Reputation: 795
Does setting SSL for Kafka affect Zookeeper communication
I know that Zookeeper acts as a Data-Store for Kafka. But what I have been looking to get clear is -
If I set SSL for Kafka then will that affect Kafka Broker to Zookeeper communication in any way? I mean do I have to make any changes specific to broker-zookeeper communication to not get interupted.
Upvotes: 0
Views: 694
Answers (1)
Reputation: 191681
There are multiple paths for data movement in Kafka
Sounds like you're asking about the Kafka client interaction, which would be setup on the advertised.listener addresses as SSL://... for example.
But that isn't encrypting data between Kafka and Zookeeper
The version of ZooKeeper that is bundled with Apache Kafka does not support SSL.
And so, assuming that is not outdated, you would need to grab a version of Zookeeper that does, which isn't a stable version yet, ZOOKEEPER-2185
That being said, mutiple people have successfully setup Kafka with SSL, but clearly the data over the wire to Zookeeper isn't encrypted. However, there should be no PII-like data going from Kafka to Zookeeper anyway since it is just metadata, if that is the concern.
And note, that is also different from the inter-broker replication protocols, which can be SSL-enabled or not, as well, separately from other Kafka interactions.
Upvotes: 4
Related Questions
- Kafka Zookeeper security
- Kafka SASL/PLAIN Setup with SSL
- Using apache kafka in SSL mode
- Does a kafka consumer machine need to run zookeeper?
- How Kafka Nodes and zookeeper will communicate with each other?
- Can Kafka talk to ZooKeeper over TCP even if Kafka is serving TLS/SSL?
- Kafka relationship with Zookeeper
- What if a Kafka broker cannot connect to zookeeper?
- Kafka and Zookeeper TLS
- relationship zookeeper and kafka