堆栈内存溢出
  简体   繁体   English

是否可以访问在 OpenShift 上安装了 Route 侦听器类型的 Strimzi Kafka 中的 Zookeeper?

[英]Is it possible to access Zookeeper in Strimzi Kafka installed with Route listener type on OpenShift?

 原文  2021-03-19 19:10:34       apache-kafka/ openshift/ strimzi

问题描述

I have Strimzi Kafka cluster on OpenShift, configured like described here:我在 OpenShift 上有 Strimzi Kafka 集群,配置如下所述:

https://strimzi.io/blog/2019/04/30/accessing-kafka-part-3/ https://strimzi.io/blog/2019/04/30/accessing-kafka-part-3/

Basically like this:基本上是这样的:

kind: Kafka
metadata:
  name: ...
spec:
  kafka:
    version: 2.7.0
    replicas: 2
    listeners:
      plain: {}
      tls:
        authentication:
          type: tls
      external:
        type: route
        tls: true
        authentication:
          type: tls
    authorization:
      type: simple

According to the article above, I can only access bootstrap server via port 443 .根据上面的文章,我只能通过端口443访问引导服务器。 Basically, this set up works and does what I need.基本上,这个设置有效并且可以满足我的需要。

I am wondering if I can get external access to Zookeper to manage cluster via command line from my machine?我想知道我是否可以通过我的机器上的命令行对 Zookeper 进行外部访问以管理集群? And if yes, should I download Kafka binaries and use CLI from archive?如果是,我应该从存档下载 Kafka 二进制文件并使用 CLI 吗? Or I need to login to Zookeeper Pod (eg via OpenShift UI) and manage Kafka cluster via CLI from there?或者我需要登录 Zookeeper Pod(例如通过 OpenShift UI)并从那里通过 CLI 管理 Kafka 集群?

Thanks in advance.提前致谢。

1 个解决方案

解决方案1
 1 已采纳  2021-03-19 19:59:50

Strimzi does not provide any access to Zookeeper. Strimzi 不提供对 Zookeeper 的任何访问权限。 It is locked down using mTLS and network policies.它使用 mTLS 和网络策略锁定。 If you really need it, you can use this unofficial project https://github.com/scholzj/zoo-entrance and create a route manually your self.如果你真的需要它,你可以使用这个非官方的项目https://github.com/scholzj/zoo-entrance并自己手动创建一个路线。 But it is not secure - so use it on your own risk.但它并不安全 - 所以使用它需要您自担风险。 Openin a temrinal inside the Zookeeper pod would be an option as well.在 Zookeeper pod 内打开一个终端也是一种选择。 But in most cases, you should not need Zookeeper access today as Kafka is anyway preparing for its removal.但在大多数情况下,您现在不需要 Zookeeper 访问权限,因为 Kafka 无论如何都在为移除它做准备。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用strimzi在Openshift上设置Kafka - Setting up Kafka on Openshift with strimzi 在Openshift上使用Strimzi运算符的Apache Kafka-无法连接 - Apache Kafka with Strimzi operator on Openshift - cannot connect 使用Strimzi外部访问Kafka - External access to Kafka using Strimzi Strimzi Kafka Listener 自定义证书配置 - Strimzi Kafka Listener Custom Cert configuration 在 GKE 升级期间,Strimzi Kafka“没有匹配侦听器的经纪人” - Strimzi Kafka "brokers without a matching listener" during GKE Upgrade 在Prometheus Discovery中配置Kafka-zookeeper集群(使用Strimzi Kafka集群) - Configuring Kafka-zookeeper cluster in Prometheus Discovery(Using Strimzi Kafka cluster) 我可以在kafka中指定一个监听器来与zookeeper通信吗 - Can i specify a listener in kafka to communicate with zookeeper Kafka Manager 应该单独安装 Zookeeper 吗? - Should Zookeeper be installed seperately for Kafka Manager? srimzi - 无法从外部 m/c 访问 Kafka 代理 - strimzi - unable to access Kafka broker from external m/c Strimzi 操作员 Kafka 集群 ACL 未启用类型:简单 - Strimzi operator Kafka cluster ACL not enabling with type: simple
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM