4

I am trying to authenticate my Kafka rest proxy with SASL but I am having trouble transferring the configs made in my local docker compose to Kubernetes.

I am using JAAS configuration to achieve this. My JAAS file looks like this.

KafkaClient {
       org.apache.kafka.common.security.plain.PlainLoginModule required
       username="rest"
       password="rest-secret";
};

Client {
       org.apache.zookeeper.server.auth.DigestLoginModule required
       username="rest"
       password="restsecret";
};

and then in my docker compose I have done:

KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/rest_jaas.conf

How will I transfer this same logic to Kubernetes? I have tried passing the env variable like this:

env:
  - name: KAFKA_OPTS
    value: |
      KafkaClient {
        org.apache.kafka.common.security.plain.PlainLoginModule required
        username="rest"
        password="rest-secret";
      };
      Client {
        org.apache.zookeeper.server.auth.DigestLoginModule required
        username="rest"
        password="rest-secret";
      };

but it still fails. Here is what my logs say:

Error: Could not find or load main class KafkaClient
/bin/sh: 3: org.apache.kafka.common.security.plain.PlainLoginModule: not found
/bin/sh: 6: Syntax error: "}" unexpected

Your help will be highly appreciated.

Improve this question

1 Answer 1

Reset to default
7

Save your Kafka JAAS config file as rest_jaas.conf. Then execute:

kubectl create secret generic kafka-secret --from-file=rest_jaas.conf

Then in your deployment you insert:

      env:
      - name: KAFKA_OPTS 
        value: -Djava.security.auth.login.config=/etc/kafka/secrets/rest_jaas.conf
      volumeMounts:
      - name: kafka-secret
        mountPath: /etc/kafka/secrets
        subPath: rest_jaas.conf
    volumes:
    - name: kafka-secret
      secret:
        secretName: kafka-secret
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Does KAFKA_OPTS only allow for file contents? can't it be configured any other way other than getting the configs from the file?
KAFKA_OPTS is environment variable. It can store string of very limited length (i don't know maximum length). So it is better if you store configs as files.
@VasiliAngapov: I am using same format rest_jaas.conf but getting below exception. java.io.EOFException: null

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.