Kafka Security / Authorization

Kafka Authorization is based on the following:

Demo

With Kafka in Docker (and the wurstmeister/kafka Docker image), use the following docker-compose.yml to use SimpleAclAuthorizer for authorization.

docker-compose.yml
version: '2'
services:
  zookeeper:
    image: wurstmeister/zookeeper
    ports:
      - "2181:2181"
  kafka:
    build: .
    ports:
      - "9092"
    environment:
      KAFKA_ADVERTISED_HOST_NAME: 192.168.0.87
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.auth.SimpleAclAuthorizer
      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

Run a 3-node Kafka cluster with authentication. Use the official documentation of kafka-docker for reference.

$ docker-compose up -d --scale kafka=3
Starting kafka-docker_kafka_1     ... done
Starting kafka-docker_kafka_2     ... done
Starting kafka-docker_kafka_3     ... done
Starting kafka-docker_zookeeper_1 ... done

$ docker-compose ps
          Name                        Command               State                         Ports
----------------------------------------------------------------------------------------------------------------------
kafka-docker_kafka_1       start-kafka.sh                   Up      0.0.0.0:32792->9092/tcp
kafka-docker_kafka_2       start-kafka.sh                   Up      0.0.0.0:32790->9092/tcp
kafka-docker_kafka_3       start-kafka.sh                   Up      0.0.0.0:32791->9092/tcp
kafka-docker_zookeeper_1   /bin/sh -c /usr/sbin/sshd  ...   Up      0.0.0.0:2181->2181/tcp, 22/tcp, 2888/tcp, 3888/tcp

// with no -f to check out the status at Kafka level
$ docker logs kafka-docker_kafka_1
...
INFO Kafka version: 2.3.0 (org.apache.kafka.common.utils.AppInfoParser)
INFO Kafka commitId: fc1aaa116b661c8a (org.apache.kafka.common.utils.AppInfoParser)
INFO Kafka startTimeMs: 1568969945089 (org.apache.kafka.common.utils.AppInfoParser)
INFO [KafkaServer id=1001] started (kafka.server.KafkaServer)

// Stop the cluster
$ docker-compose stop

results matching ""

    No results matching ""