023-04-02 19:53:27 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/status"} 2023-04-02 19:53:27 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy my-cluster-8ba803c1-network-policy-kafka in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:27 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:27 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:27 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-kafka-0 already exists, updating it 2023-04-02 19:53:27 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:53:27 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:27 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:53:27 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:27 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:27 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:27 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/status"} 2023-04-02 19:53:27 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-kafka-1 already exists, updating it 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/status"} 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-kafka-2 already exists, updating it 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/status"} 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount namespace-0/my-cluster-8ba803c1-kafka already exists, updating it 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount my-cluster-8ba803c1-kafka in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:28 DEBUG AbstractNonNamespacedResourceOperator:100 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ClusterRoleBinding strimzi-namespace-0-my-cluster-8ba803c1-kafka-init does not exist, noop 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:151 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Reconciling existing Service resources [my-cluster-8ba803c1-kafka-brokers, my-cluster-8ba803c1-kafka-bootstrap] against the desired Service resources 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:160 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/[] should be deleted 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/my-cluster-8ba803c1-kafka-bootstrap already exists, updating it 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/my-cluster-8ba803c1-kafka-brokers already exists, updating it 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/spec/clusterIP"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/spec/clusterIPs"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/spec/internalTrafficPolicy"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/spec/clusterIPs"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/spec/sessionAffinity"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/status"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/spec/internalTrafficPolicy"} 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Service my-cluster-8ba803c1-kafka-bootstrap in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/spec/sessionAffinity"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/status"} 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Service my-cluster-8ba803c1-kafka-brokers in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:151 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Reconciling existing Ingress resources [] against the desired Ingress resources 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:160 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ingress namespace-0/[] should be deleted 2023-04-02 19:53:28 DEBUG KafkaListenersReconciler:739 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Validating secret [] with custom TLS listener certificates 2023-04-02 19:53:28 DEBUG KafkaListenersReconciler:827 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Adding certificate to status for listener: tls 2023-04-02 19:53:28 DEBUG Ca:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): cluster-ca: Reconciling kafka broker certificates 2023-04-02 19:53:28 DEBUG Ca:489 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-kafka-0 already exists 2023-04-02 19:53:28 DEBUG Ca:489 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-kafka-1 already exists 2023-04-02 19:53:28 DEBUG Ca:489 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-kafka-2 already exists 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-kafka-brokers already exists, updating it 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-kafka-brokers in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-kafka-0 already exists, updating it 2023-04-02 19:53:28 DEBUG ConfigMapOperator:52 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-kafka-0 in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-kafka-2 already exists, updating it 2023-04-02 19:53:28 DEBUG ConfigMapOperator:52 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-kafka-2 in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-kafka-1 already exists, updating it 2023-04-02 19:53:28 DEBUG ConfigMapOperator:52 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-kafka-1 in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PodDisruptionBudget namespace-0/my-cluster-8ba803c1-kafka already exists, updating it 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/status"} 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): PodDisruptionBudget my-cluster-8ba803c1-kafka in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:28 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:28 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:28 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:28 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet namespace-0/my-cluster-8ba803c1-kafka already exists, updating it 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:28 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:28 DEBUG ResourceDiff:62 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet my-cluster-8ba803c1-kafka differs: {"op":"replace","path":"/spec/pods/0/spec/terminationGracePeriodSeconds","value":30} 2023-04-02 19:53:28 DEBUG ResourceDiff:63 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current StrimziPodSet my-cluster-8ba803c1-kafka path /spec/pods/0/spec/terminationGracePeriodSeconds has value 30 2023-04-02 19:53:28 DEBUG ResourceDiff:64 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired StrimziPodSet my-cluster-8ba803c1-kafka path /spec/pods/0/spec/terminationGracePeriodSeconds has value 30 2023-04-02 19:53:28 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:28 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:28 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:28 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:28 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:28 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:28 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 has been patched 2023-04-02 19:53:28 DEBUG KafkaRoller:220 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Verifying cluster pods are up-to-date. 2023-04-02 19:53:28 DEBUG KafkaRoller:228 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Initial order for updating pods (rolling restart or dynamic update) is [my-cluster-8ba803c1-kafka-0, my-cluster-8ba803c1-kafka-1, my-cluster-8ba803c1-kafka-2] 2023-04-02 19:53:28 DEBUG KafkaRoller:303 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-0 after a delay of 0 MILLISECONDS 2023-04-02 19:53:28 DEBUG KafkaRoller:747 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091,my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091,my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.bootstrap.servers","value":"my-cluster-8ba803c1-kafka-brokers:9091"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.bootstrap.servers has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.bootstrap.servers has value "my-cluster-8ba803c1-kafka-brokers:9091" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.security.protocol","value":"SSL"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.security.protocol has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.security.protocol has value "SSL" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.endpoint.identification.algorithm","value":"HTTPS"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.endpoint.identification.algorithm has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.endpoint.identification.algorithm has value "HTTPS" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.keystore.location","value":"/tmp/kafka/cluster.keystore.p12"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.location has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.location has value "/tmp/kafka/cluster.keystore.p12" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.password has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.keystore.type","value":"PKCS12"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.type has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.type has value "PKCS12" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.truststore.location","value":"/tmp/kafka/cluster.truststore.p12"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.location has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.location has value "/tmp/kafka/cluster.truststore.p12" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.password has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.truststore.type","value":"PKCS12"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.type has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.type has value "PKCS12" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic","value":"strimzi.cruisecontrol.metrics"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic has value "strimzi.cruisecontrol.metrics" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.auto.create","value":"true"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.auto.create has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.auto.create has value "true" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.min.insync.replicas","value":"1"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.min.insync.replicas has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.min.insync.replicas has value "1" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.num.partitions","value":"1"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.num.partitions has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.num.partitions has value "1" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.replication.factor","value":"3"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.replication.factor has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.replication.factor has value "3" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/listener.name.controlplane-9090.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.controlplane-9090.ssl.keystore.password has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.controlplane-9090.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/listener.name.controlplane-9090.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.controlplane-9090.ssl.truststore.password has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.controlplane-9090.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/listener.name.replication-9091.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.replication-9091.ssl.keystore.password has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.replication-9091.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/listener.name.replication-9091.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.replication-9091.ssl.truststore.password has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.replication-9091.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/listener.name.tls-9093.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.tls-9093.ssl.keystore.password has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.tls-9093.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/listener.name.tls-9093.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.tls-9093.ssl.truststore.password has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.tls-9093.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/zookeeper.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path zookeeper.ssl.keystore.password has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path zookeeper.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/zookeeper.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path zookeeper.ssl.truststore.password has value "null" 2023-04-02 19:53:28 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path zookeeper.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:28 DEBUG KafkaBrokerLoggingConfigurationDiff:133 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Treating the line as ENV var declaration: kafka.root.logger.level=DEBUG 2023-04-02 19:53:28 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender 2023-04-02 19:53:28 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout 2023-04-02 19:53:28 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} %p %m (%c) [%t]%n 2023-04-02 19:53:28 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: kafka.root.logger.level=DEBUG 2023-04-02 19:53:28 DEBUG KafkaRoller:531 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-0 logging needs to be reconfigured. 2023-04-02 19:53:28 DEBUG KafkaRoller:747 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:53:29 DEBUG KafkaRoller:800 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 0 2023-04-02 19:53:29 DEBUG KafkaRoller:366 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-0 is controller and there are other pods to verify. Non-controller pods will be verified first. 2023-04-02 19:53:29 INFO KafkaRoller:327 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-0 is up-to-date due to ForceableProblem: Pod my-cluster-8ba803c1-kafka-0 is controller and there are other pods to verify. Non-controller pods will be verified first, retrying after at least 250ms 2023-04-02 19:53:29 DEBUG KafkaRoller:303 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 0 MILLISECONDS 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.bootstrap.servers","value":"my-cluster-8ba803c1-kafka-brokers:9091"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.bootstrap.servers has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.bootstrap.servers has value "my-cluster-8ba803c1-kafka-brokers:9091" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.security.protocol","value":"SSL"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.security.protocol has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.security.protocol has value "SSL" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.endpoint.identification.algorithm","value":"HTTPS"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.endpoint.identification.algorithm has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.endpoint.identification.algorithm has value "HTTPS" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.keystore.location","value":"/tmp/kafka/cluster.keystore.p12"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.location has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.location has value "/tmp/kafka/cluster.keystore.p12" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.keystore.type","value":"PKCS12"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.type has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.type has value "PKCS12" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.truststore.location","value":"/tmp/kafka/cluster.truststore.p12"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.location has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.location has value "/tmp/kafka/cluster.truststore.p12" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.truststore.type","value":"PKCS12"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.type has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.type has value "PKCS12" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic","value":"strimzi.cruisecontrol.metrics"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic has value "strimzi.cruisecontrol.metrics" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.auto.create","value":"true"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.auto.create has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.auto.create has value "true" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.min.insync.replicas","value":"1"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.min.insync.replicas has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.min.insync.replicas has value "1" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.num.partitions","value":"1"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.num.partitions has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.num.partitions has value "1" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.replication.factor","value":"3"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.replication.factor has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.replication.factor has value "3" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/listener.name.controlplane-9090.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.controlplane-9090.ssl.keystore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.controlplane-9090.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/listener.name.controlplane-9090.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.controlplane-9090.ssl.truststore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.controlplane-9090.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/listener.name.replication-9091.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.replication-9091.ssl.keystore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.replication-9091.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/listener.name.replication-9091.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.replication-9091.ssl.truststore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.replication-9091.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/listener.name.tls-9093.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.tls-9093.ssl.keystore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.tls-9093.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/listener.name.tls-9093.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.tls-9093.ssl.truststore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.tls-9093.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/zookeeper.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path zookeeper.ssl.keystore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path zookeeper.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 1 Config Differs : {"op":"replace","path":"/zookeeper.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path zookeeper.ssl.truststore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path zookeeper.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerLoggingConfigurationDiff:133 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Treating the line as ENV var declaration: kafka.root.logger.level=DEBUG 2023-04-02 19:53:29 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender 2023-04-02 19:53:29 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout 2023-04-02 19:53:29 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} %p %m (%c) [%t]%n 2023-04-02 19:53:29 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: kafka.root.logger.level=DEBUG 2023-04-02 19:53:29 DEBUG KafkaRoller:531 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 logging needs to be reconfigured. 2023-04-02 19:53:29 DEBUG KafkaRoller:747 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:53:29 DEBUG KafkaRoller:800 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 0 2023-04-02 19:53:29 DEBUG KafkaAvailability:62 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 1 can be rolled 2023-04-02 19:53:29 DEBUG KafkaAvailability:216 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:53:29 DEBUG KafkaAvailability:51 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:53:29 DEBUG KafkaAvailability:202 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:53:29 DEBUG KafkaAvailability:69 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:53:29 DEBUG KafkaAvailability:161 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 7 topics 2023-04-02 19:53:29 DEBUG KafkaAvailability:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 7 topics 2023-04-02 19:53:29 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.modeltrainingsamples has min.insync.replicas=1. 2023-04-02 19:53:29 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): __consumer_offsets has min.insync.replicas=1. 2023-04-02 19:53:29 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.partitionmetricsamples has min.insync.replicas=1. 2023-04-02 19:53:29 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi-topic-operator-kstreams-topic-store-changelog has min.insync.replicas=1. 2023-04-02 19:53:29 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic has min.insync.replicas=2. 2023-04-02 19:53:29 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): my-topic-979356188-68329333 has min.insync.replicas=1. 2023-04-02 19:53:29 DEBUG KafkaAvailability:112 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): my-topic-979356188-68329333/0 will be under-replicated (ISR={1}, replicas=[1], min.insync.replicas=1) if broker 1 is restarted, but there are only 1 replicas. 2023-04-02 19:53:29 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.metrics has min.insync.replicas=1. 2023-04-02 19:53:29 DEBUG KafkaRoller:578 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Updating broker configuration my-cluster-8ba803c1-kafka-1 2023-04-02 19:53:29 INFO KafkaRoller:595 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Dynamic update of pod my-cluster-8ba803c1-kafka-1 was successful. 2023-04-02 19:53:29 DEBUG KafkaRoller:689 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for restarted pod my-cluster-8ba803c1-kafka-1 to become ready 2023-04-02 19:53:29 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-1 in namespace namespace-0 to get ready 2023-04-02 19:53:29 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-1 in namespace namespace-0 is ready 2023-04-02 19:53:29 DEBUG KafkaRoller:691 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 is now ready 2023-04-02 19:53:29 DEBUG KafkaRoller:303 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 0 MILLISECONDS 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.bootstrap.servers","value":"my-cluster-8ba803c1-kafka-brokers:9091"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.bootstrap.servers has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.bootstrap.servers has value "my-cluster-8ba803c1-kafka-brokers:9091" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.security.protocol","value":"SSL"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.security.protocol has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.security.protocol has value "SSL" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.endpoint.identification.algorithm","value":"HTTPS"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.endpoint.identification.algorithm has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.endpoint.identification.algorithm has value "HTTPS" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.keystore.location","value":"/tmp/kafka/cluster.keystore.p12"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.location has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.location has value "/tmp/kafka/cluster.keystore.p12" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.keystore.type","value":"PKCS12"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.type has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.type has value "PKCS12" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.truststore.location","value":"/tmp/kafka/cluster.truststore.p12"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.location has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.location has value "/tmp/kafka/cluster.truststore.p12" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.truststore.type","value":"PKCS12"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.type has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.type has value "PKCS12" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic","value":"strimzi.cruisecontrol.metrics"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic has value "strimzi.cruisecontrol.metrics" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.auto.create","value":"true"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.auto.create has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.auto.create has value "true" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.min.insync.replicas","value":"1"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.min.insync.replicas has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.min.insync.replicas has value "1" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.num.partitions","value":"1"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.num.partitions has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.num.partitions has value "1" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.replication.factor","value":"3"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.replication.factor has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.replication.factor has value "3" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/listener.name.controlplane-9090.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.controlplane-9090.ssl.keystore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.controlplane-9090.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/listener.name.controlplane-9090.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.controlplane-9090.ssl.truststore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.controlplane-9090.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/listener.name.replication-9091.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.replication-9091.ssl.keystore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.replication-9091.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/listener.name.replication-9091.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.replication-9091.ssl.truststore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.replication-9091.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/listener.name.tls-9093.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.tls-9093.ssl.keystore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.tls-9093.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/listener.name.tls-9093.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.tls-9093.ssl.truststore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.tls-9093.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/zookeeper.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path zookeeper.ssl.keystore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path zookeeper.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 2 Config Differs : {"op":"replace","path":"/zookeeper.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path zookeeper.ssl.truststore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path zookeeper.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerLoggingConfigurationDiff:133 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Treating the line as ENV var declaration: kafka.root.logger.level=DEBUG 2023-04-02 19:53:29 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender 2023-04-02 19:53:29 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout 2023-04-02 19:53:29 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} %p %m (%c) [%t]%n 2023-04-02 19:53:29 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: kafka.root.logger.level=DEBUG 2023-04-02 19:53:29 DEBUG KafkaRoller:531 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 logging needs to be reconfigured. 2023-04-02 19:53:29 DEBUG KafkaRoller:747 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:53:29 DEBUG KafkaRoller:800 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 0 2023-04-02 19:53:29 DEBUG KafkaAvailability:62 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 2 can be rolled 2023-04-02 19:53:29 DEBUG KafkaAvailability:216 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:53:29 DEBUG KafkaAvailability:51 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:53:29 DEBUG KafkaAvailability:202 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:53:29 DEBUG KafkaAvailability:69 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:53:29 DEBUG KafkaAvailability:161 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 6 topics 2023-04-02 19:53:29 DEBUG KafkaAvailability:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 6 topics 2023-04-02 19:53:29 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.modeltrainingsamples has min.insync.replicas=1. 2023-04-02 19:53:29 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): __consumer_offsets has min.insync.replicas=1. 2023-04-02 19:53:29 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.partitionmetricsamples has min.insync.replicas=1. 2023-04-02 19:53:29 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi-topic-operator-kstreams-topic-store-changelog has min.insync.replicas=1. 2023-04-02 19:53:29 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic has min.insync.replicas=2. 2023-04-02 19:53:29 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.metrics has min.insync.replicas=1. 2023-04-02 19:53:29 DEBUG KafkaRoller:578 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Updating broker configuration my-cluster-8ba803c1-kafka-2 2023-04-02 19:53:29 INFO KafkaRoller:595 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Dynamic update of pod my-cluster-8ba803c1-kafka-2 was successful. 