kafka 集群sasl认证

kafka 加密配置

1.增加用户密码配置 kafka_server_jaas.conf
路径：/data/kafka/config/jaas/kafka_server_jaas.conf

KafkaServer {
        org.apache.kafka.common.security.plain.PlainLoginModule required
        username="admin"
        password="admin123"
        user_admin="admin123";
};

这里 username 配置的用户为内部认证使用
user_admin 为用户级别，admin 是用户，admin123是密码,测试密码不一致会报错

2.修改启动配置

vim bin/kafka-server-start.sh
#配置密码路径
export KAFKA_OPTS="-Djava.security.auth.login.config=/data/kafka/config/jaas/kafka_server_jaas.conf"

3.修改kafka 配置文件 server.properties

listeners=SASL_PLAINTEXT://:9092,CONTROLLER://:9093
advertised.listeners=SASL_PLAINTEXT://:9092
inter.broker.listener.name=SASL_PLAINTEXT
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN

springboot 项目配置

spring:
    kafka:
        properties:
            security:
                protocol: SASL_PLAINTEXT
            sasl:
                mechanism: PLAIN
                jaas:
                    config: org.apache.kafka.common.security.plain.PlainLoginModule required username='admin' password='user123';

kafka-ui 参数配置(K8S)

yaml 配置

  - env:
        - name: DYNAMIC_CONFIG_ENABLED
          value: "true"
        - name: KAFKA_CLUSTERS_0_NAME
          value: dev
        - name: KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS
          value: :
        - name: SERVER_SERVLET_CONTEXT_PATH
          value: /
        - name: AUTH_TYPE
          value: LOGIN_FORM
        - name: SPRING_SECURITY_USER_NAME
          value: admin
        - name: SPRING_SECURITY_USER_PASSWORD
          value: 
        - name: KAFKA_CLUSTERS_1_NAME
          value: test
        - name: KAFKA_CLUSTERS_1_BOOTSTRAPSERVERS
          value: :
        - name: KAFKA_CLUSTERS_1_PROPERTIES_SECURITY_PROTOCOL
          value: SASL_PLAINTEXT
        - name: KAFKA_CLUSTERS_1_PROPERTIES_SASL_MECHANISM
          value: PLAIN
        - name: KAFKA_CLUSTERS_1_PROPERTIES_SASL_JAAS_CONFIG
          value: org.apache.kafka.common.security.plain.PlainLoginModule required
            username='admin' password='';
        - name: KAFKA_CLUSTERS_1_PROPERTIES_PROTOCOL
          value: PLAIN

这里配了两个环境，dev是没有加密的配置，test 环境配置了加密

DYNAMIC_CONFIG_ENABLED 配置是否可以在界面新增 kafka 集群
SPRING_SECURITY_USER_NAME 配置登录kafka-ui 的用户信息

参考文档

https://docs.kafka-ui.provectus.io/configuration/authentication/sasl_scram