Reputation: 547
Is it possible to connect zookeeper and kafka via SASL , kafka broker and its clients via SSL without enabling plain text?
I am using Kafka Version 0.10.1. I connected Kafka brokers and its clients via SSL and its working fine.Now I have a query with some limitations. My limitations are
- No Plain text communications allowed
- The connection between Kafka-brokers and its clients be SSL.
- The connection between Kafka-brokers and zookeeper via SASL (since zookeeper doesn't support SSL).
Since all inter-broker communications are set to SSL. I have a query that, Whether SASL connection between Zookeeper and Kafka-Broker is possible without enabling plaintext in Kafka-Broker. Thanks in advance.
Upvotes: 1
Views: 1360
Answers (1)
Reputation: 26865
Yes it is possible to setup a Kafka cluster with Zookeeper with all the requirements you listed.
You'll need to have 2 listeners SSL and SASL_SSL (No PLAINTEXT) in your Kafka config:
listeners=SASL_SSL://host.name:port,SSL://host.name:port
Set inter broker to SSL
security.inter.broker.protocol=SSL
I suggest you check the Security section in the Kafka documentation to see what you need to do exactly to get this working, including how to configure clients so they connect over SASL_SSL: http://kafka.apache.org/documentation/#security
It also contains a section about securing Zookeeper: http://kafka.apache.org/documentation/#zk_authz
Upvotes: 2
Related Questions
- Kafka Zookeeper security
- Kafka SASL/Plain with SSL options and Kafka SASL/Scram with SSL
- Kafka SASL zookeeper authentication
- Kafka SASL/PLAIN Setup with SSL
- Kafka receive Sasl Exception from Zookeeper when SASL Authentication enabled
- Does setting SSL for Kafka affect Zookeeper communication
- Kafka SASL configuration: Is it possible to enable it for only clients
- Can Kafka talk to ZooKeeper over TCP even if Kafka is serving TLS/SSL?
- Zookeeper and Kafka with SASL security
- Kafka and Zookeeper TLS