2023-04-02 19:53:29 DEBUG KafkaRoller:689 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for restarted pod my-cluster-8ba803c1-kafka-2 to become ready 2023-04-02 19:53:29 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-2 in namespace namespace-0 to get ready 2023-04-02 19:53:29 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-2 in namespace namespace-0 is ready 2023-04-02 19:53:29 DEBUG KafkaRoller:691 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 is now ready 2023-04-02 19:53:29 DEBUG KafkaRoller:303 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-0 after a delay of 250 MILLISECONDS 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.bootstrap.servers","value":"my-cluster-8ba803c1-kafka-brokers:9091"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.bootstrap.servers has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.bootstrap.servers has value "my-cluster-8ba803c1-kafka-brokers:9091" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.security.protocol","value":"SSL"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.security.protocol has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.security.protocol has value "SSL" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.endpoint.identification.algorithm","value":"HTTPS"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.endpoint.identification.algorithm has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.endpoint.identification.algorithm has value "HTTPS" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.keystore.location","value":"/tmp/kafka/cluster.keystore.p12"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.location has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.location has value "/tmp/kafka/cluster.keystore.p12" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.keystore.type","value":"PKCS12"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.type has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.keystore.type has value "PKCS12" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.truststore.location","value":"/tmp/kafka/cluster.truststore.p12"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.location has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.location has value "/tmp/kafka/cluster.truststore.p12" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.reporter.ssl.truststore.type","value":"PKCS12"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.type has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.reporter.ssl.truststore.type has value "PKCS12" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic","value":"strimzi.cruisecontrol.metrics"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic has value "strimzi.cruisecontrol.metrics" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.auto.create","value":"true"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.auto.create has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.auto.create has value "true" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.min.insync.replicas","value":"1"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.min.insync.replicas has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.min.insync.replicas has value "1" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.num.partitions","value":"1"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.num.partitions has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.num.partitions has value "1" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/cruise.control.metrics.topic.replication.factor","value":"3"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path cruise.control.metrics.topic.replication.factor has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path cruise.control.metrics.topic.replication.factor has value "3" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/listener.name.controlplane-9090.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.controlplane-9090.ssl.keystore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.controlplane-9090.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/listener.name.controlplane-9090.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.controlplane-9090.ssl.truststore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.controlplane-9090.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/listener.name.replication-9091.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.replication-9091.ssl.keystore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.replication-9091.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/listener.name.replication-9091.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.replication-9091.ssl.truststore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.replication-9091.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/listener.name.tls-9093.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.tls-9093.ssl.keystore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.tls-9093.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/listener.name.tls-9093.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path listener.name.tls-9093.ssl.truststore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path listener.name.tls-9093.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/zookeeper.ssl.keystore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path zookeeper.ssl.keystore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path zookeeper.ssl.keystore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:195 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Kafka Broker 0 Config Differs : {"op":"replace","path":"/zookeeper.ssl.truststore.password","value":"${CERTS_STORE_PASSWORD}"} 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:196 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Kafka Broker Config path zookeeper.ssl.truststore.password has value "null" 2023-04-02 19:53:29 DEBUG KafkaBrokerConfigurationDiff:197 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Kafka Broker Config path zookeeper.ssl.truststore.password has value "${CERTS_STORE_PASSWORD}" 2023-04-02 19:53:29 DEBUG KafkaBrokerLoggingConfigurationDiff:133 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Treating the line as ENV var declaration: kafka.root.logger.level=DEBUG 2023-04-02 19:53:29 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender 2023-04-02 19:53:29 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout 2023-04-02 19:53:29 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} %p %m (%c) [%t]%n 2023-04-02 19:53:29 DEBUG KafkaBrokerLoggingConfigurationDiff:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Skipping log4j line: kafka.root.logger.level=DEBUG 2023-04-02 19:53:29 DEBUG KafkaRoller:531 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-0 logging needs to be reconfigured. 2023-04-02 19:53:29 DEBUG KafkaRoller:747 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:53:30 DEBUG KafkaRoller:800 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Controller is 0 2023-04-02 19:53:30 DEBUG KafkaAvailability:62 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 0 can be rolled 2023-04-02 19:53:30 DEBUG KafkaAvailability:216 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:53:30 DEBUG KafkaAvailability:51 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic names 2023-04-02 19:53:30 DEBUG KafkaAvailability:202 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Got topic descriptions for 7 topics 2023-04-02 19:53:30 DEBUG KafkaAvailability:69 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Got 7 topic descriptions 2023-04-02 19:53:30 DEBUG KafkaAvailability:161 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Getting topic configs for 6 topics 2023-04-02 19:53:30 DEBUG KafkaAvailability:170 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Got topic configs for 6 topics 2023-04-02 19:53:30 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.modeltrainingsamples has min.insync.replicas=1. 2023-04-02 19:53:30 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): __consumer_offsets has min.insync.replicas=1. 2023-04-02 19:53:30 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.partitionmetricsamples has min.insync.replicas=1. 2023-04-02 19:53:30 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi-topic-operator-kstreams-topic-store-changelog has min.insync.replicas=1. 2023-04-02 19:53:30 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): __strimzi_store_topic has min.insync.replicas=2. 2023-04-02 19:53:30 DEBUG KafkaAvailability:101 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): strimzi.cruisecontrol.metrics has min.insync.replicas=1. 2023-04-02 19:53:30 DEBUG KafkaRoller:578 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Updating broker configuration my-cluster-8ba803c1-kafka-0 2023-04-02 19:53:30 INFO KafkaRoller:595 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Dynamic update of pod my-cluster-8ba803c1-kafka-0 was successful. 2023-04-02 19:53:30 DEBUG KafkaRoller:689 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for restarted pod my-cluster-8ba803c1-kafka-0 to become ready 2023-04-02 19:53:30 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-0 in namespace namespace-0 to get ready 2023-04-02 19:53:30 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-0 in namespace namespace-0 is ready 2023-04-02 19:53:30 DEBUG KafkaRoller:691 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-0 is now ready 2023-04-02 19:53:30 DEBUG ReconcilerUtils:88 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Checking readiness of pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 2023-04-02 19:53:30 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-0 in namespace namespace-0 to get ready 2023-04-02 19:53:30 DEBUG ReconcilerUtils:88 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Checking readiness of pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 2023-04-02 19:53:30 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-1 in namespace namespace-0 to get ready 2023-04-02 19:53:30 DEBUG ReconcilerUtils:88 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Checking readiness of pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 2023-04-02 19:53:30 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-2 in namespace namespace-0 to get ready 2023-04-02 19:53:30 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-0 in namespace namespace-0 is ready 2023-04-02 19:53:30 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-1 in namespace namespace-0 is ready 2023-04-02 19:53:30 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-2 in namespace namespace-0 is ready 2023-04-02 19:53:30 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Endpoints resource my-cluster-8ba803c1-kafka-bootstrap in namespace namespace-0 to get ready 2023-04-02 19:53:30 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Endpoints resource my-cluster-8ba803c1-kafka-bootstrap in namespace namespace-0 is ready 2023-04-02 19:53:30 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Endpoints resource my-cluster-8ba803c1-kafka-brokers in namespace namespace-0 to get ready 2023-04-02 19:53:30 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Endpoints resource my-cluster-8ba803c1-kafka-brokers in namespace namespace-0 is ready 2023-04-02 19:53:30 DEBUG KafkaReconciler:1176 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Attempt to get clusterId 2023-04-02 19:53:30 DEBUG KafkaReconciler:1184 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for clusterId using my-cluster-8ba803c1-kafka-bootstrap.namespace-0.svc:9091 2023-04-02 19:53:30 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/api/v1/namespaces/namespace-0/configmaps?fieldSelector=metadata.name%3Dmy-cluster-8ba803c1-kafka-config&allowWatchBookmarks=true&watch=true... 2023-04-02 19:53:30 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:53:30 DEBUG ResourceSupport:174 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Opened watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@515bb8d2 for evaluation of observe deletion of ConfigMap namespace-0/my-cluster-8ba803c1-kafka-config 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:220 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-kafka-config has been already deleted in pre-check 2023-04-02 19:53:30 DEBUG ResourceSupport:180 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Pre-check is already complete, no need to wait for the watch: observe deletion of ConfigMap namespace-0/my-cluster-8ba803c1-kafka-config 2023-04-02 19:53:30 DEBUG ResourceSupport:59 - Closing io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@515bb8d2 2023-04-02 19:53:30 DEBUG AbstractWatchManager:226 - Force closing the watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@515bb8d2 2023-04-02 19:53:30 DEBUG Watcher:43 - Watcher closed 2023-04-02 19:53:30 DEBUG WatchConnectionManager:60 - Closing websocket io.fabric8.kubernetes.client.jdkhttp.JdkWebSocketImpl@45a153c 2023-04-02 19:53:30 DEBUG ResourceSupport:162 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Completing watch future 2023-04-02 19:53:30 DEBUG WatcherWebSocketListener:69 - WebSocket close received. code: 1000, reason: 2023-04-02 19:53:30 DEBUG AbstractWatchManager:127 - Ignoring already closed/closing connection 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount namespace-0/my-cluster-8ba803c1-entity-operator already exists, updating it 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount my-cluster-8ba803c1-entity-operator in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Role namespace-0/my-cluster-8ba803c1-entity-operator already exists, updating it 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Role my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Role my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Role my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Role my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Role my-cluster-8ba803c1-entity-operator in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): RoleBinding namespace-0/my-cluster-8ba803c1-entity-topic-operator-role already exists, updating it 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-topic-operator-role diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-topic-operator-role diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-topic-operator-role diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-topic-operator-role diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): RoleBinding my-cluster-8ba803c1-entity-topic-operator-role in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): RoleBinding namespace-0/my-cluster-8ba803c1-entity-user-operator-role already exists, updating it 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-user-operator-role diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-user-operator-role diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-user-operator-role diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring RoleBinding my-cluster-8ba803c1-entity-user-operator-role diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): RoleBinding my-cluster-8ba803c1-entity-user-operator-role in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-entity-topic-operator-config already exists, updating it 2023-04-02 19:53:30 DEBUG ConfigMapOperator:52 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-entity-topic-operator-config in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-entity-user-operator-config already exists, updating it 2023-04-02 19:53:30 DEBUG ConfigMapOperator:52 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-entity-user-operator-config in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:118 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-entity-operator-certs does not exist, noop 2023-04-02 19:53:30 DEBUG Ca:1241 - Secret namespace-0/my-cluster-8ba803c1-entity-topic-operator-certs generation anno = 1, current CA generation = 1 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-entity-topic-operator-certs already exists, updating it 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-entity-topic-operator-certs diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-entity-topic-operator-certs diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-entity-topic-operator-certs diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-entity-topic-operator-certs diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-entity-topic-operator-certs in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:30 DEBUG Ca:1241 - Secret namespace-0/my-cluster-8ba803c1-entity-user-operator-certs generation anno = 1, current CA generation = 1 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-entity-user-operator-certs already exists, updating it 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-entity-user-operator-certs diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-entity-user-operator-certs diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-entity-user-operator-certs diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:30 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-entity-user-operator-certs diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:30 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-entity-user-operator-certs in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment namespace-0/my-cluster-8ba803c1-entity-operator already exists, updating it 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-entity-operator diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG ResourceDiff:62 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment my-cluster-8ba803c1-entity-operator differs: {"op":"remove","path":"/spec/progressDeadlineSeconds"} 2023-04-02 19:53:31 DEBUG ResourceDiff:63 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Deployment my-cluster-8ba803c1-entity-operator path /spec/progressDeadlineSeconds has value 600 2023-04-02 19:53:31 DEBUG ResourceDiff:64 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Deployment my-cluster-8ba803c1-entity-operator path /spec/progressDeadlineSeconds has value 2023-04-02 19:53:31 DEBUG OperationSupport:660 - Recieved warning(s) from request https://172.30.0.1:443/apis/apps/v1/namespaces/namespace-0/deployments/my-cluster-8ba803c1-entity-operator: [299 - "would violate PodSecurity \"restricted:latest\": seccompProfile (pod or containers \"topic-operator\", \"user-operator\", \"tls-sidecar\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"] 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment my-cluster-8ba803c1-entity-operator in namespace namespace-0 has been patched 2023-04-02 19:53:31 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Deployment resource my-cluster-8ba803c1-entity-operator in namespace namespace-0 to get observed 2023-04-02 19:53:31 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment resource my-cluster-8ba803c1-entity-operator in namespace namespace-0 is observed 2023-04-02 19:53:31 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Deployment resource my-cluster-8ba803c1-entity-operator in namespace namespace-0 to get ready 2023-04-02 19:53:31 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment resource my-cluster-8ba803c1-entity-operator in namespace namespace-0 is ready 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy namespace-0/my-cluster-8ba803c1-network-policy-cruise-control already exists, updating it 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control diff {"op":"remove","path":"/spec/policyTypes"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control diff {"op":"remove","path":"/status"} 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy my-cluster-8ba803c1-network-policy-cruise-control in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount namespace-0/my-cluster-8ba803c1-cruise-control already exists, updating it 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount my-cluster-8ba803c1-cruise-control in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:31 DEBUG LoggingUtils:84 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): logging is not set, using default loggers 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-cruise-control-config already exists, updating it 2023-04-02 19:53:31 DEBUG ConfigMapOperator:52 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-cruise-control-config in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:53:31 DEBUG AbstractModel:478 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Generating certificates 2023-04-02 19:53:31 DEBUG Ca:171 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): cluster-ca: Reconciling Cruise Control certificates 2023-04-02 19:53:31 DEBUG Ca:489 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for cruise-control already exists 2023-04-02 19:53:31 DEBUG AbstractModel:484 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): End generating certificates 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-cruise-control-certs already exists, updating it 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cruise-control-certs diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cruise-control-certs diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cruise-control-certs diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cruise-control-certs diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cruise-control-certs in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-cruise-control-api already exists, updating it 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cruise-control-api diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cruise-control-api diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cruise-control-api diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cruise-control-api diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cruise-control-api in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/my-cluster-8ba803c1-cruise-control already exists, updating it 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/spec/clusterIP"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/spec/clusterIPs"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/spec/internalTrafficPolicy"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/spec/sessionAffinity"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/status"} 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Service my-cluster-8ba803c1-cruise-control in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment namespace-0/my-cluster-8ba803c1-cruise-control already exists, updating it 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-cruise-control diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG ResourceDiff:62 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment my-cluster-8ba803c1-cruise-control differs: {"op":"remove","path":"/spec/progressDeadlineSeconds"} 2023-04-02 19:53:31 DEBUG ResourceDiff:63 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Deployment my-cluster-8ba803c1-cruise-control path /spec/progressDeadlineSeconds has value 600 2023-04-02 19:53:31 DEBUG ResourceDiff:64 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Deployment my-cluster-8ba803c1-cruise-control path /spec/progressDeadlineSeconds has value 2023-04-02 19:53:31 DEBUG OperationSupport:660 - Recieved warning(s) from request https://172.30.0.1:443/apis/apps/v1/namespaces/namespace-0/deployments/my-cluster-8ba803c1-cruise-control: [299 - "would violate PodSecurity \"restricted:latest\": seccompProfile (pod or container \"cruise-control\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"] 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment my-cluster-8ba803c1-cruise-control in namespace namespace-0 has been patched 2023-04-02 19:53:31 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Deployment resource my-cluster-8ba803c1-cruise-control in namespace namespace-0 to get observed 2023-04-02 19:53:31 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment resource my-cluster-8ba803c1-cruise-control in namespace namespace-0 is observed 2023-04-02 19:53:31 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Deployment resource my-cluster-8ba803c1-cruise-control in namespace namespace-0 to get ready 2023-04-02 19:53:31 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment resource my-cluster-8ba803c1-cruise-control in namespace namespace-0 is ready 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount namespace-0/my-cluster-8ba803c1-kafka-exporter already exists, updating it 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount my-cluster-8ba803c1-kafka-exporter in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:31 DEBUG Ca:1241 - Secret namespace-0/my-cluster-8ba803c1-kafka-exporter-certs generation anno = 1, current CA generation = 1 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-kafka-exporter-certs already exists, updating it 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-kafka-exporter-certs diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-kafka-exporter-certs diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-kafka-exporter-certs diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-kafka-exporter-certs diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-kafka-exporter-certs in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment namespace-0/my-cluster-8ba803c1-kafka-exporter already exists, updating it 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Deployment my-cluster-8ba803c1-kafka-exporter diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG ResourceDiff:62 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment my-cluster-8ba803c1-kafka-exporter differs: {"op":"remove","path":"/spec/progressDeadlineSeconds"} 2023-04-02 19:53:31 DEBUG ResourceDiff:63 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Current Deployment my-cluster-8ba803c1-kafka-exporter path /spec/progressDeadlineSeconds has value 600 2023-04-02 19:53:31 DEBUG ResourceDiff:64 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Desired Deployment my-cluster-8ba803c1-kafka-exporter path /spec/progressDeadlineSeconds has value 2023-04-02 19:53:31 DEBUG OperationSupport:660 - Recieved warning(s) from request https://172.30.0.1:443/apis/apps/v1/namespaces/namespace-0/deployments/my-cluster-8ba803c1-kafka-exporter: [299 - "would violate PodSecurity \"restricted:latest\": seccompProfile (pod or container \"my-cluster-8ba803c1-kafka-exporter\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")"] 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment my-cluster-8ba803c1-kafka-exporter in namespace namespace-0 has been patched 2023-04-02 19:53:31 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Deployment resource my-cluster-8ba803c1-kafka-exporter in namespace namespace-0 to get observed 2023-04-02 19:53:31 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment resource my-cluster-8ba803c1-kafka-exporter in namespace namespace-0 is observed 2023-04-02 19:53:31 DEBUG Util:135 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Deployment resource my-cluster-8ba803c1-kafka-exporter in namespace namespace-0 to get ready 2023-04-02 19:53:31 DEBUG Util:157 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment resource my-cluster-8ba803c1-kafka-exporter in namespace namespace-0 is ready 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:118 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount namespace-0/my-cluster-8ba803c1-kafka-jmx-trans does not exist, noop 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:118 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-jmxtrans-config does not exist, noop 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:118 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Deployment namespace-0/my-cluster-8ba803c1-kafka-jmx-trans does not exist, noop 2023-04-02 19:53:31 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:31 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:31 DEBUG StatusDiff:42 - Ignoring Status diff {"op":"replace","path":"/conditions/0/lastTransitionTime","value":"2023-04-02T19:53:27.910942102Z"} 2023-04-02 19:53:31 DEBUG StatusDiff:42 - Ignoring Status diff {"op":"replace","path":"/conditions/1/lastTransitionTime","value":"2023-04-02T19:53:31.592379803Z"} 2023-04-02 19:53:31 DEBUG AbstractOperator:337 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Status did not change 2023-04-02 19:53:31 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:31 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:31 DEBUG AbstractOperator:560 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Removed metric strimzi.resource.statenamespace-0:Kafka/my-cluster-8ba803c1 2023-04-02 19:53:31 DEBUG AbstractOperator:568 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Updated metric strimzi.resource.state[tag(kind=Kafka),tag(name=my-cluster-8ba803c1),tag(reason=none),tag(resource-namespace=namespace-0)] = 1 2023-04-02 19:53:31 INFO AbstractOperator:510 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): reconciled 2023-04-02 19:53:31 DEBUG AbstractOperator:447 - Reconciliation #52(timer) Kafka(namespace-0/my-cluster-8ba803c1): Lock lock::namespace-0::Kafka::my-cluster-8ba803c1 released 2023-04-02 19:53:31 DEBUG AbstractOperator:376 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Lock lock::namespace-0::Kafka::my-cluster-8ba803c1 acquired 2023-04-02 19:53:31 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:31 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:31 INFO AbstractOperator:239 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Kafka my-cluster-8ba803c1 will be checked for creation or modification 2023-04-02 19:53:31 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:31 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:31 DEBUG KafkaAssemblyOperator:281 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Status is already set. No need to set initial status 2023-04-02 19:53:31 DEBUG Ca:812 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): cluster-ca: The CA certificate in secret my-cluster-8ba803c1-cluster-ca-cert already exists and does not need renewing 2023-04-02 19:53:31 DEBUG Ca:667 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): cluster-ca renewalType NOOP 2023-04-02 19:53:31 DEBUG Ca:812 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): clients-ca: The CA certificate in secret my-cluster-8ba803c1-clients-ca-cert already exists and does not need renewing 2023-04-02 19:53:31 DEBUG Ca:667 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): clients-ca renewalType NOOP 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-clients-ca-cert already exists, updating it 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca-cert diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca-cert diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca-cert diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca-cert diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-clients-ca-cert in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-cluster-ca-cert already exists, updating it 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cluster-ca-cert