[英]Kafka Client Consumer Config for Schema Registry and Broker
Following configs are in the Server Side:以下配置位于服务器端:
For broker: listener.security.protocol.map=EXTERNAL:SASL_SSL
kafka.rest.client.security.protocol=SASL_PLAINTEXT
For Schemaregistry:
ssl.client.auth=true
ssl.enabled.protocols=TLSv1.2
ssl.key.password=${file:/mnt/sslcerts/jksPassword.txt:jksPassword}
ssl.keystore.location=/mnt/sslcerts/keystore.jks
ssl.keystore.password=${file:/mnt/sslcerts/jksPassword.txt:jksPassword}
ssl.truststore.location=/mnt/sslcerts/truststore.jks
ssl.truststore.password=${file:/mnt/sslcerts/jksPassword.txt:jksPassword}
Broker is SASL protected and Schema Registry is mTLS protected. Broker 受 SASL 保护,Schema Registry 受 mTLS 保护。
I have following consumer config in my Spring Boot app.我的 Spring Boot 应用程序中有以下消费者配置。
props.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, bootstrapAddress);
props.put(ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG, KafkaJsonSchemaDeserializer.class);
props.put(ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG, KafkaJsonSchemaDeserializer.class);
props.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_SSL");
props.put(SslConfigs.SSL_ENABLED_PROTOCOLS_CONFIG, "TLSv1.2");
props.put(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, "JKS");
props.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, "./certs/truststore.jks");
props.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, "213fsfsK");
props.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, "JKS");
props.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, "./certs/keystore.jks");
props.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, "213fsfsK")
props.put(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG, sslEndpointIdentificationAlgorithm);
props.put(SaslConfigs.SASL_MECHANISM, saslMechanism);
props.put(SaslConfigs.SASL_JAAS_CONFIG, saslJaasConfig);
props.put(SaslConfigs.SASL_JAAS_CONFIG,
String.format("%s required username=\"%s\" " + "password=\"%s\";", PlainLoginModule.class.getName(), sasl_ssl_username, sasl_ssl_password));
props.put("schema.registry.url", "https://schemaregistry.confluent.apps:443");
I am trying to configure both the security protocols in the consumer.我正在尝试在消费者中配置这两种安全协议。 I am getting a bad certificate error and not able to consume the messages.我收到一个错误的证书错误,无法使用这些消息。 I just wanted to make sure I am using the right configurations so that I can be certain that the error is because of certificates.我只是想确保我使用了正确的配置,以便我可以确定错误是由于证书引起的。
I wasnt able to connect to schema registry using mTLS.我无法使用 mTLS 连接到模式注册表。 So, to avoid this, I changed the schema deserializers in the JDBCConnector so that I wont have to worry about Schema Registry at all.因此,为了避免这种情况,我更改了 JDBCConnector 中的模式反序列化器,这样我就不必担心模式注册表了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.