如何在 kafka 和 zookeeper 中启用 SSL?
How to enable SSL in kafka and zookeeper?
我需要在 apache kafka 和 zookeeper 中启用 SSL 安全吗?有教程吗?我遇到了信任库路径问题。
您可以通过以下链接设置 SSL:
https://docs.confluent.io/platform/current/security/security_tutorial.html#generating-keys-certs
https://docs.confluent.io/3.0.0/kafka/ssl.html
这是我目前使用的docker:
版本:'3'
服务:
动物园管理员:
图片:confluentinc/cp-zookeeper:最新
container_name:动物园管理员
主机名:动物园管理员
端口:
- 2181:2181
环境:
ZOOKEEPER_SERVER_ID: 1
ZOOKEEPER_CLIENT_PORT: 2181
经纪人:
图片:confluentinc/cp-kafka:最新
container_name: 经纪人
主机名:经纪人
depends_on:
- 动物园管理员
环境:
KAFKA_BROKER_ID: 1
KAFKA_ZOOKEEPER_CONNECT: 'zookeeper:2181'
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,SSL:SSL
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://broker:9092,SSL://broker:9093
KAFKA_SSL_KEYSTORE_FILENAME: kafka.server.keystore.jks
KAFKA_SSL_KEYSTORE_CREDENTIALS: kafka.key
KAFKA_SSL_KEY_CREDENTIALS: kafka.key
KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.server.truststore.jks
KAFKA_SSL_TRUSTSTORE_CREDENTIALS: kafka.key
KAFKA_MIN_INSYNC_REPLICAS: 1
KAFKA_NUM_PARTITIONS: 1
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 500
KAFKA_DEFAULT_REPLICATION_FACTOR: 1
KAFKA_CONFLUENT_LICENSE_TOPIC_REPLICATION_FACTOR: 1
KAFKA_CONFLUENT_BALANCER_TOPIC_REPLICATION_FACTOR: 1
KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
CONFLUENT_METRICS_ENABLE: 'false'
卷:
- ./se:/etc/kafka/secrets
我需要在 apache kafka 和 zookeeper 中启用 SSL 安全吗?有教程吗?我遇到了信任库路径问题。
您可以通过以下链接设置 SSL: https://docs.confluent.io/platform/current/security/security_tutorial.html#generating-keys-certs https://docs.confluent.io/3.0.0/kafka/ssl.html
这是我目前使用的docker: 版本:'3' 服务: 动物园管理员: 图片:confluentinc/cp-zookeeper:最新 container_name:动物园管理员 主机名:动物园管理员 端口: - 2181:2181 环境: ZOOKEEPER_SERVER_ID: 1 ZOOKEEPER_CLIENT_PORT: 2181
经纪人: 图片:confluentinc/cp-kafka:最新 container_name: 经纪人 主机名:经纪人 depends_on: - 动物园管理员 环境: KAFKA_BROKER_ID: 1 KAFKA_ZOOKEEPER_CONNECT: 'zookeeper:2181' KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,SSL:SSL KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://broker:9092,SSL://broker:9093 KAFKA_SSL_KEYSTORE_FILENAME: kafka.server.keystore.jks KAFKA_SSL_KEYSTORE_CREDENTIALS: kafka.key KAFKA_SSL_KEY_CREDENTIALS: kafka.key KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.server.truststore.jks KAFKA_SSL_TRUSTSTORE_CREDENTIALS: kafka.key KAFKA_MIN_INSYNC_REPLICAS: 1 KAFKA_NUM_PARTITIONS: 1 KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 500 KAFKA_DEFAULT_REPLICATION_FACTOR: 1 KAFKA_CONFLUENT_LICENSE_TOPIC_REPLICATION_FACTOR: 1 KAFKA_CONFLUENT_BALANCER_TOPIC_REPLICATION_FACTOR: 1 KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1 KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1 CONFLUENT_METRICS_ENABLE: 'false' 卷: - ./se:/etc/kafka/secrets