in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-cluster-ca already exists, updating it 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-clients-ca already exists, updating it 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-clients-ca diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-clients-ca in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cluster-ca in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:31 DEBUG Ca:1241 - Secret namespace-0/my-cluster-8ba803c1-cluster-operator-certs generation anno = 1, current CA generation = 1 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-cluster-operator-certs already exists, updating it 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-operator-certs diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-operator-certs diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-operator-certs diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-operator-certs diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cluster-operator-certs in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:31 DEBUG CaReconciler:490 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current cluster CA cert generation 1 2023-04-02 19:53:31 DEBUG CaReconciler:496 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-2 cluster CA cert generation 1 2023-04-02 19:53:31 DEBUG CaReconciler:496 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-2 cluster CA cert generation 1 2023-04-02 19:53:31 DEBUG CaReconciler:496 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-cruise-control-5cfb9f8f58-n2b8p cluster CA cert generation 1 2023-04-02 19:53:31 DEBUG CaReconciler:496 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-0 cluster CA cert generation 1 2023-04-02 19:53:31 DEBUG CaReconciler:496 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-0 cluster CA cert generation 1 2023-04-02 19:53:31 DEBUG CaReconciler:496 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-exporter-7c74d778b9-pv4bt cluster CA cert generation 1 2023-04-02 19:53:31 DEBUG CaReconciler:496 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-1 cluster CA cert generation 1 2023-04-02 19:53:31 DEBUG CaReconciler:496 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-1 cluster CA cert generation 1 2023-04-02 19:53:31 DEBUG CaReconciler:496 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-entity-operator-56d5bc6b7f-xf7dm cluster CA cert generation 1 2023-04-02 19:53:31 DEBUG CaReconciler:503 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Maybe there are old cluster CA certificates to remove 2023-04-02 19:53:31 DEBUG Ca:996 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Removing data.ca-2024-04-01T19-37-36Z\.crt from Secret 2023-04-02 19:53:31 INFO Ca:947 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): cluster-ca: Old CA certificates removed 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-cluster-ca-cert already exists, updating it 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:31 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-cluster-ca-cert diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:31 DEBUG ResourceDiff:62 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cluster-ca-cert differs: {"op":"remove","path":"/data/ca-2024-04-01T19-37-36Z.crt"} 2023-04-02 19:53:31 DEBUG ResourceDiff:63 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current Secret my-cluster-8ba803c1-cluster-ca-cert path /data/ca-2024-04-01T19-37-36Z.crt has value "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZMVENDQXhXZ0F3SUJBZ0lVRUtzQ1p0SERIWFZveE16Nk1yckwyM3d2ZURNd0RRWUpLb1pJaHZjTkFRRU4KQlFBd0xURVRNQkVHQTFVRUNnd0thVzh1YzNSeWFXMTZhVEVXTUJRR0ExVUVBd3dOWTJ4MWMzUmxjaTFqWVNCMgpNREFlRncweU16QTBNREl4T1RNM016WmFGdzB5TkRBME1ERXhPVE0zTXpaYU1DMHhFekFSQmdOVkJBb01DbWx2CkxuTjBjbWx0ZW1reEZqQVVCZ05WQkFNTURXTnNkWE4wWlhJdFkyRWdkakF3Z2dJaU1BMEdDU3FHU0liM0RRRUIKQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUUMzcnY2c2FLQU9DUjRYQlF6N1IxanpCbzZSTkl3UnJ3MzMxZE9GUTl5eApnWEtoNC9JNHNCVkNRNC9MR1BRNk8wMEpGRXpZeEo2ckREenFzYVlLcTk1N05HY3NCeWROY3RWL25zeXAvWG12CkF2Q2JvNUZTSWdXU0pnTVBPOXpVRGRBanJackg3Yi9SOVRHMitCNUJQclUzRlVOUXZBOUFLV3BQTDF6Q1lRa1QKZFVCWGtFSlFwL2dtL1p1NEowRzZkYkhwNE9LNFR3NGdzSzRPc05KM1pwYVVMdnRYWlFBNGl1NGUrU0xHR3ErOQpRVTVpS3hwQTFBNVZWTHM5aXpNS0hoU1orREl4cnZtczhleHZOdXZCOFVCaW1EQXQrMEl2bk1YWE5MNVpMaWkyCnBYM3pQejc5dVIyQU83VXd6NVArMFE4eXhrbE1qUUVNQUVuYjYwSkVCRGU5U3hLdkVzaEk5Q05XZkd2UnVRcHYKWjl5NEhKemlkVnVaOU4vdnFNRWd4UmZla0xEaXpGakhUQTlKbzRteGFKMFJaZW5TMEgwME8yVjZEVE10dVBnaApjSzJQQjNLOGhkSGwxQWJZbjV3bU9BYnRwdGpIS0lYMGZCa2ZKWnhEaHBXYXQvMHZsNFh0MlNqS0dHNHR6aHExClY0bVRWVnRpcHp1M3hyd2tVT2p4YThON1dCUEc4d2RwTTVqWGIzYXZTWWM0LzYyaTRPNThHN1JyczNzTFlUaWsKanFXcVJiNkJzN1NEeG9VYmZvRlUzRGJkanVHZ2FLTkhMblpKNTNtZGtqVkdyUWdGQlEyZnVQTnJQbmc0RERBRApCUS9mcmpJSS9PTURzNUVDbVNnWEFkRXZzR2U0a3VtYUxGb0c3Q1JGK0VENjBoejNjcC9xVFczcFZGM3BCYlU0Cmx3SURBUUFCbzBVd1F6QWRCZ05WSFE0RUZnUVU4Q2JaaFg4WDBOTnNNZG5NU050bjVlZkNJdk13RWdZRFZSMFQKQVFIL0JBZ3dCZ0VCL3dJQkFEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0RRWUpLb1pJaHZjTkFRRU5CUUFEZ2dJQgpBSXc3M2ZhRDZseHBzV3NHMlQ5Sk1pa0FXcjBGSS9zbjFBdTh1R1JlTExPR1kvVnY3Ly9wODFUbHErV0NsKzcyCkRnbXBZdU9kSXppaFpvRUpLZnYrdUc2L2t0WFNSaEZaalBwVDAzRHNGOVJ6S1FZeEwrZU9Bdkg4dFI1NkIwTmQKSnIzVnZFcDZYYmtGbTk5S3lLcUJaRjFBaDVtK0RWOW8wRlMyaGNBNDduMW5haUJXVWJKRjRVcG84T0VNNDM1bQpFWGgycVlhUHdZTGNmY3dwOXVLRy9VeTFUL2hPK0xUQ05jL0lob2w0dlljaGY2bEhWblZpYlNVWjM1cVJqNUpoCnlGWENldU9CdWZnRy9nTlJFcHB5eFNVb0h6aWQrOFZXRm5FLzB0UTFjVGRIUm50UkxDU1pRN0FYbWtPcjNCQjAKQkJvVnMydnp2d1lxUEs2WlZlWkNRNXg4cTJYdWgxRGZIdXdzVm1HYk1rVEFybVVhc3NrcUUzTzIwNElUTHBUNwovbTNqSCtNNmZCQWRpYVZsbWIvM1V4NTJtS0pSbFdGNm1BdnBnT1BOMjUySVpCRWsrb3RSUm5KZzdoNVMwOW1hCmpBeWYxdmp4NitsVkRGRFl5RjBYYjRLTlkxMlVVZHZqMU1uaDloUUhjazJwWlFGb1NiRFJ4OFEwaTM3RmlaL08KV0dKOEtBRFdDL2t3a09RdFBqRG5rMjMxTFZqcUd4U2drVnEybCtHMjRTRmRncjFhaFU2RVo4SVl4MXEvSUltYwpiL2JUbkQwb2s2SUd2by9yWHEzTHhzcWtlR01TSW9seUZnb2xwM3ZMR2xrTnBZS0c4MTRqQTQxM25WNW9wT3VWCk0rcVYyelQ1SGhiYUNvNDUySUJmZGwvejBRZmR2Z0ZGVk0xNHN6eGdTdmV0Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" 2023-04-02 19:53:31 DEBUG ResourceDiff:64 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Desired Secret my-cluster-8ba803c1-cluster-ca-cert path /data/ca-2024-04-01T19-37-36Z.crt has value 2023-04-02 19:53:31 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-cluster-ca-cert in namespace namespace-0 has been patched 2023-04-02 19:53:31 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:31 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:31 DEBUG VersionChangeCreator:260 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): No Kafka version change 2023-04-02 19:53:31 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:31 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy namespace-0/my-cluster-8ba803c1-network-policy-zookeeper already exists, updating it 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/spec/policyTypes"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper diff {"op":"remove","path":"/status"} 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy my-cluster-8ba803c1-network-policy-zookeeper in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:32 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:32 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:32 DEBUG ZooKeeperReconciler:349 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Kafka.spec.kafka.version is unchanged therefore no change to Zookeeper is required 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount namespace-0/my-cluster-8ba803c1-zookeeper already exists, updating it 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount my-cluster-8ba803c1-zookeeper in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-zookeeper-0 already exists, updating it 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 diff {"op":"remove","path":"/status"} 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-zookeeper-1 already exists, updating it 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 diff {"op":"remove","path":"/status"} 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-zookeeper-2 already exists, updating it 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 diff {"op":"remove","path":"/status"} 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/my-cluster-8ba803c1-zookeeper-client already exists, updating it 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/spec/clusterIP"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/spec/clusterIPs"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/spec/internalTrafficPolicy"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/spec/sessionAffinity"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-client diff {"op":"remove","path":"/status"} 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service my-cluster-8ba803c1-zookeeper-client in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/my-cluster-8ba803c1-zookeeper-nodes already exists, updating it 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/spec/clusterIPs"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/spec/internalTrafficPolicy"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/spec/sessionAffinity"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/status"} 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service my-cluster-8ba803c1-zookeeper-nodes in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:32 DEBUG Ca:202 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): cluster-ca: Reconciling zookeeper certificates 2023-04-02 19:53:32 DEBUG Ca:489 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-zookeeper-0 already exists 2023-04-02 19:53:32 DEBUG Ca:489 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-zookeeper-1 already exists 2023-04-02 19:53:32 DEBUG Ca:489 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-zookeeper-2 already exists 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-zookeeper-nodes already exists, updating it 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-zookeeper-nodes diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-zookeeper-nodes in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-zookeeper-config already exists, updating it 2023-04-02 19:53:32 DEBUG ConfigMapOperator:52 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-zookeeper-config in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PodDisruptionBudget namespace-0/my-cluster-8ba803c1-zookeeper already exists, updating it 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/status"} 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PodDisruptionBudget my-cluster-8ba803c1-zookeeper in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:53:32 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:32 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:32 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:32 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet namespace-0/my-cluster-8ba803c1-zookeeper already exists, updating it 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:53:32 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-zookeeper diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:53:32 DEBUG ResourceDiff:62 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet my-cluster-8ba803c1-zookeeper differs: {"op":"replace","path":"/spec/pods/0/spec/terminationGracePeriodSeconds","value":30} 2023-04-02 19:53:32 DEBUG ResourceDiff:63 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current StrimziPodSet my-cluster-8ba803c1-zookeeper path /spec/pods/0/spec/terminationGracePeriodSeconds has value 30 2023-04-02 19:53:32 DEBUG ResourceDiff:64 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Desired StrimziPodSet my-cluster-8ba803c1-zookeeper path /spec/pods/0/spec/terminationGracePeriodSeconds has value 30 2023-04-02 19:53:32 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:32 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:32 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:32 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:32 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:32 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:32 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 has been patched 2023-04-02 19:53:32 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-zookeeper-2 due to [cluster-ca certificate removal] 2023-04-02 19:53:32 DEBUG ZooKeeperRoller:74 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-2 should be rolled due to [cluster-ca certificate removal] 2023-04-02 19:53:32 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-zookeeper-0 due to [cluster-ca certificate removal] 2023-04-02 19:53:32 DEBUG ZooKeeperRoller:74 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-0 should be rolled due to [cluster-ca certificate removal] 2023-04-02 19:53:32 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-zookeeper-1 due to [cluster-ca certificate removal] 2023-04-02 19:53:32 DEBUG ZooKeeperRoller:74 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-1 should be rolled due to [cluster-ca certificate removal] 2023-04-02 19:53:32 DEBUG ZookeeperLeaderFinder:94 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Trusting certificate ca.crt from Secret my-cluster-8ba803c1-cluster-ca-cert 2023-04-02 19:53:32 DEBUG ZookeeperLeaderFinder:103 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring non-certificate ca.p12 in Secret my-cluster-8ba803c1-cluster-ca-cert 2023-04-02 19:53:32 DEBUG ZookeeperLeaderFinder:103 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring non-certificate ca.password in Secret my-cluster-8ba803c1-cluster-ca-cert 2023-04-02 19:53:32 DEBUG ZookeeperLeaderFinder:214 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Checker whether my-cluster-8ba803c1-zookeeper-0 is leader 2023-04-02 19:53:32 DEBUG ZookeeperLeaderFinder:244 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Connecting to zookeeper on my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc.cluster.local:2181 2023-04-02 19:53:32 DEBUG ZookeeperLeaderFinder:251 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ZK my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc.cluster.local:2181: connected 2023-04-02 19:53:32 DEBUG ZookeeperLeaderFinder:277 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ZK my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc.cluster.local:2181: upgrading to TLS 2023-04-02 19:53:32 DEBUG ZookeeperLeaderFinder:282 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ZK my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc.cluster.local:2181: sending stat 2023-04-02 19:53:32 DEBUG ZookeeperLeaderFinder:271 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ZK my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc.cluster.local:2181: is not leader 2023-04-02 19:53:32 INFO ZookeeperLeaderFinder:220 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-0 is not a leader 2023-04-02 19:53:32 DEBUG ZookeeperLeaderFinder:214 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Checker whether my-cluster-8ba803c1-zookeeper-1 is leader 2023-04-02 19:53:32 DEBUG ZookeeperLeaderFinder:244 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Connecting to zookeeper on my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc.cluster.local:2181 2023-04-02 19:53:32 DEBUG ZookeeperLeaderFinder:251 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ZK my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc.cluster.local:2181: connected 2023-04-02 19:53:32 DEBUG ZookeeperLeaderFinder:277 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ZK my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc.cluster.local:2181: upgrading to TLS 2023-04-02 19:53:32 DEBUG ZookeeperLeaderFinder:282 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ZK my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc.cluster.local:2181: sending stat 2023-04-02 19:53:33 DEBUG ZookeeperLeaderFinder:271 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ZK my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc.cluster.local:2181: is not leader 2023-04-02 19:53:33 INFO ZookeeperLeaderFinder:220 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-1 is not a leader 2023-04-02 19:53:33 DEBUG ZookeeperLeaderFinder:214 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Checker whether my-cluster-8ba803c1-zookeeper-2 is leader 2023-04-02 19:53:33 DEBUG ZookeeperLeaderFinder:244 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Connecting to zookeeper on my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc.cluster.local:2181 2023-04-02 19:53:33 DEBUG ZookeeperLeaderFinder:251 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ZK my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc.cluster.local:2181: connected 2023-04-02 19:53:33 DEBUG ZookeeperLeaderFinder:277 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ZK my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc.cluster.local:2181: upgrading to TLS 2023-04-02 19:53:33 DEBUG ZookeeperLeaderFinder:282 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ZK my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc.cluster.local:2181: sending stat 2023-04-02 19:53:33 DEBUG ZookeeperLeaderFinder:271 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ZK my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc.cluster.local:2181: is leader 2023-04-02 19:53:33 INFO ZookeeperLeaderFinder:217 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-2 is leader 2023-04-02 19:53:33 DEBUG ZooKeeperRoller:92 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Zookeeper leader is pod my-cluster-8ba803c1-zookeeper-2 2023-04-02 19:53:33 DEBUG ZooKeeperRoller:104 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Deferring restart of leader my-cluster-8ba803c1-zookeeper-2 2023-04-02 19:53:33 DEBUG Util:135 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 to get ready 2023-04-02 19:53:33 DEBUG ZooKeeperRoller:98 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-0 needs to be restarted 2023-04-02 19:53:33 DEBUG ZooKeeperRoller:98 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-1 needs to be restarted 2023-04-02 19:53:33 DEBUG Util:157 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 is ready 2023-04-02 19:53:33 INFO ZooKeeperRoller:142 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-zookeeper-0 due to [cluster-ca certificate removal] 2023-04-02 19:53:33 INFO PodOperator:54 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-zookeeper-0 2023-04-02 19:53:33 DEBUG PodOperator:60 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for pod my-cluster-8ba803c1-zookeeper-0 to be deleted 2023-04-02 19:53:33 DEBUG AbstractNamespacedResourceOperator:115 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods namespace-0/my-cluster-8ba803c1-zookeeper-0 exist, deleting it 2023-04-02 19:53:33 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/api/v1/namespaces/namespace-0/pods?fieldSelector=metadata.name%3Dmy-cluster-8ba803c1-zookeeper-0&allowWatchBookmarks=true&watch=true... 2023-04-02 19:53:33 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:53:33 DEBUG ResourceSupport:174 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Opened watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@56723987 for evaluation of observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-0 2023-04-02 19:53:33 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-0 2023-04-02 19:53:33 DEBUG ResourceSupport:184 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pre-check is not complete yet, let's wait for the watch: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-0 2023-04-02 19:53:33 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-0 2023-04-02 19:53:33 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354814 for v1/pods 2023-04-02 19:53:33 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:33 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:33 INFO StrimziPodSetController:343 - Reconciliation #54(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:33 DEBUG StrimziPodSetController:444 - Reconciliation #54(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:33 DEBUG StrimziPodSetController:444 - Reconciliation #54(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:33 DEBUG StrimziPodSetController:444 - Reconciliation #54(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:33 INFO StrimziPodSetController:379 - Reconciliation #54(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:33 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:33 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354820 for v1/pods 2023-04-02 19:53:33 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-0 2023-04-02 19:53:33 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:33 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:33 INFO StrimziPodSetController:343 - Reconciliation #55(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:33 DEBUG StrimziPodSetController:444 - Reconciliation #55(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:33 DEBUG StrimziPodSetController:444 - Reconciliation #55(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:33 DEBUG StrimziPodSetController:444 - Reconciliation #55(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:33 INFO StrimziPodSetController:379 - Reconciliation #55(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:33 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:34 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354832 for v1/pods 2023-04-02 19:53:34 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-0 2023-04-02 19:53:34 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:34 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:34 INFO StrimziPodSetController:343 - Reconciliation #56(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:34 DEBUG StrimziPodSetController:444 - Reconciliation #56(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:34 DEBUG StrimziPodSetController:444 - Reconciliation #56(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:34 DEBUG StrimziPodSetController:444 - Reconciliation #56(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:34 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/readyPods","value":2} 2023-04-02 19:53:34 DEBUG StatusDiff:48 - Current Status path /readyPods has value 3 2023-04-02 19:53:34 DEBUG StatusDiff:49 - Desired Status path /readyPods has value 2 2023-04-02 19:53:34 DEBUG StrimziPodSetController:398 - Reconciliation #56(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Updating status of StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 2023-04-02 19:53:34 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:34 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:34 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:34 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2354835 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:53:35 INFO StrimziPodSetController:379 - Reconciliation #56(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:35 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:35 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 was MODIFIED 2023-04-02 19:53:35 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:35 INFO StrimziPodSetController:343 - Reconciliation #57(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:35 DEBUG StrimziPodSetController:444 - Reconciliation #57(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:35 DEBUG StrimziPodSetController:444 - Reconciliation #57(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:35 DEBUG StrimziPodSetController:444 - Reconciliation #57(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:35 INFO StrimziPodSetController:379 - Reconciliation #57(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:35 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:35 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354836 for v1/pods 2023-04-02 19:53:35 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:35 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:35 INFO StrimziPodSetController:343 - Reconciliation #58(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:35 DEBUG StrimziPodSetController:444 - Reconciliation #58(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:35 DEBUG StrimziPodSetController:444 - Reconciliation #58(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:35 DEBUG StrimziPodSetController:444 - Reconciliation #58(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:35 INFO StrimziPodSetController:379 - Reconciliation #58(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:35 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:35 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-0 2023-04-02 19:53:35 DEBUG Reflector:225 - Event received DELETED Pod resourceVersion v2354837 for v1/pods 2023-04-02 19:53:35 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 was DELETED 2023-04-02 19:53:35 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:35 DEBUG AbstractNamespacedResourceOperator:212 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods namespace-0/my-cluster-8ba803c1-zookeeper-0 has been deleted 2023-04-02 19:53:35 DEBUG ResourceSupport:200 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-0 2023-04-02 19:53:35 INFO StrimziPodSetController:343 - Reconciliation #59(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:35 DEBUG StrimziPodSetController:433 - Reconciliation #59(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Creating pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 2023-04-02 19:53:35 DEBUG ResourceSupport:59 - Closing io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@56723987 2023-04-02 19:53:35 DEBUG AbstractWatchManager:226 - Force closing the watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@56723987 2023-04-02 19:53:35 DEBUG Watcher:43 - Watcher closed 2023-04-02 19:53:35 DEBUG WatchConnectionManager:60 - Closing websocket io.fabric8.kubernetes.client.jdkhttp.JdkWebSocketImpl@1df623ec 2023-04-02 19:53:35 DEBUG ResourceSupport:162 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Completing watch future 2023-04-02 19:53:35 DEBUG Util:135 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 to get deleted 2023-04-02 19:53:35 DEBUG WatcherWebSocketListener:69 - WebSocket close received. code: 1000, reason: 2023-04-02 19:53:35 DEBUG AbstractWatchManager:127 - Ignoring already closed/closing connection 2023-04-02 19:53:35 DEBUG PodOperator:69 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-zookeeper-0 finished 2023-04-02 19:53:35 DEBUG Util:157 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 is deleted 2023-04-02 19:53:35 DEBUG PodOperator:77 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-0 was deleted 2023-04-02 19:53:35 DEBUG ZooKeeperRoller:146 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for readiness of pod my-cluster-8ba803c1-zookeeper-0 2023-04-02 19:53:35 DEBUG Util:135 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 to get ready 2023-04-02 19:53:35 DEBUG Reflector:225 - Event received ADDED Pod resourceVersion v2354842 for v1/pods 2023-04-02 19:53:35 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 was ADDED 2023-04-02 19:53:35 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:35 DEBUG StrimziPodSetController:444 - Reconciliation #59(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:35 DEBUG StrimziPodSetController:444 - Reconciliation #59(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:35 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/currentPods","value":2} 2023-04-02 19:53:35 DEBUG StatusDiff:48 - Current Status path /currentPods has value 3 2023-04-02 19:53:35 DEBUG StatusDiff:49 - Desired Status path /currentPods has value 2 2023-04-02 19:53:35 DEBUG StrimziPodSetController:398 - Reconciliation #59(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Updating status of StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 2023-04-02 19:53:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354845 for v1/pods 2023-04-02 19:53:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper is already enqueued => ignoring 2023-04-02 19:53:35 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2354846 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:53:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354848 for v1/pods 2023-04-02 19:53:35 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 was MODIFIED 2023-04-02 19:53:35 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper is already enqueued => ignoring 2023-04-02 19:53:35 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:35 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper is already enqueued => ignoring 2023-04-02 19:53:35 INFO StrimziPodSetController:379 - Reconciliation #59(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:35 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:35 INFO StrimziPodSetController:343 - Reconciliation #60(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:35 DEBUG StrimziPodSetController:444 - Reconciliation #60(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:35 DEBUG StrimziPodSetController:444 - Reconciliation #60(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:35 DEBUG StrimziPodSetController:444 - Reconciliation #60(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:35 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/currentPods","value":3} 2023-04-02 19:53:35 DEBUG StatusDiff:48 - Current Status path /currentPods has value 2 2023-04-02 19:53:35 DEBUG StatusDiff:49 - Desired Status path /currentPods has value 3 2023-04-02 19:53:35 DEBUG StrimziPodSetController:398 - Reconciliation #60(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Updating status of StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 2023-04-02 19:53:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2354851 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:53:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:35 INFO StrimziPodSetController:379 - Reconciliation #60(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:35 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:35 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 was MODIFIED 2023-04-02 19:53:35 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:35 INFO StrimziPodSetController:343 - Reconciliation #61(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:35 DEBUG StrimziPodSetController:444 - Reconciliation #61(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:35 DEBUG StrimziPodSetController:444 - Reconciliation #61(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:35 DEBUG StrimziPodSetController:444 - Reconciliation #61(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:35 INFO StrimziPodSetController:379 - Reconciliation #61(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:35 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:37 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354868 for v1/pods 2023-04-02 19:53:37 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:37 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:37 INFO StrimziPodSetController:343 - Reconciliation #62(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:37 DEBUG StrimziPodSetController:444 - Reconciliation #62(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:37 DEBUG StrimziPodSetController:444 - Reconciliation #62(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:37 DEBUG StrimziPodSetController:444 - Reconciliation #62(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:37 INFO StrimziPodSetController:379 - Reconciliation #62(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:37 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:39 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354877 for v1/pods 2023-04-02 19:53:39 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:39 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:39 INFO StrimziPodSetController:343 - Reconciliation #63(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:39 DEBUG StrimziPodSetController:444 - Reconciliation #63(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:39 DEBUG StrimziPodSetController:444 - Reconciliation #63(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:39 DEBUG StrimziPodSetController:444 - Reconciliation #63(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:39 INFO StrimziPodSetController:379 - Reconciliation #63(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:39 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:51 DEBUG Config:630 - Trying to configure client from Kubernetes config... 