kafka 加密配置
1.增加用户密码配置 kafka_server_jaas.conf
路径:/data/kafka/config/jaas/kafka_server_jaas.conf
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin123"
user_admin="admin123";
};
这里 username 配置的用户为内部认证使用
user_admin 为用户级别,admin 是用户,admin123是密码,测试密码不一致会报错
2.修改启动配置
vim bin/kafka-server-start.sh
#配置密码路径
export KAFKA_OPTS="-Djava.security.auth.login.config=/data/kafka/config/jaas/kafka_server_jaas.conf"
3.修改kafka 配置文件 server.properties
listeners=SASL_PLAINTEXT://:9092,CONTROLLER://:9093
advertised.listeners=SASL_PLAINTEXT://<IP>:9092
inter.broker.listener.name=SASL_PLAINTEXT
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
springboot 项目配置
spring:
kafka:
properties:
security:
protocol: SASL_PLAINTEXT
sasl:
mechanism: PLAIN
jaas:
config: org.apache.kafka.common.security.plain.PlainLoginModule required username='admin' password='user123';
kafka-ui 参数配置(K8S)
yaml 配置
- env:
- name: DYNAMIC_CONFIG_ENABLED
value: "true"
- name: KAFKA_CLUSTERS_0_NAME
value: dev
- name: KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS
value: <IP>:<PORT>
- name: SERVER_SERVLET_CONTEXT_PATH
value: /
- name: AUTH_TYPE
value: LOGIN_FORM
- name: SPRING_SECURITY_USER_NAME
value: admin
- name: SPRING_SECURITY_USER_PASSWORD
value: <PASSWORD>
- name: KAFKA_CLUSTERS_1_NAME
value: test
- name: KAFKA_CLUSTERS_1_BOOTSTRAPSERVERS
value: <IP>:<PORT>
- name: KAFKA_CLUSTERS_1_PROPERTIES_SECURITY_PROTOCOL
value: SASL_PLAINTEXT
- name: KAFKA_CLUSTERS_1_PROPERTIES_SASL_MECHANISM
value: PLAIN
- name: KAFKA_CLUSTERS_1_PROPERTIES_SASL_JAAS_CONFIG
value: org.apache.kafka.common.security.plain.PlainLoginModule required
username='admin' password='<PASSWORD>';
- name: KAFKA_CLUSTERS_1_PROPERTIES_PROTOCOL
value: PLAIN
这里配了两个环境,dev是没有加密的配置,test 环境配置了加密
DYNAMIC_CONFIG_ENABLED 配置是否可以在界面新增 kafka 集群
SPRING_SECURITY_USER_NAME 配置登录kafka-ui 的用户信息
参考文档
https://docs.kafka-ui.provectus.io/configuration/authentication/sasl_scram