Hi,
I am trying to connect our self-hosted Retool instance to our self-hosted Kafka cluster.
We followed the documentation here: and here.
Current Setup:
- helm chart version: 6.6.0 and retool version 3.148.23-stable
- Certificates are stored in a volume (
/retool_backend/ca) mounted to the Retool pod - We have a PEM certificate that includes the signed CA and private key
- We've defined the
NODE_EXTRA_CA_CERTSenvironment variable to point to the PEM file:/retool_backend/ca/tls-combined.pem - We're using SASL_SSL Security Protocol with SCRAM-SHA-512 SASL mechanism
- Broker URL, username, and password are properly configured
Issue:
We're encountering SSL handshake failures:Retool error:
Failed to get topics: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Kafka error:
failed to unmarshal size: remote error: tls: unknown certificate
Questions:
- Is there a specific directory we should be using instead of
/retool_backend/ca? - Should we use a specific filename for the PEM file?
- Should the PEM file contain only the signed CA certificate, or should it include both the CA and private key?
Any guidance would be greatly appreciated.