2023-04-02 19:53:51 DEBUG Config:636 - Did not find Kubernetes config at: [/.kube/config]. Ignoring. 2023-04-02 19:53:51 DEBUG Config:535 - Trying to configure client from service account... 2023-04-02 19:53:51 DEBUG Config:545 - Found service account host and port: 172.30.0.1:443 2023-04-02 19:53:51 DEBUG Config:551 - Found service account ca cert at: [/var/run/secrets/kubernetes.io/serviceaccount/ca.crt}]. 2023-04-02 19:53:51 DEBUG Config:558 - Found service account token at: [/var/run/secrets/kubernetes.io/serviceaccount/token]. 2023-04-02 19:53:51 DEBUG Config:849 - Trying to configure client namespace from Kubernetes service account namespace path... 2023-04-02 19:53:51 DEBUG Config:854 - Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace]. 2023-04-02 19:53:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:53 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:53:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:53 DEBUG AbstractOperator:373 - Reconciliation #64(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:53:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:56 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354986 for v1/pods 2023-04-02 19:53:56 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:56 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:56 INFO StrimziPodSetController:343 - Reconciliation #65(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:56 DEBUG StrimziPodSetController:444 - Reconciliation #65(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:56 DEBUG StrimziPodSetController:444 - Reconciliation #65(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:56 DEBUG StrimziPodSetController:444 - Reconciliation #65(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:56 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/readyPods","value":3} 2023-04-02 19:53:56 DEBUG StatusDiff:48 - Current Status path /readyPods has value 2 2023-04-02 19:53:56 DEBUG StatusDiff:49 - Desired Status path /readyPods has value 3 2023-04-02 19:53:56 DEBUG StrimziPodSetController:398 - Reconciliation #65(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Updating status of StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 2023-04-02 19:53:56 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:56 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:56 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:56 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:56 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:56 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:56 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:56 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2354991 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:53:56 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:56 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 was MODIFIED 2023-04-02 19:53:56 INFO StrimziPodSetController:379 - Reconciliation #65(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:56 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:56 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:56 INFO StrimziPodSetController:343 - Reconciliation #66(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:56 DEBUG StrimziPodSetController:444 - Reconciliation #66(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:56 DEBUG StrimziPodSetController:444 - Reconciliation #66(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:56 DEBUG StrimziPodSetController:444 - Reconciliation #66(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:56 INFO StrimziPodSetController:379 - Reconciliation #66(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:56 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:56 DEBUG Util:157 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 is ready 2023-04-02 19:53:56 INFO ZooKeeperRoller:142 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-zookeeper-1 due to [cluster-ca certificate removal] 2023-04-02 19:53:56 INFO PodOperator:54 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-zookeeper-1 2023-04-02 19:53:56 DEBUG PodOperator:60 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for pod my-cluster-8ba803c1-zookeeper-1 to be deleted 2023-04-02 19:53:56 DEBUG AbstractNamespacedResourceOperator:115 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods namespace-0/my-cluster-8ba803c1-zookeeper-1 exist, deleting it 2023-04-02 19:53:56 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/api/v1/namespaces/namespace-0/pods?fieldSelector=metadata.name%3Dmy-cluster-8ba803c1-zookeeper-1&allowWatchBookmarks=true&watch=true... 2023-04-02 19:53:56 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:53:56 DEBUG ResourceSupport:174 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Opened watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@13cd39b7 for evaluation of observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-1 2023-04-02 19:53:56 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-1 2023-04-02 19:53:56 DEBUG ResourceSupport:184 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pre-check is not complete yet, let's wait for the watch: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-1 2023-04-02 19:53:56 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2354998 for v1/pods 2023-04-02 19:53:56 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:56 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:56 INFO StrimziPodSetController:343 - Reconciliation #67(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:56 DEBUG StrimziPodSetController:444 - Reconciliation #67(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:56 DEBUG StrimziPodSetController:444 - Reconciliation #67(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:56 DEBUG StrimziPodSetController:444 - Reconciliation #67(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:56 INFO StrimziPodSetController:379 - Reconciliation #67(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:56 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:56 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-1 2023-04-02 19:53:56 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355004 for v1/pods 2023-04-02 19:53:56 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-1 2023-04-02 19:53:56 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:56 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:56 INFO StrimziPodSetController:343 - Reconciliation #68(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:56 DEBUG StrimziPodSetController:444 - Reconciliation #68(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:56 DEBUG StrimziPodSetController:444 - Reconciliation #68(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:56 DEBUG StrimziPodSetController:444 - Reconciliation #68(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:56 INFO StrimziPodSetController:379 - Reconciliation #68(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:56 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:58 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355015 for v1/pods 2023-04-02 19:53:58 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:58 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:58 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-1 2023-04-02 19:53:58 INFO StrimziPodSetController:343 - Reconciliation #69(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:58 DEBUG StrimziPodSetController:444 - Reconciliation #69(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:58 DEBUG StrimziPodSetController:444 - Reconciliation #69(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:58 DEBUG StrimziPodSetController:444 - Reconciliation #69(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:58 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/readyPods","value":2} 2023-04-02 19:53:58 DEBUG StatusDiff:48 - Current Status path /readyPods has value 3 2023-04-02 19:53:58 DEBUG StatusDiff:49 - Desired Status path /readyPods has value 2 2023-04-02 19:53:58 DEBUG StrimziPodSetController:398 - Reconciliation #69(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Updating status of StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 2023-04-02 19:53:58 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:58 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:58 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:58 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:58 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-1 2023-04-02 19:53:58 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355019 for v1/pods 2023-04-02 19:53:58 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:58 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:58 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:58 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:58 INFO StrimziPodSetController:379 - Reconciliation #69(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:58 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:58 INFO StrimziPodSetController:343 - Reconciliation #70(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:58 DEBUG StrimziPodSetController:444 - Reconciliation #70(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:58 DEBUG StrimziPodSetController:444 - Reconciliation #70(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:58 DEBUG StrimziPodSetController:444 - Reconciliation #70(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:58 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/readyPods","value":2} 2023-04-02 19:53:58 DEBUG StatusDiff:48 - Current Status path /readyPods has value 3 2023-04-02 19:53:58 DEBUG StatusDiff:49 - Desired Status path /readyPods has value 2 2023-04-02 19:53:58 DEBUG StrimziPodSetController:398 - Reconciliation #70(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Updating status of StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 2023-04-02 19:53:58 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:58 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:58 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:58 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:58 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:58 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:58 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2355018 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:53:58 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 was MODIFIED 2023-04-02 19:53:58 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:58 DEBUG Reflector:225 - Event received DELETED Pod resourceVersion v2355021 for v1/pods 2023-04-02 19:53:58 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 was DELETED 2023-04-02 19:53:58 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper is already enqueued => ignoring 2023-04-02 19:53:58 DEBUG AbstractNamespacedResourceOperator:212 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods namespace-0/my-cluster-8ba803c1-zookeeper-1 has been deleted 2023-04-02 19:53:58 DEBUG ResourceSupport:200 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-1 2023-04-02 19:53:58 DEBUG ResourceSupport:59 - Closing io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@13cd39b7 2023-04-02 19:53:58 DEBUG AbstractWatchManager:226 - Force closing the watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@13cd39b7 2023-04-02 19:53:58 DEBUG Watcher:43 - Watcher closed 2023-04-02 19:53:58 DEBUG WatchConnectionManager:60 - Closing websocket io.fabric8.kubernetes.client.jdkhttp.JdkWebSocketImpl@85d8d4f 2023-04-02 19:53:58 DEBUG ResourceSupport:162 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Completing watch future 2023-04-02 19:53:58 DEBUG Util:135 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 to get deleted 2023-04-02 19:53:58 DEBUG WatcherWebSocketListener:69 - WebSocket close received. code: 1000, reason: 2023-04-02 19:53:58 DEBUG AbstractWatchManager:127 - Ignoring already closed/closing connection 2023-04-02 19:53:58 DEBUG PodOperator:69 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-zookeeper-1 finished 2023-04-02 19:53:58 DEBUG Util:157 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 is deleted 2023-04-02 19:53:58 DEBUG PodOperator:77 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-1 was deleted 2023-04-02 19:53:58 DEBUG ZooKeeperRoller:146 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for readiness of pod my-cluster-8ba803c1-zookeeper-1 2023-04-02 19:53:58 DEBUG Util:135 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 to get ready 2023-04-02 19:53:59 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:59 INFO StrimziPodSetController:379 - Reconciliation #70(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:59 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:59 INFO StrimziPodSetController:343 - Reconciliation #71(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:59 DEBUG StrimziPodSetController:444 - Reconciliation #71(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:59 DEBUG StrimziPodSetController:433 - Reconciliation #71(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Creating pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 2023-04-02 19:53:59 DEBUG Reflector:225 - Event received ADDED Pod resourceVersion v2355033 for v1/pods 2023-04-02 19:53:59 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 was ADDED 2023-04-02 19:53:59 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:59 DEBUG StrimziPodSetController:444 - Reconciliation #71(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:59 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/currentPods","value":2} 2023-04-02 19:53:59 DEBUG StatusDiff:48 - Current Status path /currentPods has value 3 2023-04-02 19:53:59 DEBUG StatusDiff:49 - Desired Status path /currentPods has value 2 2023-04-02 19:53:59 DEBUG StrimziPodSetController:398 - Reconciliation #71(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Updating status of StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 2023-04-02 19:53:59 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355035 for v1/pods 2023-04-02 19:53:59 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:59 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper is already enqueued => ignoring 2023-04-02 19:53:59 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2355036 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:53:59 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 was MODIFIED 2023-04-02 19:53:59 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper is already enqueued => ignoring 2023-04-02 19:53:59 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:59 INFO StrimziPodSetController:379 - Reconciliation #71(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:59 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:59 INFO StrimziPodSetController:343 - Reconciliation #72(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:59 DEBUG StrimziPodSetController:444 - Reconciliation #72(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:59 DEBUG StrimziPodSetController:444 - Reconciliation #72(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:59 DEBUG StrimziPodSetController:444 - Reconciliation #72(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:59 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/currentPods","value":3} 2023-04-02 19:53:59 DEBUG StatusDiff:48 - Current Status path /currentPods has value 2 2023-04-02 19:53:59 DEBUG StatusDiff:49 - Desired Status path /currentPods has value 3 2023-04-02 19:53:59 DEBUG StrimziPodSetController:398 - Reconciliation #72(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Updating status of StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 2023-04-02 19:53:59 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355037 for v1/pods 2023-04-02 19:53:59 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:53:59 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:59 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:53:59 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2355039 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:53:59 INFO StrimziPodSetController:379 - Reconciliation #72(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:59 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:59 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 was MODIFIED 2023-04-02 19:53:59 INFO StrimziPodSetController:343 - Reconciliation #73(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:59 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:53:59 DEBUG StrimziPodSetController:444 - Reconciliation #73(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:59 DEBUG StrimziPodSetController:444 - Reconciliation #73(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:59 DEBUG StrimziPodSetController:444 - Reconciliation #73(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:59 INFO StrimziPodSetController:379 - Reconciliation #73(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:59 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:53:59 INFO StrimziPodSetController:343 - Reconciliation #74(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:53:59 DEBUG StrimziPodSetController:444 - Reconciliation #74(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:59 DEBUG StrimziPodSetController:444 - Reconciliation #74(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:59 DEBUG StrimziPodSetController:444 - Reconciliation #74(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:53:59 INFO StrimziPodSetController:379 - Reconciliation #74(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:53:59 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:03 DEBUG AbstractOperator:388 - Reconciliation #64(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:54:05 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355070 for v1/pods 2023-04-02 19:54:05 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:54:05 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:05 INFO StrimziPodSetController:343 - Reconciliation #75(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:05 DEBUG StrimziPodSetController:444 - Reconciliation #75(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:05 DEBUG StrimziPodSetController:444 - Reconciliation #75(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:05 DEBUG StrimziPodSetController:444 - Reconciliation #75(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:05 INFO StrimziPodSetController:379 - Reconciliation #75(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:05 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:06 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355078 for v1/pods 2023-04-02 19:54:06 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:54:06 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:06 INFO StrimziPodSetController:343 - Reconciliation #76(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:06 DEBUG StrimziPodSetController:444 - Reconciliation #76(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:06 DEBUG StrimziPodSetController:444 - Reconciliation #76(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:06 DEBUG StrimziPodSetController:444 - Reconciliation #76(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:06 INFO StrimziPodSetController:379 - Reconciliation #76(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:06 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:23 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355192 for v1/pods 2023-04-02 19:54:23 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 was MODIFIED 2023-04-02 19:54:23 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:23 INFO StrimziPodSetController:343 - Reconciliation #77(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:23 DEBUG StrimziPodSetController:444 - Reconciliation #77(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:23 DEBUG StrimziPodSetController:444 - Reconciliation #77(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:23 DEBUG StrimziPodSetController:444 - Reconciliation #77(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:23 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/readyPods","value":3} 2023-04-02 19:54:23 DEBUG StatusDiff:48 - Current Status path /readyPods has value 2 2023-04-02 19:54:23 DEBUG StatusDiff:49 - Desired Status path /readyPods has value 3 2023-04-02 19:54:23 DEBUG StrimziPodSetController:398 - Reconciliation #77(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Updating status of StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 2023-04-02 19:54:23 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:23 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:23 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:23 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:23 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:23 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:23 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2355197 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:54:23 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:23 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:23 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 was MODIFIED 2023-04-02 19:54:23 INFO StrimziPodSetController:379 - Reconciliation #77(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:23 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:23 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:23 INFO StrimziPodSetController:343 - Reconciliation #78(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:23 DEBUG StrimziPodSetController:444 - Reconciliation #78(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:23 DEBUG StrimziPodSetController:444 - Reconciliation #78(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:23 DEBUG StrimziPodSetController:444 - Reconciliation #78(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:23 INFO StrimziPodSetController:379 - Reconciliation #78(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:23 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:23 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:54:23 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:23 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:23 DEBUG AbstractOperator:373 - Reconciliation #79(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:54:24 DEBUG Util:157 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 is ready 2023-04-02 19:54:24 DEBUG ZooKeeperRoller:119 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Restarting leader pod (previously deferred) my-cluster-8ba803c1-zookeeper-2 2023-04-02 19:54:24 INFO ZooKeeperRoller:142 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-zookeeper-2 due to [cluster-ca certificate removal] 2023-04-02 19:54:24 INFO PodOperator:54 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-zookeeper-2 2023-04-02 19:54:24 DEBUG PodOperator:60 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for pod my-cluster-8ba803c1-zookeeper-2 to be deleted 2023-04-02 19:54:24 DEBUG AbstractNamespacedResourceOperator:115 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods namespace-0/my-cluster-8ba803c1-zookeeper-2 exist, deleting it 2023-04-02 19:54:24 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/api/v1/namespaces/namespace-0/pods?fieldSelector=metadata.name%3Dmy-cluster-8ba803c1-zookeeper-2&allowWatchBookmarks=true&watch=true... 2023-04-02 19:54:24 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:54:24 DEBUG ResourceSupport:174 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Opened watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@6f135adc for evaluation of observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-2 2023-04-02 19:54:24 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-2 2023-04-02 19:54:24 DEBUG ResourceSupport:184 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pre-check is not complete yet, let's wait for the watch: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-2 2023-04-02 19:54:24 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355200 for v1/pods 2023-04-02 19:54:24 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:54:24 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:24 INFO StrimziPodSetController:343 - Reconciliation #80(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:24 DEBUG StrimziPodSetController:444 - Reconciliation #80(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:24 DEBUG StrimziPodSetController:444 - Reconciliation #80(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:24 DEBUG StrimziPodSetController:444 - Reconciliation #80(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:24 INFO StrimziPodSetController:379 - Reconciliation #80(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:24 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:24 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-2 2023-04-02 19:54:24 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-2 2023-04-02 19:54:24 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355206 for v1/pods 2023-04-02 19:54:24 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:54:24 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:24 INFO StrimziPodSetController:343 - Reconciliation #81(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:24 DEBUG StrimziPodSetController:444 - Reconciliation #81(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:24 DEBUG StrimziPodSetController:444 - Reconciliation #81(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:24 DEBUG StrimziPodSetController:444 - Reconciliation #81(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:24 INFO StrimziPodSetController:379 - Reconciliation #81(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:24 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:25 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355214 for v1/pods 2023-04-02 19:54:25 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-2 2023-04-02 19:54:25 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:54:25 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:25 INFO StrimziPodSetController:343 - Reconciliation #82(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #82(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #82(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #82(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/readyPods","value":2} 2023-04-02 19:54:25 DEBUG StatusDiff:48 - Current Status path /readyPods has value 3 2023-04-02 19:54:25 DEBUG StatusDiff:49 - Desired Status path /readyPods has value 2 2023-04-02 19:54:25 DEBUG StrimziPodSetController:398 - Reconciliation #82(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Updating status of StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 2023-04-02 19:54:25 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2355217 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:54:25 INFO StrimziPodSetController:379 - Reconciliation #82(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:25 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:25 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 was MODIFIED 2023-04-02 19:54:25 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:25 INFO StrimziPodSetController:343 - Reconciliation #83(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #83(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #83(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #83(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 INFO StrimziPodSetController:379 - Reconciliation #83(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:25 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:25 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355218 for v1/pods 2023-04-02 19:54:25 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-2 2023-04-02 19:54:25 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:54:25 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:25 INFO StrimziPodSetController:343 - Reconciliation #84(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #84(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #84(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #84(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 INFO StrimziPodSetController:379 - Reconciliation #84(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:25 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:25 DEBUG Reflector:225 - Event received DELETED Pod resourceVersion v2355219 for v1/pods 2023-04-02 19:54:25 DEBUG AbstractNamespacedResourceOperator:212 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods namespace-0/my-cluster-8ba803c1-zookeeper-2 has been deleted 2023-04-02 19:54:25 DEBUG ResourceSupport:200 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-zookeeper-2 2023-04-02 19:54:25 