Following on from KafkaUser in another namespace you will also need to sync the kafka-cluster-cluster-ca-cert too.
This is also straight forward and can be done with zero impact to existing services. The trick is to annotate the clusterCaCert generation with the necessary details
In your Kafka yaml add the following under kafka
template:
clusterCaCert:
metadata:
annotations:
reflector.v1.k8s.emberstack.com/reflection-allowed: “true”
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: “fluent”
clusterCaCert:
metadata:
annotations:
reflector.v1.k8s.emberstack.com/reflection-allowed: “true”
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: “fluent”
and create a secret to mirror it
apiVersion: v1
kind: Secret
metadata:
name: kafka-cluster-cluster-ca-cert
namespace: fluent
annotations:
reflector.v1.k8s.emberstack.com/reflects: “kafka/kafka-cluster-cluster-ca-cert”
type: Opaque
kind: Secret
metadata:
name: kafka-cluster-cluster-ca-cert
namespace: fluent
annotations:
reflector.v1.k8s.emberstack.com/reflects: “kafka/kafka-cluster-cluster-ca-cert”
type: Opaque
Once done this too will be mirrored and available for use.