[Verse 1]
Strimzi boots with secrets locked inside
Certificate Authority spawns to life
Auto-generating keys that multiply
Trust chains weaving through the Kafka hive
Default cycles spin at ninety days
But you can stretch or shrink those time displays
[Chorus]
TLS wraps every whisper tight
CA signs, clients verify
Keystores hold the private might
Truststores let the good ones by
Encryption dancing through the night
One-way, mutual, lock and key
[Verse 2]
Bring your own certificates if you dare
Override the built-in signing pair
Configure validity spans with care
Months or years, declare them in your yaml layer
Client pods need truststores filled with roots
To shake hands with brokers bearing fruits
[Chorus]
TLS wraps every whisper tight
CA signs, clients verify
Keystores hold the private might
Truststores let the good ones by
Encryption dancing through the night
One-way, mutual, lock and key
[Bridge]
When renewal time approaches near
Strimzi rotates without your fear
Rolling restarts cascade through
Old certs fade as new break through
PEM formats, JKS stores
Pick your poison, open doors
[Verse 3]
External CAs can join the game
Import your enterprise certificate chain
Set the validity periods to your claim
Thirty-six-five or custom timeframe
Client authentication optional
Mutual TLS makes it invincible
[Chorus]
TLS wraps every whisper tight
CA signs, clients verify
Keystores hold the private might
Truststores let the good ones by
Encryption dancing through the night
One-way, mutual, lock and key
[Outro]
Certificates expire but trust remains
Strimzi keeps your secrets safe from prying gains
TLS encryption flows through Kubernetes veins
Your Kafka fortress never breaks its chains