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 was DELETED 2023-04-02 19:54:25 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:25 DEBUG ResourceSupport:59 - Closing io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@6f135adc 2023-04-02 19:54:25 DEBUG AbstractWatchManager:226 - Force closing the watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@6f135adc 2023-04-02 19:54:25 DEBUG Watcher:43 - Watcher closed 2023-04-02 19:54:25 DEBUG WatchConnectionManager:60 - Closing websocket io.fabric8.kubernetes.client.jdkhttp.JdkWebSocketImpl@442ec09e 2023-04-02 19:54:25 DEBUG ResourceSupport:162 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Completing watch future 2023-04-02 19:54:25 DEBUG Util:135 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 to get deleted 2023-04-02 19:54:25 INFO StrimziPodSetController:343 - Reconciliation #85(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #85(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #85(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StrimziPodSetController:433 - Reconciliation #85(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Creating pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 2023-04-02 19:54:25 DEBUG WatcherWebSocketListener:69 - WebSocket close received. code: 1000, reason: 2023-04-02 19:54:25 DEBUG AbstractWatchManager:127 - Ignoring already closed/closing connection 2023-04-02 19:54:25 DEBUG PodOperator:69 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-zookeeper-2 finished 2023-04-02 19:54:25 DEBUG Util:157 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 is deleted 2023-04-02 19:54:25 DEBUG PodOperator:77 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-zookeeper-2 was deleted 2023-04-02 19:54:25 DEBUG ZooKeeperRoller:146 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for readiness of pod my-cluster-8ba803c1-zookeeper-2 2023-04-02 19:54:25 DEBUG Util:135 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 to get ready 2023-04-02 19:54:25 DEBUG Reflector:225 - Event received ADDED Pod resourceVersion v2355224 for v1/pods 2023-04-02 19:54:25 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 was ADDED 2023-04-02 19:54:25 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:25 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/currentPods","value":2} 2023-04-02 19:54:25 DEBUG StatusDiff:48 - Current Status path /currentPods has value 3 2023-04-02 19:54:25 DEBUG StatusDiff:49 - Desired Status path /currentPods has value 2 2023-04-02 19:54:25 DEBUG StrimziPodSetController:398 - Reconciliation #85(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Updating status of StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 2023-04-02 19:54:25 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355227 for v1/pods 2023-04-02 19:54:25 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:54:25 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper is already enqueued => ignoring 2023-04-02 19:54:25 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:25 INFO StrimziPodSetController:379 - Reconciliation #85(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:25 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:25 INFO StrimziPodSetController:343 - Reconciliation #86(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #86(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #86(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #86(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 INFO StrimziPodSetController:379 - Reconciliation #86(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:25 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:25 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2355226 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:54:25 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 was MODIFIED 2023-04-02 19:54:25 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:25 INFO StrimziPodSetController:343 - Reconciliation #87(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #87(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #87(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #87(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/currentPods","value":3} 2023-04-02 19:54:25 DEBUG StatusDiff:48 - Current Status path /currentPods has value 2 2023-04-02 19:54:25 DEBUG StatusDiff:49 - Desired Status path /currentPods has value 3 2023-04-02 19:54:25 DEBUG StrimziPodSetController:398 - Reconciliation #87(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Updating status of StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 2023-04-02 19:54:25 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355229 for v1/pods 2023-04-02 19:54:25 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:54:25 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:25 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:25 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2355230 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:54:25 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 was MODIFIED 2023-04-02 19:54:25 INFO StrimziPodSetController:379 - Reconciliation #87(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:25 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper is already enqueued => ignoring 2023-04-02 19:54:25 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:25 INFO StrimziPodSetController:343 - Reconciliation #88(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #88(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #88(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 DEBUG StrimziPodSetController:444 - Reconciliation #88(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:25 INFO StrimziPodSetController:379 - Reconciliation #88(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:25 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:31 INFO AbstractOperator:380 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Reconciliation is in progress 2023-04-02 19:54:33 DEBUG AbstractOperator:388 - Reconciliation #79(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:54:34 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355283 for v1/pods 2023-04-02 19:54:34 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:54:34 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:34 INFO StrimziPodSetController:343 - Reconciliation #89(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:34 DEBUG StrimziPodSetController:444 - Reconciliation #89(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:34 DEBUG StrimziPodSetController:444 - Reconciliation #89(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:34 DEBUG StrimziPodSetController:444 - Reconciliation #89(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:34 INFO StrimziPodSetController:379 - Reconciliation #89(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:34 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:35 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355298 for v1/pods 2023-04-02 19:54:35 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:54:35 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:35 INFO StrimziPodSetController:343 - Reconciliation #90(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:35 DEBUG StrimziPodSetController:444 - Reconciliation #90(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:35 DEBUG StrimziPodSetController:444 - Reconciliation #90(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:35 DEBUG StrimziPodSetController:444 - Reconciliation #90(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:35 INFO StrimziPodSetController:379 - Reconciliation #90(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:35 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:51 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:51 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:51 DEBUG Config:630 - Trying to configure client from Kubernetes config... 2023-04-02 19:54:51 DEBUG Config:636 - Did not find Kubernetes config at: [/.kube/config]. Ignoring. 2023-04-02 19:54:51 DEBUG Config:535 - Trying to configure client from service account... 2023-04-02 19:54:51 DEBUG Config:545 - Found service account host and port: 172.30.0.1:443 2023-04-02 19:54:51 DEBUG Config:551 - Found service account ca cert at: [/var/run/secrets/kubernetes.io/serviceaccount/ca.crt}]. 2023-04-02 19:54:51 DEBUG Config:558 - Found service account token at: [/var/run/secrets/kubernetes.io/serviceaccount/token]. 2023-04-02 19:54:51 DEBUG Config:849 - Trying to configure client namespace from Kubernetes service account namespace path... 2023-04-02 19:54:51 DEBUG Config:854 - Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace]. 2023-04-02 19:54:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2355425 for v1/pods 2023-04-02 19:54:53 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 was MODIFIED 2023-04-02 19:54:53 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:53 INFO StrimziPodSetController:343 - Reconciliation #91(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:53 DEBUG StrimziPodSetController:444 - Reconciliation #91(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:53 DEBUG StrimziPodSetController:444 - Reconciliation #91(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:53 DEBUG StrimziPodSetController:444 - Reconciliation #91(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:53 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/readyPods","value":3} 2023-04-02 19:54:53 DEBUG StatusDiff:48 - Current Status path /readyPods has value 2 2023-04-02 19:54:53 DEBUG StatusDiff:49 - Desired Status path /readyPods has value 3 2023-04-02 19:54:53 DEBUG StrimziPodSetController:398 - Reconciliation #91(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Updating status of StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 2023-04-02 19:54:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2355430 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:54:53 INFO StrimziPodSetController:379 - Reconciliation #91(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:53 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:53 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace namespace-0 was MODIFIED 2023-04-02 19:54:53 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-zookeeper in namespace my-cluster-8ba803c1-zookeeper 2023-04-02 19:54:53 INFO StrimziPodSetController:343 - Reconciliation #92(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): StrimziPodSet will be reconciled 2023-04-02 19:54:53 DEBUG StrimziPodSetController:444 - Reconciliation #92(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:53 DEBUG StrimziPodSetController:444 - Reconciliation #92(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:53 DEBUG StrimziPodSetController:444 - Reconciliation #92(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): Pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:54:53 INFO StrimziPodSetController:379 - Reconciliation #92(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-zookeeper): reconciled 2023-04-02 19:54:53 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:54:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:53 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:54:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG AbstractOperator:373 - Reconciliation #93(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:54:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:54 DEBUG Util:157 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 is ready 2023-04-02 19:54:54 DEBUG ReconcilerUtils:88 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Checking readiness of pod my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 2023-04-02 19:54:54 DEBUG Util:135 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 to get ready 2023-04-02 19:54:54 DEBUG ReconcilerUtils:88 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Checking readiness of pod my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 2023-04-02 19:54:54 DEBUG Util:135 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 to get ready 2023-04-02 19:54:54 DEBUG ReconcilerUtils:88 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Checking readiness of pod my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 2023-04-02 19:54:54 DEBUG Util:135 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 to get ready 2023-04-02 19:54:54 DEBUG Util:157 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-0 in namespace namespace-0 is ready 2023-04-02 19:54:54 DEBUG Util:157 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-1 in namespace namespace-0 is ready 2023-04-02 19:54:54 DEBUG Util:157 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-zookeeper-2 in namespace namespace-0 is ready 2023-04-02 19:54:54 DEBUG ZooKeeperReconciler:912 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Verifying that Zookeeper is configured to run with 3 replicas 2023-04-02 19:54:54 DEBUG ZookeeperScaler:76 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating Zookeeper Scaler for cluster my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181 2023-04-02 19:54:54 DEBUG Util:135 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for ZooKeeperAdmin connection to my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181 to get connected 2023-04-02 19:54:54 DEBUG ZookeeperScaler:159 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Received event WatchedEvent state:SyncConnected type:None path:null from ZooKeeperAdmin client connected to my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181 2023-04-02 19:54:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG Util:157 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ZooKeeperAdmin connection to my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181 is connected 2023-04-02 19:54:55 DEBUG ZookeeperScaler:217 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current Zookeeper configuration is {server.2=my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2888:3888:participant;127.0.0.1:12181, server.1=my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2888:3888:participant;127.0.0.1:12181, server.3=my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2888:3888:participant;127.0.0.1:12181} 2023-04-02 19:54:55 DEBUG ZookeeperScaler:200 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): The Zookeeper server configuration is already up to date 2023-04-02 19:54:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG ZookeeperScaler:159 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Received event WatchedEvent state:Closed type:None path:null from ZooKeeperAdmin client connected to my-cluster-8ba803c1-zookeeper-0.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-1.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181,my-cluster-8ba803c1-zookeeper-2.my-cluster-8ba803c1-zookeeper-nodes.namespace-0.svc:2181 2023-04-02 19:54:55 DEBUG Util:135 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Endpoints resource my-cluster-8ba803c1-zookeeper-client in namespace namespace-0 to get ready 2023-04-02 19:54:55 DEBUG Util:157 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Endpoints resource my-cluster-8ba803c1-zookeeper-client in namespace namespace-0 is ready 2023-04-02 19:54:55 DEBUG Util:135 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Endpoints resource my-cluster-8ba803c1-zookeeper-nodes in namespace namespace-0 to get ready 2023-04-02 19:54:55 DEBUG Util:157 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Endpoints resource my-cluster-8ba803c1-zookeeper-nodes in namespace namespace-0 is ready 2023-04-02 19:54:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy namespace-0/my-cluster-8ba803c1-network-policy-kafka already exists, updating it 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/spec/policyTypes"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring NetworkPolicy my-cluster-8ba803c1-network-policy-kafka diff {"op":"remove","path":"/status"} 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): NetworkPolicy my-cluster-8ba803c1-network-policy-kafka in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:54:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-kafka-0 already exists, updating it 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 diff {"op":"remove","path":"/status"} 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-0 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-kafka-1 already exists, updating it 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 diff {"op":"remove","path":"/status"} 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-1 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim namespace-0/data-my-cluster-8ba803c1-kafka-2 already exists, updating it 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/annotations/pv.kubernetes.io~1bind-completed"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/finalizers"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 diff {"op":"remove","path":"/status"} 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PersistentVolumeClaim data-my-cluster-8ba803c1-kafka-2 in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount namespace-0/my-cluster-8ba803c1-kafka already exists, updating it 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring ServiceAccount my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ServiceAccount my-cluster-8ba803c1-kafka in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:54:55 DEBUG AbstractNonNamespacedResourceOperator:100 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ClusterRoleBinding strimzi-namespace-0-my-cluster-8ba803c1-kafka-init does not exist, noop 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:151 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Reconciling existing Service resources [my-cluster-8ba803c1-kafka-brokers, my-cluster-8ba803c1-kafka-bootstrap] against the desired Service resources 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:160 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/[] should be deleted 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/my-cluster-8ba803c1-kafka-brokers already exists, updating it 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/spec/clusterIPs"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/spec/internalTrafficPolicy"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/spec/sessionAffinity"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/status"} 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service my-cluster-8ba803c1-kafka-brokers in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service namespace-0/my-cluster-8ba803c1-kafka-bootstrap already exists, updating it 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/spec/clusterIP"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/spec/clusterIPs"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/spec/internalTrafficPolicy"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/spec/sessionAffinity"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Service my-cluster-8ba803c1-kafka-bootstrap diff {"op":"remove","path":"/status"} 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Service my-cluster-8ba803c1-kafka-bootstrap in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:151 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Reconciling existing Ingress resources [] against the desired Ingress resources 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:160 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ingress namespace-0/[] should be deleted 2023-04-02 19:54:55 DEBUG KafkaListenersReconciler:739 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Validating secret [] with custom TLS listener certificates 2023-04-02 19:54:55 DEBUG KafkaListenersReconciler:827 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Adding certificate to status for listener: tls 2023-04-02 19:54:55 DEBUG Ca:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): cluster-ca: Reconciling kafka broker certificates 2023-04-02 19:54:55 DEBUG Ca:489 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-kafka-0 already exists 2023-04-02 19:54:55 DEBUG Ca:489 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-kafka-1 already exists 2023-04-02 19:54:55 DEBUG Ca:489 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Certificate for my-cluster-8ba803c1-kafka-2 already exists 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret namespace-0/my-cluster-8ba803c1-kafka-brokers already exists, updating it 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring Secret my-cluster-8ba803c1-kafka-brokers diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Secret my-cluster-8ba803c1-kafka-brokers in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-kafka-0 already exists, updating it 2023-04-02 19:54:55 DEBUG ConfigMapOperator:52 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-kafka-0 in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-kafka-1 already exists, updating it 2023-04-02 19:54:55 DEBUG ConfigMapOperator:52 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-kafka-1 in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap namespace-0/my-cluster-8ba803c1-kafka-2 already exists, updating it 2023-04-02 19:54:55 DEBUG ConfigMapOperator:52 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): ConfigMap my-cluster-8ba803c1-kafka-2 in namespace namespace-0 has not been patched because resources are equal 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PodDisruptionBudget namespace-0/my-cluster-8ba803c1-kafka already exists, updating it 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring PodDisruptionBudget my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/status"} 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:247 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): PodDisruptionBudget my-cluster-8ba803c1-kafka in namespace namespace-0 did not changed and doesn't need patching 2023-04-02 19:54:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:109 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet namespace-0/my-cluster-8ba803c1-kafka already exists, updating it 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/creationTimestamp"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/generation"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/managedFields"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/resourceVersion"} 2023-04-02 19:54:55 DEBUG ResourceDiff:57 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Ignoring StrimziPodSet my-cluster-8ba803c1-kafka diff {"op":"remove","path":"/metadata/uid"} 2023-04-02 19:54:55 DEBUG ResourceDiff:62 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet my-cluster-8ba803c1-kafka differs: {"op":"replace","path":"/spec/pods/0/spec/terminationGracePeriodSeconds","value":30} 2023-04-02 19:54:55 DEBUG ResourceDiff:63 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Current StrimziPodSet my-cluster-8ba803c1-kafka path /spec/pods/0/spec/terminationGracePeriodSeconds has value 30 2023-04-02 19:54:55 DEBUG ResourceDiff:64 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Desired StrimziPodSet my-cluster-8ba803c1-kafka path /spec/pods/0/spec/terminationGracePeriodSeconds has value 30 2023-04-02 19:54:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:54:55 DEBUG AbstractNamespacedResourceOperator:240 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 has been patched 2023-04-02 19:54:55 DEBUG KafkaRoller:220 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Verifying cluster pods are up-to-date. 2023-04-02 19:54:55 DEBUG KafkaRoller:228 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Initial order for updating pods (rolling restart or dynamic update) is [my-cluster-8ba803c1-kafka-0, my-cluster-8ba803c1-kafka-1, my-cluster-8ba803c1-kafka-2] 2023-04-02 19:54:55 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-0 after a delay of 0 MILLISECONDS 2023-04-02 19:54:55 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 due to [cluster-ca certificate removal] 2023-04-02 19:54:55 DEBUG KafkaRoller:747 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091,my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091,my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:54:55 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:55 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:55 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-0 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 250ms 2023-04-02 19:54:55 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 0 MILLISECONDS 2023-04-02 19:54:55 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [cluster-ca certificate removal] 2023-04-02 19:54:55 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 250ms 2023-04-02 19:54:55 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 0 MILLISECONDS 2023-04-02 19:54:55 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [cluster-ca certificate removal] 2023-04-02 19:54:55 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 250ms 2023-04-02 19:54:55 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:55 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:55 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:55 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:55 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:55 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:55 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:55 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:56 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-0 after a delay of 250 MILLISECONDS 2023-04-02 19:54:56 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 due to [cluster-ca certificate removal] 2023-04-02 19:54:56 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-0 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 500ms 2023-04-02 19:54:56 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 250 MILLISECONDS 2023-04-02 19:54:56 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [cluster-ca certificate removal] 2023-04-02 19:54:56 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 500ms 2023-04-02 19:54:56 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 250 MILLISECONDS 2023-04-02 19:54:56 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:56 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:56 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [cluster-ca certificate removal] 2023-04-02 19:54:56 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 500ms 2023-04-02 19:54:56 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:56 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:56 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:56 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:56 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-0 after a delay of 500 MILLISECONDS 2023-04-02 19:54:56 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 due to [cluster-ca certificate removal] 2023-04-02 19:54:56 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-0 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 1000ms 2023-04-02 19:54:56 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:56 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:56 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 500 MILLISECONDS 2023-04-02 19:54:56 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [cluster-ca certificate removal] 2023-04-02 19:54:56 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 1000ms 2023-04-02 19:54:56 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 500 MILLISECONDS 2023-04-02 19:54:56 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [cluster-ca certificate removal] 2023-04-02 19:54:56 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 1000ms 2023-04-02 19:54:57 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:57 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:57 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:57 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:57 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-0 after a delay of 1000 MILLISECONDS 2023-04-02 19:54:57 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 due to [cluster-ca certificate removal] 2023-04-02 19:54:57 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-0 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 2000ms 2023-04-02 19:54:57 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 1000 MILLISECONDS 2023-04-02 19:54:57 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [cluster-ca certificate removal] 2023-04-02 19:54:57 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 2000ms 2023-04-02 19:54:57 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 1000 MILLISECONDS 2023-04-02 19:54:57 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:57 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [cluster-ca certificate removal] 2023-04-02 19:54:57 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:57 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 2000ms 2023-04-02 19:54:58 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:58 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:58 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:58 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:58 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:58 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:59 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:59 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:54:59 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-0 after a delay of 2000 MILLISECONDS 2023-04-02 19:54:59 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 due to [cluster-ca certificate removal] 2023-04-02 19:54:59 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-0 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 4000ms 2023-04-02 19:54:59 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 2000 MILLISECONDS 2023-04-02 19:54:59 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [cluster-ca certificate removal] 2023-04-02 19:54:59 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 4000ms 2023-04-02 19:54:59 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 2000 MILLISECONDS 2023-04-02 19:54:59 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [cluster-ca certificate removal] 2023-04-02 19:54:59 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 4000ms 2023-04-02 19:54:59 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:54:59 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:00 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:00 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:00 