Kafka connection

💬 Queries and Resources
1

Hi,

I am trying to connect our self-hosted Retool instance to our self-hosted Kafka cluster.
We followed the documentation here: and here.

Current Setup:

  • helm chart version: 6.6.0 and retool version 3.148.23-stable
  • Certificates are stored in a volume (/retool_backend/ca) mounted to the Retool pod
  • We have a PEM certificate that includes the signed CA and private key
  • We've defined the NODE_EXTRA_CA_CERTS environment variable to point to the PEM file: /retool_backend/ca/tls-combined.pem
  • We're using SASL_SSL Security Protocol with SCRAM-SHA-512 SASL mechanism
  • Broker URL, username, and password are properly configured

Issue:
We're encountering SSL handshake failures:Retool error:

Failed to get topics: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed

Kafka error:

failed to unmarshal size: remote error: tls: unknown certificate

Questions:

  1. Is there a specific directory we should be using instead of /retool_backend/ca?
  2. Should we use a specific filename for the PEM file?
  3. Should the PEM file contain only the signed CA certificate, or should it include both the CA and private key?

Any guidance would be greatly appreciated.

3

Hi @Florian_Burgos,

Apologies for the issue. Self hosted networking questions are very tricky but I can check with our team to see if I can get some answers on your three questions related to the directory, file name and CA cert.

I hope someone else in the community that has gone through this set up can chime in :crossed_fingers:

I am surprised the answers to your questions are not in our docs, if I can get some answers I will definitely ping the docs team to add those details in to help future users.