如何在动态环境中设置Kafka Security和侦听器? [英] How to setup Kafka Security and listeners in dynamic environment?

问题描述

这些资源很好地介绍了如何设置kafka安全性(加密+ ssl)以及kafka侦听器的好主意.

These resources provide a great view into how to setup kafka security (encryption + ssl) and good idea of kafka listeners.

1. 设置ssl身份验证
2. 收听者和广告收听者: a ， b ，

1. setting up ssl auth
2. listeners and advertised-listeners: a, b, c, d(from confluent guy - Robin M)

但这似乎在静态环境中很好用，而在动态环境中又如何呢?
当使用K8S和容器(在EC2等上具有k8s的docker容器)或其他编排框架时，主机名和副本数(即使没有自动缩放方案)也事先未知. 因此，我们如何动态创建证书，密钥库和信任库.以及如何在server.properties文件中动态配置listeners值.

But this seems to work well in static environments, what about dynamic environments.
When one uses K8S, and containers (docker with k8s over EC2 etc) or some other orchestration framworks, the hostnames and the number of replicas (even without autoscaling scenario) are not known in advance. So how can we create the certificates and the keystores and the truststores on the fly. And how to configure the listeners values on the fly in server.properties file.

推荐答案

这将创建一个kafka代理，但作为负载均衡器

This creates a kafka broker but as a load balancer

apiVersion: v1
kind: Service
metadata:
  annotations:
    cloud.google.com/load-balancer-type: Internal
  labels:
    app: kafka
  name: kafka-2-external
  namespace: default
spec:
  ports:
  - name: broker
    port: 9092
    protocol: TCP
    targetPort: kafka
  selector:
    app: kafka
    statefulset.kubernetes.io/pod-name: kafka-2
  sessionAffinity: None
  type: LoadBalancer

这篇关于如何在动态环境中设置Kafka Security和侦听器?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！