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:00 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:00 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:00 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:01 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:01 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:01 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:01 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:01 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:01 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:02 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:02 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:02 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:02 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:02 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:02 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:03 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:03 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:03 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-0 after a delay of 4000 MILLISECONDS 2023-04-02 19:55:03 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 due to [cluster-ca certificate removal] 2023-04-02 19:55:03 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-0 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 8000ms 2023-04-02 19:55:03 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 4000 MILLISECONDS 2023-04-02 19:55:03 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [cluster-ca certificate removal] 2023-04-02 19:55:03 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 8000ms 2023-04-02 19:55:03 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 4000 MILLISECONDS 2023-04-02 19:55:03 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [cluster-ca certificate removal] 2023-04-02 19:55:03 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 8000ms 2023-04-02 19:55:03 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:03 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:03 DEBUG AbstractOperator:388 - Reconciliation #93(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:55:04 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:04 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:04 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:04 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:05 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:05 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:05 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:05 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:05 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:05 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:05 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:05 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:06 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:06 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:06 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:06 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:06 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:06 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:07 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:07 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:07 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:07 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:07 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:07 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:08 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:08 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:08 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:08 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:09 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:09 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:09 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:09 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:09 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:09 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:10 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:10 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:10 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:10 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:10 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:10 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:11 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:11 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:11 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:11 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:11 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-0 after a delay of 8000 MILLISECONDS 2023-04-02 19:55:11 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 due to [cluster-ca certificate removal] 2023-04-02 19:55:11 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-0 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 16000ms 2023-04-02 19:55:11 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 8000 MILLISECONDS 2023-04-02 19:55:11 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:11 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:11 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [cluster-ca certificate removal] 2023-04-02 19:55:11 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 16000ms 2023-04-02 19:55:11 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 8000 MILLISECONDS 2023-04-02 19:55:11 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [cluster-ca certificate removal] 2023-04-02 19:55:11 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 16000ms 2023-04-02 19:55:12 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:12 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:12 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:12 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:12 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:12 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:13 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:13 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:13 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:13 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:13 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:13 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:14 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:14 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:14 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:14 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:14 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:14 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:15 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:15 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:15 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:15 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:15 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:15 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:16 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:16 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:16 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:16 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:16 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:16 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:17 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:17 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:17 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:17 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:17 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:17 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:18 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:18 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:18 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:18 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:18 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:18 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:19 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:19 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:20 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:20 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:20 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:20 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:20 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:20 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:21 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:21 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:21 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:21 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:21 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:21 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:22 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:22 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:22 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:22 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:22 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:22 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:23 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:23 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:23 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:23 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:23 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:55:23 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:55:23 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:55:23 DEBUG AbstractOperator:373 - Reconciliation #94(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:55:23 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:23 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:24 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:24 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:24 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:24 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:25 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:25 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:25 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:25 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:25 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:25 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:26 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:26 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:26 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:26 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:26 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:26 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:27 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:27 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:27 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:27 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:27 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:27 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:27 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-0 after a delay of 16000 MILLISECONDS 2023-04-02 19:55:27 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 due to [cluster-ca certificate removal] 2023-04-02 19:55:27 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-0 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 32000ms 2023-04-02 19:55:27 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 16000 MILLISECONDS 2023-04-02 19:55:27 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [cluster-ca certificate removal] 2023-04-02 19:55:27 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 32000ms 2023-04-02 19:55:27 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 16000 MILLISECONDS 2023-04-02 19:55:27 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [cluster-ca certificate removal] 2023-04-02 19:55:27 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 32000ms 2023-04-02 19:55:28 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:28 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:28 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:28 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:28 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:28 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:29 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:29 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:29 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:29 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:29 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:29 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:30 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:30 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:30 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:30 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:30 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:30 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:31 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:31 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:31 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:31 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:31 INFO AbstractOperator:380 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Reconciliation is in progress 2023-04-02 19:55:31 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:31 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:32 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:32 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:32 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:32 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:32 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:32 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:33 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:33 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:33 DEBUG AbstractOperator:388 - Reconciliation #94(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:55:33 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:33 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:34 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:34 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:34 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:34 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:34 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:34 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:35 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:35 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:35 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:35 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:36 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:36 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:36 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:36 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:36 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:36 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:37 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:37 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:37 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:37 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:38 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:38 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:38 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:38 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:38 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:38 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:38 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:38 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:39 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:39 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:39 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:39 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:39 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:39 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:40 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:40 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:40 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:40 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:40 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:40 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:41 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:41 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:41 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:41 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:41 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:41 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:42 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:42 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:42 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:42 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:43 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:43 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:44 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:44 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:44 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:44 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:44 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:44 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:45 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:45 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:45 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:45 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:45 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:45 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:46 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:46 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:46 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:46 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:46 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:46 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:47 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:47 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:47 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:47 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:47 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:47 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:48 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:48 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:48 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:48 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:48 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:48 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:49 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:49 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:49 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:49 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:49 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:49 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:50 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:50 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:50 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:50 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:50 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:50 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:51 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:51 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:51 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:51 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:51 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:51 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:55:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:55:52 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:52 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:52 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:52 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:55:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:55:52 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:52 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:55:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:55:53 DEBUG Config:630 - Trying to configure client from Kubernetes config... 2023-04-02 19:55:53 DEBUG Config:636 - Did not find Kubernetes config at: [/.kube/config]. Ignoring. 2023-04-02 19:55:53 DEBUG Config:535 - Trying to configure client from service account... 2023-04-02 19:55:53 DEBUG Config:545 - Found service account host and port: 172.30.0.1:443 2023-04-02 19:55:53 DEBUG Config:551 - Found service account ca cert at: [/var/run/secrets/kubernetes.io/serviceaccount/ca.crt}]. 2023-04-02 19:55:53 DEBUG Config:558 - Found service account token at: [/var/run/secrets/kubernetes.io/serviceaccount/token]. 2023-04-02 19:55:53 DEBUG Config:849 - Trying to configure client namespace from Kubernetes service account namespace path... 2023-04-02 19:55:53 DEBUG Config:854 - Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace]. 2023-04-02 19:55:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:55:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:55:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:55:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:55:53 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:53 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:53 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:53 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:55:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:55:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:55:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:55:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:55:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:55:53 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:53 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:53 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:55:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:55:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:55:53 DEBUG AbstractOperator:373 - Reconciliation #95(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:55:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:55:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:55:54 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:54 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:54 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:54 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:54 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:54 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:55:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:55:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:55:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:55:55 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:55 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:55 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:55 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:55 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:55 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:56 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:56 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:56 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:56 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:56 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:56 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:57 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:57 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:57 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:57 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:57 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:57 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:58 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:58 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:58 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:58 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:59 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:59 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:59 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-0 after a delay of 32000 MILLISECONDS 2023-04-02 19:55:59 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 due to [cluster-ca certificate removal] 2023-04-02 19:55:59 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-0 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 64000ms 2023-04-02 19:55:59 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:55:59 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:55:59 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-1 after a delay of 32000 MILLISECONDS 2023-04-02 19:55:59 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-1 due to [cluster-ca certificate removal] 2023-04-02 19:55:59 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-1 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 64000ms 2023-04-02 19:55:59 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-2 after a delay of 32000 MILLISECONDS 2023-04-02 19:55:59 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-2 due to [cluster-ca certificate removal] 2023-04-02 19:55:59 INFO KafkaRoller:327 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Will temporarily skip verifying pod my-cluster-8ba803c1-kafka-2 is up-to-date due to ForceableProblem: Error getting broker config, retrying after at least 64000ms 2023-04-02 19:56:00 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:00 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:00 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:00 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:00 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:00 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:00 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:00 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:01 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:01 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:01 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:01 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:01 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:01 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:02 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:02 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:02 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:02 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:02 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:02 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:03 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:03 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:03 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:03 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:03 DEBUG AbstractOperator:388 - Reconciliation #95(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:56:03 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:03 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:04 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:04 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:04 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:04 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:05 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:05 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:05 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:05 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:05 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:05 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:06 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:06 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:06 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:06 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:06 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:06 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:07 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:07 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:07 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:07 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:08 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:08 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:08 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:08 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:08 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:08 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:09 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:09 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:09 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:09 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:09 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:09 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:10 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:10 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:10 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:10 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:10 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:10 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:11 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:11 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:11 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:11 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:11 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:11 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:12 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:12 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:12 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:12 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:12 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:12 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:13 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:13 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:13 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:13 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:13 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:13 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:14 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:14 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:14 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:14 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:14 