Kafka-cluster with external SSL only

Question

Kafka-cluster with external SSL only

Closed this issue 5 years ago · 2 comments

Hi All,

I want to expose Kafka service outside of kubernetes cluster with SSL support and the internal cluster should be with PLAINTEXT. Any suggestion would be appreciated.

Below is my listener's configuration.

listeners=PLAINTEXT://:9092,OUTSIDE://:9094
listener.security.protocol.map=PLAINTEXT:PLAINTEXT,SSL:SSL,SASL_PLAINTEXT:SASL_PLAINTEXT,SASL_SSL:SASL_SSL,OUTSIDE:SSL

Answer 1 · 2019-09-05T05:34:23.000Z

I have figured out the way and now I can expose outside with SSL.

Created Two services in the cluster for inside and outside.

apiVersion: v1
kind: Service
metadata:
name: bootstrap-inside
namespace: kafka
spec:
ports:

port: 9092
selector:
app: kafka

apiVersion: v1
kind: Service
metadata:
name: bootstrap-outside
namespace: kafka
spec:
ports:

port: 9094
selector:
app: kafka

Customize docker image by adding your java Keystore files into it or you can do that using Kubernetes secrets and add mount path to statefulset.

kubectl expose service bootstrap-outside --type=LoadBalancer --name=kafka-broker0-lb --port 9094 --target-port 9094 -n kafka
after this service creation edit the nodePort=> 32400

kubectl expose service bootstrap-outside --type=LoadBalancer --name=kafka-broker1-lb --port 9094 --target-port 9094 -n kafka
after this service creation edit the nodePort=> 32401

Answer 2 · 2021-03-31T08:44:05.000Z

Hello, can you describe the configuration process in detail?