In the previous blog post Kafka Security - Part 1, I describe in length on how to setup SASL Plaintext as the security mechanism.
In this blog post, I would explain on how to setup security differently for Broker to Broker communication and Client (Producer/Consumer) to Broker communication.
In Kafka, you can set up multiple listeners
- Setup two Listeners in servers.properties:
listeners=CLIENT_LISTENER://:9091, BROKER_LISTENER://:9092 - Setup security map for the custom listeners:
listener.security.protocol.map= CLIENT_LISTENER:SASL_PLAINTEXT, BROKER_LISTENER: SASL_PLAINTEXT - Setup broker to broker communication to use BROKER_LISTENER
security.inter.broker.protocol=BROKER_LISTENER - Setup broker to broker communication to use PLAIN, for this scenario
sasl.mechanism.inter.broker.protocol=PLAIN - Setup Client (Producer/Consumer) to Broker communication to use PLAIN for this case.
sasl.enabled.mechanisms=PLAIN
For this scenario, we expect clients to communicate with broker on port 9091 and brokers to communicate with another broker on port 9092.
If you have Kafka sitting in a different VLAN than your client, then in that case, you can have port 9092 (for Broker-Broker communication) not exposed out side the VLAN
No comments:
Post a Comment