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:14 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:15 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:15 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:15 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:15 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:15 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:15 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:16 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:16 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:16 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:16 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:17 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:17 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:17 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:17 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:17 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:17 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:18 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:18 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:18 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:18 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:19 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:19 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:19 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:19 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:19 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:19 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:20 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:20 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:20 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:20 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:20 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:20 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:21 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:21 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:21 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:21 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:21 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:21 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:22 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:22 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:22 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:22 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:22 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:22 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:23 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:23 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:23 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:23 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:23 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:56:23 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:56:23 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:56:23 DEBUG AbstractOperator:373 - Reconciliation #96(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:56:24 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:24 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:24 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:24 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:24 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:24 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:25 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:25 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:25 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:25 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:25 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:25 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:26 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:26 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:26 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:26 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:26 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:26 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:27 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:27 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:27 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:27 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:28 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:28 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:28 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:28 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:28 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:28 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:29 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:29 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:29 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:29 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:29 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:29 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:30 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:30 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:30 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:30 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:30 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:30 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:31 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:31 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:31 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:31 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:31 INFO AbstractOperator:380 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Reconciliation is in progress 2023-04-02 19:56:31 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:31 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:32 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:32 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:32 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:32 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:33 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:33 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:33 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:33 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:33 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:33 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:33 DEBUG AbstractOperator:388 - Reconciliation #96(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:56:34 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:34 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:34 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:34 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:34 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:34 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:35 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:35 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:35 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:35 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:35 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:35 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:36 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:36 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:36 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:36 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:36 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:36 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:36 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:36 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:37 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:37 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:37 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:37 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:38 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:38 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:38 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:38 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:38 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:38 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:39 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:39 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:39 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:39 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:39 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:39 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:40 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:40 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:40 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:40 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:41 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:41 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:41 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:41 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:41 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:41 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:42 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:42 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:42 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:42 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:42 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:42 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:43 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:43 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:43 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:43 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:43 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:43 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:44 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:44 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:44 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:44 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:44 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:44 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:44 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:44 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:45 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:45 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:45 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:45 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:46 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:46 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:46 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:46 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:46 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:46 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:47 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:47 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:47 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:47 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:47 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:47 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:48 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:48 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:48 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:48 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:48 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:48 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:49 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:49 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:49 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:49 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:50 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:50 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:50 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:50 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:50 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:50 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:51 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:51 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:51 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:51 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:51 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:51 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:56:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:56:52 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:52 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:52 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:52 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:52 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:52 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:56:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:56:53 DEBUG Config:630 - Trying to configure client from Kubernetes config... 2023-04-02 19:56:53 DEBUG Config:636 - Did not find Kubernetes config at: [/.kube/config]. Ignoring. 2023-04-02 19:56:53 DEBUG Config:535 - Trying to configure client from service account... 2023-04-02 19:56:53 DEBUG Config:545 - Found service account host and port: 172.30.0.1:443 2023-04-02 19:56:53 DEBUG Config:551 - Found service account ca cert at: [/var/run/secrets/kubernetes.io/serviceaccount/ca.crt}]. 2023-04-02 19:56:53 DEBUG Config:558 - Found service account token at: [/var/run/secrets/kubernetes.io/serviceaccount/token]. 2023-04-02 19:56:53 DEBUG Config:849 - Trying to configure client namespace from Kubernetes service account namespace path... 2023-04-02 19:56:53 DEBUG Config:854 - Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace]. 2023-04-02 19:56:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:56:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:56:53 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:53 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:56:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:56:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:56:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:56:53 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:53 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:56:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:56:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:56:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:56:53 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:56:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:56:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:56:53 DEBUG AbstractOperator:373 - Reconciliation #97(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:56:54 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:54 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:54 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:54 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:56:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:56:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:56:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:56:54 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:54 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:56:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:56:55 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:55 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:55 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:55 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:56:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:56:55 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:55 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:56 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:56 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:56 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:56 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:56 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:56 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:57 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:57 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:57 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:57 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:57 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:57 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:58 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:58 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:58 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:58 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:58 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:58 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:59 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:59 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:59 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:59 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:56:59 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:56:59 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:00 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:00 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:00 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:00 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:00 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:00 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:01 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:01 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:01 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:01 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:01 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:01 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:02 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:02 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:02 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:02 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:02 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:02 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:03 DEBUG KafkaRoller:303 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Considering updating pod my-cluster-8ba803c1-kafka-0 after a delay of 64000 MILLISECONDS 2023-04-02 19:57:03 DEBUG ReconcilerUtils:188 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 due to [cluster-ca certificate removal] 2023-04-02 19:57:03 INFO KafkaRoller:535 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-0 needs to be restarted. Reason: [cluster-ca certificate removal] 2023-04-02 19:57:03 DEBUG KafkaRoller:747 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Creating AdminClient for my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local:9091 2023-04-02 19:57:03 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:03 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:03 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-28] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:03 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-28] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:03 DEBUG KafkaAvailability:62 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Determining whether broker 0 can be rolled 2023-04-02 19:57:03 WARN KafkaAvailability:72 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): failed to get topic descriptions java.util.concurrent.CompletionException: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed at java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:332) ~[?:?] at java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:347) ~[?:?] at java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:636) ~[?:?] at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510) ~[?:?] at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:2162) ~[?:?] at org.apache.kafka.common.internals.KafkaCompletableFuture.kafkaCompleteExceptionally(KafkaCompletableFuture.java:49) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.internals.KafkaFutureImpl.completeExceptionally(KafkaFutureImpl.java:130) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$4.handleFailure(KafkaAdminClient.java:1922) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$Call.fail(KafkaAdminClient.java:826) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.maybeDrainPendingCall(KafkaAdminClient.java:1115) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.maybeDrainPendingCalls(KafkaAdminClient.java:1088) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1390) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] ... 2 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] ... 2 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] ... 2 more 2023-04-02 19:57:03 WARN KafkaAvailability:90 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Error determining whether it is safe to restart pod 0 java.util.concurrent.CompletionException: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed at java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:332) ~[?:?] at java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:347) ~[?:?] at java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:636) ~[?:?] at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510) ~[?:?] at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:2162) ~[?:?] at org.apache.kafka.common.internals.KafkaCompletableFuture.kafkaCompleteExceptionally(KafkaCompletableFuture.java:49) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.internals.KafkaFutureImpl.completeExceptionally(KafkaFutureImpl.java:130) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$4.handleFailure(KafkaAdminClient.java:1922) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$Call.fail(KafkaAdminClient.java:826) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.maybeDrainPendingCall(KafkaAdminClient.java:1115) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.maybeDrainPendingCalls(KafkaAdminClient.java:1088) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1390) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] ... 2 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] ... 2 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] ... 2 more 2023-04-02 19:57:03 WARN KafkaRoller:394 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-0 will be force-rolled, due to error: SSL handshake failed 2023-04-02 19:57:03 DEBUG KafkaRoller:682 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 2023-04-02 19:57:03 INFO PodOperator:54 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 2023-04-02 19:57:03 DEBUG PodOperator:60 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for pod my-cluster-8ba803c1-kafka-0 to be deleted 2023-04-02 19:57:03 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:03 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:03 DEBUG AbstractNamespacedResourceOperator:115 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods namespace-0/my-cluster-8ba803c1-kafka-0 exist, deleting it 2023-04-02 19:57:03 DEBUG AbstractOperator:388 - Reconciliation #97(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:57:03 DEBUG AbstractWatchManager:218 - Watching https://172.30.0.1:443/api/v1/namespaces/namespace-0/pods?fieldSelector=metadata.name%3Dmy-cluster-8ba803c1-kafka-0&allowWatchBookmarks=true&watch=true... 2023-04-02 19:57:03 DEBUG WatcherWebSocketListener:41 - WebSocket successfully opened 2023-04-02 19:57:03 DEBUG ResourceSupport:174 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Opened watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@1c55ef82 for evaluation of observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:57:03 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:57:03 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:03 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:03 DEBUG ResourceSupport:184 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pre-check is not complete yet, let's wait for the watch: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:57:03 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2356329 for v1/pods 2023-04-02 19:57:03 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:57:03 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:57:03 INFO StrimziPodSetController:343 - Reconciliation #98(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:57:03 DEBUG StrimziPodSetController:444 - Reconciliation #98(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:03 DEBUG StrimziPodSetController:444 - Reconciliation #98(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:03 DEBUG StrimziPodSetController:444 - Reconciliation #98(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:03 INFO StrimziPodSetController:379 - Reconciliation #98(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:57:03 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:57:04 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:57:04 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:57:04 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2356335 for v1/pods 2023-04-02 19:57:04 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:57:04 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:57:04 INFO StrimziPodSetController:343 - Reconciliation #99(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:57:04 DEBUG StrimziPodSetController:444 - Reconciliation #99(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:04 DEBUG StrimziPodSetController:444 - Reconciliation #99(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:04 DEBUG StrimziPodSetController:444 - Reconciliation #99(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:04 INFO StrimziPodSetController:379 - Reconciliation #99(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:57:04 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:57:04 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:04 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:05 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:05 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:05 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:05 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:05 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:05 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:06 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:06 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:06 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:06 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:06 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:06 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:06 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:06 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:07 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:07 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:07 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:07 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:08 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:08 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:08 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:08 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:08 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:08 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:08 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:08 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:09 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:09 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:10 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:10 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:10 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:10 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:10 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:10 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:11 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:11 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:11 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:11 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:12 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:12 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:12 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:12 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:12 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:12 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:13 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:13 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:13 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:13 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:13 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:13 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:14 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:14 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:14 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:14 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:14 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:14 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:15 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:15 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:15 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:15 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:15 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:15 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:16 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:16 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:16 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:16 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:16 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:16 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:17 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:17 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:17 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:17 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:17 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:17 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:18 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:18 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:18 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:18 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:18 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:18 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:19 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:19 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:19 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:19 