Kafka MirrorMaker is used for multi DC kafka, as well as aggregating all Kafka topics to the Kafka jumbo-eqiad cluster.
The Kafka clients are all configured to use a cergen created and Puppet CA signed TLS certificate. This certificate is about to expire, on Tuesday June 13.
We should either:
A. Renew the certificate: https://wikitech.wikimedia.org/wiki/Puppet#Renew_agent_certificate
or
B. Create a new certificate using our newer PKI system.