Skip to main content
Quick navigation

Gateway to Kafka Authentication


You can use all the Kafka security protocols; PLAINTEXT, SASL_PLAINTEXT, SASL_SSL and SSL. For these security protocols we support all SASL mechanisms; PLAIN, SCRAM SHA, OAuthBearer, Kerberos etc.

There are two ways of providing your configuration on how to connect to Kafka : envrionement variables and properties configuration file.

Environment variables

This is the default mode.

Provide Gateway with the environment variables to connect to Kafka.

Use the variables that start with a KAFKA_ prefix as it is Gateway's connection to Kafka.

image: conduktor/conduktor-gateway:3.0.0
KAFKA_BOOTSTRAP_SERVERS: kafka1:9092,kafka2:9092
KAFKA_SASL_JAAS_CONFIG: required username="admin" password="admin-secret";

Property file

You can edit the Gateway configuration to point to a property file to use for your Kafka connection.

image: conduktor/conduktor-gateway:2.3.0
GATEWAY_BACKEND_KAFKA_SELECTOR: '{ file : { path: / } }'
- type: bind
source: "./"
target: /
read_only: true

With this configuration Gateway will load the mounted configuration file and use it as property source to the Kafka connectivity.

Delegated Kafka authentication

A special case for Gateway to Kafka connectivity is when you configure Client to Gateway security to delegate the authentication to Kafka (See this doc )

All previous configuration still applies but the authentication set in your provided configuration will not be used outside of Gateway administration tasks ( list nodes on startup, ...)