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:20 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:20 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:20 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:20 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:21 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:21 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:21 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:21 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:21 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:21 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:22 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:22 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:22 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:22 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:23 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:23 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:23 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:23 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:23 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:23 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:23 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:57:23 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:23 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:23 DEBUG AbstractOperator:373 - Reconciliation #100(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:57:24 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:24 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:24 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:24 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:24 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:24 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:24 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:24 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:25 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:25 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:25 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:25 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:26 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:26 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:26 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:26 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:26 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:26 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:27 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:27 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:27 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:27 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:27 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:27 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:28 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:28 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:28 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:28 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:28 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:28 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:29 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:29 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:29 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:29 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:29 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:29 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:30 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:30 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:30 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:30 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:30 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:30 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:31 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:31 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:31 INFO AbstractOperator:380 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Reconciliation is in progress 2023-04-02 19:57:31 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:31 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:31 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:31 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:32 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:32 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:32 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:32 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:33 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:33 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:33 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:33 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:33 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.227:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:33 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:33 DEBUG AbstractOperator:388 - Reconciliation #100(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:57:34 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:34 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:34 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:57:34 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:57:34 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2356555 for v1/pods 2023-04-02 19:57:34 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:57:34 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:57:34 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:57:34 INFO StrimziPodSetController:343 - Reconciliation #101(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:57:34 DEBUG StrimziPodSetController:444 - Reconciliation #101(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:34 DEBUG StrimziPodSetController:444 - Reconciliation #101(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:34 DEBUG StrimziPodSetController:444 - Reconciliation #101(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:34 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/readyPods","value":2} 2023-04-02 19:57:34 DEBUG StatusDiff:48 - Current Status path /readyPods has value 3 2023-04-02 19:57:34 DEBUG StatusDiff:49 - Desired Status path /readyPods has value 2 2023-04-02 19:57:34 DEBUG StrimziPodSetController:398 - Reconciliation #101(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Updating status of StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 2023-04-02 19:57:34 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:34 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:34 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:34 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:34 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2356558 for v1/pods 2023-04-02 19:57:34 DEBUG ResourceSupport:204 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Not yet satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:57:34 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:34 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:34 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2356559 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:57:34 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:57:34 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:34 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:57:34 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:34 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 was MODIFIED 2023-04-02 19:57:34 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka is already enqueued => ignoring 2023-04-02 19:57:34 INFO StrimziPodSetController:379 - Reconciliation #101(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:57:34 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:57:34 INFO StrimziPodSetController:343 - Reconciliation #102(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:57:34 DEBUG StrimziPodSetController:444 - Reconciliation #102(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:34 DEBUG StrimziPodSetController:444 - Reconciliation #102(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:34 DEBUG StrimziPodSetController:444 - Reconciliation #102(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:34 INFO StrimziPodSetController:379 - Reconciliation #102(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:57:34 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:57:34 DEBUG Reflector:225 - Event received DELETED Pod resourceVersion v2356560 for v1/pods 2023-04-02 19:57:34 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was DELETED 2023-04-02 19:57:34 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:57:34 INFO StrimziPodSetController:343 - Reconciliation #103(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:57:34 DEBUG StrimziPodSetController:433 - Reconciliation #103(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Creating pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 2023-04-02 19:57:34 DEBUG AbstractNamespacedResourceOperator:212 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods namespace-0/my-cluster-8ba803c1-kafka-0 has been deleted 2023-04-02 19:57:34 DEBUG ResourceSupport:200 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Satisfied: observe deletion of Pods namespace-0/my-cluster-8ba803c1-kafka-0 2023-04-02 19:57:34 DEBUG ResourceSupport:59 - Closing io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@1c55ef82 2023-04-02 19:57:34 DEBUG AbstractWatchManager:226 - Force closing the watch io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager@1c55ef82 2023-04-02 19:57:34 DEBUG Watcher:43 - Watcher closed 2023-04-02 19:57:34 DEBUG WatchConnectionManager:60 - Closing websocket io.fabric8.kubernetes.client.jdkhttp.JdkWebSocketImpl@2b0a9b73 2023-04-02 19:57:34 DEBUG ResourceSupport:162 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Completing watch future 2023-04-02 19:57:34 DEBUG Util:135 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-0 in namespace namespace-0 to get deleted 2023-04-02 19:57:34 DEBUG WatcherWebSocketListener:69 - WebSocket close received. code: 1000, reason: 2023-04-02 19:57:34 DEBUG AbstractWatchManager:127 - Ignoring already closed/closing connection 2023-04-02 19:57:34 DEBUG PodOperator:69 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Rolling pod my-cluster-8ba803c1-kafka-0 finished 2023-04-02 19:57:34 DEBUG Util:157 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pods resource my-cluster-8ba803c1-kafka-0 in namespace namespace-0 is deleted 2023-04-02 19:57:34 DEBUG PodOperator:77 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Pod my-cluster-8ba803c1-kafka-0 was deleted 2023-04-02 19:57:34 DEBUG KubernetesRestartEventPublisher:74 - Publishing K8s event, time MicroTime(time=2023-04-02T19:57:34.853475Z, additionalProperties={}), type, Normal, reason, CaCertRemoved, note, cluster-ca certificate removal, pod, ObjectReference(apiVersion=null, fieldPath=null, kind=Pod, name=my-cluster-8ba803c1-kafka-0, namespace=namespace-0, resourceVersion=null, uid=null, additionalProperties={}) 2023-04-02 19:57:34 DEBUG KafkaRoller:689 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for restarted pod my-cluster-8ba803c1-kafka-0 to become ready 2023-04-02 19:57:34 DEBUG Util:135 - Reconciliation #53(watch) Kafka(namespace-0/my-cluster-8ba803c1): Waiting for Pods resource my-cluster-8ba803c1-kafka-0 in namespace namespace-0 to get ready 2023-04-02 19:57:35 DEBUG Reflector:225 - Event received ADDED Pod resourceVersion v2356565 for v1/pods 2023-04-02 19:57:35 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2356567 for v1/pods 2023-04-02 19:57:35 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was ADDED 2023-04-02 19:57:35 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:57:35 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2356570 for v1/pods 2023-04-02 19:57:35 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:57:35 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka is already enqueued => ignoring 2023-04-02 19:57:35 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:57:35 DEBUG StrimziPodSetController:508 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka is already enqueued => ignoring 2023-04-02 19:57:35 DEBUG KubernetesRestartEventPublisher:74 - Publishing K8s event, time MicroTime(time=2023-04-02T19:57:34.853475Z, additionalProperties={}), type, Normal, reason, PodForceRestartOnError, note, Pod needs to be forcibly restarted due to an error, pod, ObjectReference(apiVersion=null, fieldPath=null, kind=Pod, name=my-cluster-8ba803c1-kafka-0, namespace=namespace-0, resourceVersion=null, uid=null, additionalProperties={}) 2023-04-02 19:57:35 DEBUG StrimziPodSetController:444 - Reconciliation #103(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:35 DEBUG StrimziPodSetController:444 - Reconciliation #103(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:35 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/currentPods","value":2} 2023-04-02 19:57:35 DEBUG StatusDiff:48 - Current Status path /currentPods has value 3 2023-04-02 19:57:35 DEBUG StatusDiff:49 - Desired Status path /currentPods has value 2 2023-04-02 19:57:35 DEBUG StrimziPodSetController:398 - Reconciliation #103(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Updating status of StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 2023-04-02 19:57:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:35 INFO StrimziPodSetController:379 - Reconciliation #103(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:57:35 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:57:35 INFO StrimziPodSetController:343 - Reconciliation #104(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:57:35 DEBUG StrimziPodSetController:444 - Reconciliation #104(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:35 DEBUG StrimziPodSetController:444 - Reconciliation #104(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:35 DEBUG StrimziPodSetController:444 - Reconciliation #104(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:35 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2356571 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:57:35 INFO StrimziPodSetController:379 - Reconciliation #104(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:57:35 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:57:35 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 was MODIFIED 2023-04-02 19:57:35 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:57:35 INFO StrimziPodSetController:343 - Reconciliation #105(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:57:35 DEBUG StrimziPodSetController:444 - Reconciliation #105(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:35 DEBUG StrimziPodSetController:444 - Reconciliation #105(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:35 DEBUG StrimziPodSetController:444 - Reconciliation #105(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:35 DEBUG StatusDiff:47 - Status differs: {"op":"replace","path":"/currentPods","value":3} 2023-04-02 19:57:35 DEBUG StatusDiff:48 - Current Status path /currentPods has value 2 2023-04-02 19:57:35 DEBUG StatusDiff:49 - Desired Status path /currentPods has value 3 2023-04-02 19:57:35 DEBUG StrimziPodSetController:398 - Reconciliation #105(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Updating status of StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 2023-04-02 19:57:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:35 DEBUG KubernetesRestartEventPublisher:74 - Publishing K8s event, time MicroTime(time=2023-04-02T19:57:34.853475Z, additionalProperties={}), type, Normal, reason, PodUnresponsive, note, Pod needs to be restarted, because it does not seem to responding to connection attempts, pod, ObjectReference(apiVersion=null, fieldPath=null, kind=Pod, name=my-cluster-8ba803c1-kafka-0, namespace=namespace-0, resourceVersion=null, uid=null, additionalProperties={}) 2023-04-02 19:57:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:35 DEBUG Reflector:225 - Event received MODIFIED StrimziPodSet resourceVersion v2356574 for core.strimzi.io/v1beta2/strimzipodsets 2023-04-02 19:57:35 DEBUG StrimziPodSetController:220 - StrimziPodSet my-cluster-8ba803c1-kafka in namespace namespace-0 was MODIFIED 2023-04-02 19:57:35 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:57:35 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:35 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:35 INFO StrimziPodSetController:379 - Reconciliation #105(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:57:35 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:57:35 INFO StrimziPodSetController:343 - Reconciliation #106(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:57:35 DEBUG StrimziPodSetController:444 - Reconciliation #106(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:35 DEBUG StrimziPodSetController:444 - Reconciliation #106(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:35 DEBUG StrimziPodSetController:444 - Reconciliation #106(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:35 INFO StrimziPodSetController:379 - Reconciliation #106(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:57:35 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:57:37 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2356591 for v1/pods 2023-04-02 19:57:37 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:57:37 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:57:37 INFO StrimziPodSetController:343 - Reconciliation #107(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:57:37 DEBUG StrimziPodSetController:444 - Reconciliation #107(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:37 DEBUG StrimziPodSetController:444 - Reconciliation #107(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:37 DEBUG StrimziPodSetController:444 - Reconciliation #107(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:37 INFO StrimziPodSetController:379 - Reconciliation #107(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:57:37 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:57:38 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2356597 for v1/pods 2023-04-02 19:57:38 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:57:38 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:57:38 INFO StrimziPodSetController:343 - Reconciliation #108(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:57:38 DEBUG StrimziPodSetController:444 - Reconciliation #108(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:38 DEBUG StrimziPodSetController:444 - Reconciliation #108(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:38 DEBUG StrimziPodSetController:444 - Reconciliation #108(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:38 INFO StrimziPodSetController:379 - Reconciliation #108(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:57:38 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:57:39 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2356613 for v1/pods 2023-04-02 19:57:39 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:57:39 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:57:39 INFO StrimziPodSetController:343 - Reconciliation #109(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:57:39 DEBUG StrimziPodSetController:444 - Reconciliation #109(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:39 DEBUG StrimziPodSetController:444 - Reconciliation #109(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:39 DEBUG StrimziPodSetController:444 - Reconciliation #109(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:39 INFO StrimziPodSetController:379 - Reconciliation #109(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:57:39 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:57:40 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2356617 for v1/pods 2023-04-02 19:57:40 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:57:40 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:57:40 INFO StrimziPodSetController:343 - Reconciliation #110(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:57:40 DEBUG StrimziPodSetController:444 - Reconciliation #110(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:40 DEBUG StrimziPodSetController:444 - Reconciliation #110(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:40 DEBUG StrimziPodSetController:444 - Reconciliation #110(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:40 INFO StrimziPodSetController:379 - Reconciliation #110(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:57:40 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:57:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:52 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:52 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:53 DEBUG Config:630 - Trying to configure client from Kubernetes config... 2023-04-02 19:57:53 DEBUG Config:636 - Did not find Kubernetes config at: [/.kube/config]. Ignoring. 2023-04-02 19:57:53 DEBUG Config:535 - Trying to configure client from service account... 2023-04-02 19:57:53 DEBUG Config:545 - Found service account host and port: 172.30.0.1:443 2023-04-02 19:57:53 DEBUG Config:551 - Found service account ca cert at: [/var/run/secrets/kubernetes.io/serviceaccount/ca.crt}]. 2023-04-02 19:57:53 DEBUG Config:558 - Found service account token at: [/var/run/secrets/kubernetes.io/serviceaccount/token]. 2023-04-02 19:57:53 DEBUG Config:849 - Trying to configure client namespace from Kubernetes service account namespace path... 2023-04-02 19:57:53 DEBUG Config:854 - Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace]. 2023-04-02 19:57:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:53 INFO ClusterOperator:139 - Triggering periodic reconciliation for namespace * 2023-04-02 19:57:53 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:53 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:53 DEBUG AbstractOperator:373 - Reconciliation #111(timer) Kafka(namespace-0/my-cluster-8ba803c1): Try to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 2023-04-02 19:57:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:54 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:54 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:55 DEBUG CustomResource:165 - Calling CustomResource#setApiVersion doesn't do anything because the API version is computed and shouldn't be changed 2023-04-02 19:57:55 DEBUG CustomResource:176 - Calling CustomResource#setKind doesn't do anything because the Kind is computed and shouldn't be changed 2023-04-02 19:57:58 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2356756 for v1/pods 2023-04-02 19:57:58 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:57:58 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:57:58 INFO StrimziPodSetController:343 - Reconciliation #112(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:57:58 DEBUG StrimziPodSetController:444 - Reconciliation #112(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:58 DEBUG StrimziPodSetController:444 - Reconciliation #112(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:58 DEBUG StrimziPodSetController:444 - Reconciliation #112(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:58 INFO StrimziPodSetController:379 - Reconciliation #112(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:57:58 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:57:59 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2356765 for v1/pods 2023-04-02 19:57:59 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:57:59 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:57:59 INFO StrimziPodSetController:343 - Reconciliation #113(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:57:59 DEBUG StrimziPodSetController:444 - Reconciliation #113(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:59 DEBUG StrimziPodSetController:444 - Reconciliation #113(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:59 DEBUG StrimziPodSetController:444 - Reconciliation #113(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:57:59 INFO StrimziPodSetController:379 - Reconciliation #113(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:57:59 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:58:00 DEBUG Reflector:225 - Event received MODIFIED Pod resourceVersion v2356772 for v1/pods 2023-04-02 19:58:00 DEBUG StrimziPodSetController:240 - Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 was MODIFIED 2023-04-02 19:58:00 DEBUG StrimziPodSetController:504 - Enqueueing StrimziPodSet my-cluster-8ba803c1-kafka in namespace my-cluster-8ba803c1-kafka 2023-04-02 19:58:00 INFO StrimziPodSetController:343 - Reconciliation #114(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): StrimziPodSet will be reconciled 2023-04-02 19:58:00 DEBUG StrimziPodSetController:444 - Reconciliation #114(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-0 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:58:00 DEBUG StrimziPodSetController:444 - Reconciliation #114(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-1 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:58:00 DEBUG StrimziPodSetController:444 - Reconciliation #114(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): Pod my-cluster-8ba803c1-kafka-2 in namespace namespace-0 already exists => nothing to do right now 2023-04-02 19:58:00 INFO StrimziPodSetController:379 - Reconciliation #114(watch) StrimziPodSet(namespace-0/my-cluster-8ba803c1-kafka): reconciled 2023-04-02 19:58:00 DEBUG StrimziPodSetController:529 - Waiting for next event from work queue 2023-04-02 19:58:03 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:03 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:03 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:03 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:03 DEBUG AbstractOperator:388 - Reconciliation #111(timer) Kafka(namespace-0/my-cluster-8ba803c1): Failed to acquire lock lock::namespace-0::Kafka::my-cluster-8ba803c1 within 10000ms. 2023-04-02 19:58:04 WARN NetworkClient:775 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.232:9091) could not be established. Broker may not be available. 2023-04-02 19:58:04 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:04 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:04 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:04 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:05 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:05 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:05 WARN NetworkClient:775 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.232:9091) could not be established. Broker may not be available. 2023-04-02 19:58:05 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:05 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:06 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:06 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:06 WARN NetworkClient:775 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.232:9091) could not be established. Broker may not be available. 2023-04-02 19:58:06 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:06 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:07 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:07 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:07 WARN NetworkClient:775 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.232:9091) could not be established. Broker may not be available. 2023-04-02 19:58:07 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:07 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:08 WARN NetworkClient:775 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.232:9091) could not be established. Broker may not be available. 2023-04-02 19:58:08 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:08 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:08 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:08 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:09 WARN NetworkClient:775 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.232:9091) could not be established. Broker may not be available. 2023-04-02 19:58:09 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:09 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:09 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:09 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:10 WARN NetworkClient:775 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.232:9091) could not be established. Broker may not be available. 2023-04-02 19:58:10 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:10 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:11 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:11 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:11 WARN NetworkClient:775 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.232:9091) could not be established. Broker may not be available. 2023-04-02 19:58:11 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:11 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:12 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:12 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:12 WARN NetworkClient:775 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.232:9091) could not be established. Broker may not be available. 2023-04-02 19:58:12 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -3 (my-cluster-8ba803c1-kafka-2.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.131.0.137:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:12 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:13 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-27] Connection to node -2 (my-cluster-8ba803c1-kafka-1.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.128.2.144:9091) failed authentication due to: SSL handshake failed 2023-04-02 19:58:13 WARN AdminMetadataManager:232 - [AdminClient clientId=adminclient-27] Metadata update failed due to authentication error org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:371) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:314) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:309) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?] at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?] at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) ~[org.apache.kafka.kafka-clients-3.4.0.redhat-00001.jar:3.4.0.redhat-00001] at java.lang.Thread.run(Thread.java:833) ~[?:?] 2023-04-02 19:58:13 WARN NetworkClient:775 - [AdminClient clientId=adminclient-27] Connection to node -1 (my-cluster-8ba803c1-kafka-0.my-cluster-8ba803c1-kafka-brokers.namespace-0.svc.cluster.local/10.129.2.232:9091) could not be established. Broker may not be available.