Gateway to Kafka Authentication
You can use all the Kafka security protocols; PLAINTEXT
, SASL_PLAINTEXT
, SASL_SSL
and SSL
. For these security protocols we support all SASL mechanisms; PLAIN
, SCRAM SHA
, OAuthBearer
, Kerberos
etc.
There are two ways of providing your configuration on how to connect to Kafka : envrionement variables and properties configuration file.
Environment variables
This is the default mode.
Provide Gateway with the environment variables to connect to Kafka.
Use the variables that start with a KAFKA_
prefix as it is Gateway's connection to Kafka.
conduktor-gateway:
image: conduktor/conduktor-gateway:3.0.2
environment:
KAFKA_BOOTSTRAP_SERVERS: kafka1:9092,kafka2:9092
KAFKA_SASL_MECHANISM: PLAIN
KAFKA_SECURITY_PROTOCOL: SASL_PLAINTEXT
KAFKA_SASL_JAAS_CONFIG: org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret";
Property file
You can edit the Gateway configuration to point to a property file to use for your Kafka connection.
conduktor-gateway:
image: conduktor/conduktor-gateway:2.3.0
environment:
GATEWAY_BACKEND_KAFKA_SELECTOR: '{ file : { path: /kafka.properties } }'
volumes:
- type: bind
source: "./kafka.properties"
target: /kafka.properties
read_only: true
With this configuration Gateway will load the mounted configuration file and use it as property source to the Kafka connectivity.
Delegated Kafka authentication
A special case for Gateway to Kafka connectivity is when you configure Client to Gateway security to delegate the authentication to Kafka (See this doc )
All previous configuration still applies but the authentication set in your provided configuration will not be used outside of Gateway administration tasks ( list nodes on startup, ...)