SSL is not configured when Internal and external listener is defined

Question

SSL is not configured when Internal and external listener is defined

David-hod opened this issue 3 years ago · 1 comments

looking at the code :
https://github.com/confluentinc/kafka-images/blob/master/kafka/include/etc/confluent/docker/configure

if [[ $KAFKA_ADVERTISED_LISTENERS == *"SSL://"* ]]

will always be false in case you define multiple listeners like this :

docker run --name kafka --rm -it -p 2181:2181 -p 9092:9092 -p 29092:29092 \
    -e KAFKA_LISTENERS=INTERNAL://:29092,EXTERNAL://:9092 \
    -e KAFKA_ADVERTISED_LISTENERS=INTERNAL://kafka:29092,EXTERNAL://localhost:9092 \
    -e KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=INTERNAL:PLAINTEXT,EXTERNAL:PLAINTEXT \
    -e KAFKA_INTER_BROKER_LISTENER_NAME=INTERNAL \
    confluentinc/cp-kafka:latest

like the documentation specify to do :
https://www.confluent.io/blog/kafka-listeners-explained/

Answer 1 · 2021-09-23T11:47:59.000Z

@David-hod I think, in your example, you'd mean defining EXTERNAL listener as SSL.

Like this:

    -e KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=INTERNAL:PLAINTEXT,EXTERNAL:SSL \

Anyway, the issue is there.