Hi Yingjie, > However, I meet a problem. If I need to add, remove or renew the certificate to Kafka’s truststore, Kafka requires a reboot which would impact the service available for other teams.
> So I want to know if there is a better way to support the change of Kafka’s certificate without impacting the service availability? Yes, Kafka supports dynamically updating broker's configuration. Please check here: https://kafka.apache.org/documentation/#dynamicbrokerconfigs , there's a section talking about "Updating SSL Truststore of an Existing Listener", which should be what you're looking for. Good luck. Thank you. Luke On Tue, Nov 23, 2021 at 1:12 PM yingjie zou <yingjiez...@gmail.com> wrote: > Hi, > > Currently, we are going to provide Kafka services to 20+ development teams > in my company, we’d like to provide that as multi-tenancy - the different > team has different authentication. And we try to use the Kafka mTLS > solution. > > However, I meet a problem. If I need to add, remove or renew the > certificate to Kafka’s truststore, Kafka requires a reboot which would > impact the service available for other teams. > > So I want to know if there is a better way to support the change of Kafka’s > certificate without impacting the service availability? > > Any help is appreciated. > > Thanks. > Yingjie Zou >
