[英]Dockerfile configuration for GSSAPI with SASL_SSL support for alpine based Go image
I have a Confluence Kafka consumer written in Golang.我有一个用 Golang 编写的 Confluence Kafka 消费者。 I am trying to deploy it in a PKS cluster.
我正在尝试将它部署在 PKS 集群中。
The Kafka config looks like this, Kafka 配置看起来像这样,
kafka.bootstrap.servers=server.myserver.com
kafka.security.protocol=SASL_SSL
kafka.sasl.mechanisms=GSSAPI
kafka.group.id=kafka-go-getting-started
kafka.auto.offset.reset=latest
kafka.topic=topic.consumer-topic
acks=all
I need to configure my Dockerfile for GSSAPI mechanism with SASL_SSL protocol.我需要使用 SASL_SSL 协议为 GSSAPI 机制配置我的 Dockerfile。 I have managed to resolve the GSSAPI thing, however, currently it shows,
我已经设法解决了 GSSAPI 问题,但是,目前它显示,
**Failed to create consumer: Unsupported value "SASL_SSL" for configuration property "security.protocol": OpenSSL not available at build time**
Here is how my Dockerfile looks like:这是我的 Dockerfile 的样子:
FROM golang:1.19-alpine3.16 as c-bindings
RUN apk update && apk upgrade && apk add pkgconf git bash build-base sudo
RUN git clone https://github.com/edenhill/librdkafka.git
RUN cd librdkafka && ./configure && make && sudo make install
FROM c-bindings as app-builder
WORKDIR /go/app
COPY . .
RUN go mod download
RUN go mod verify
RUN go build -race -tags musl --ldflags "-extldflags -static -s -w" -o main ./main.go
FROM scratch AS app-runner
WORKDIR /go/app/
COPY --from=app-builder /go/app/main ./main
CMD ["/go/app/main"]`
Tried some ways in Dockerfile to make OpenSSL available, however things are stuck at same.在 Dockerfile 中尝试了一些方法来使 OpenSSL 可用,但是事情仍然存在。 Not sure if both GSSAPI mechanism as well as SASL_SSL protocol can be resolved over a common solution.
不确定是否可以通过通用解决方案解决 GSSAPI 机制和 SASL_SSL 协议。
[Dec 05, 2022] Latest try: [2022 年 12 月 5 日] 最新尝试:
Dockerfile, Dockerfile,
FROM golang:1.19-alpine as c-bindings
RUN apk update && apk upgrade && apk add pkgconf git bash build-base sudo
FROM c-bindings as app-builder
WORKDIR /go/app
COPY . .
RUN go mod download
RUN go mod verify
RUN apk add zstd-dev
RUN apk add krb5
RUN apk add cyrus-sasl-gssapiv2
RUN apk add cyrus-sasl-dev
RUN apk add openssl-dev
RUN git clone https://github.com/edenhill/librdkafka.git
RUN cd librdkafka && ./configure --install-deps && make && sudo make install
COPY krb5.conf /etc/krb5.conf
COPY jaas.conf /etc/jaas.conf
RUN go build -race -tags dynamic -o main ./main.go
CMD ["/go/app/main"]
Kafka config -卡夫卡配置 -
kafka.bootstrap.servers=server.myserver.com
kafka.security.protocol=SASL_SSL
kafka.sasl.mechanism=GSSAPI
kafka.group.id=kafka-go-getting-started
kafka.auto.offset.reset=latest
kafka.topic=topic.consumer-topic
kafka.ssl.ca.location=/etc/ssl/certs/my-cert.pem
kafka.sasl.kerberos.service.name=kafka
kafka.sasl.kerberos.keytab=/etc/security/keytab/consumer.keytab
kafka.sasl.kerberos.principal=principal@myprincipal.COM
acks=all
Now the container is technically running.现在容器在技术上正在运行。 However, it is not able to run the Kafka consumer application with below errors -
但是,它无法运行 Kafka 消费者应用程序并出现以下错误 -
GSSAPI Error: A token had an invalid MIC (unknown mech-code 0 for mech unknown) GSSAPI 错误:令牌具有无效的 MIC(未知机械代码 0 未知机械)
that is because you are missing the SSL or SASL dependancies you would need to make sure that libssl-dev
, hoewever it could also needs those libsasl2-dev
, libsasl2-modules
, but libssl-dev
should be enough though那是因为您缺少 SSL 或 SASL 依赖项,您需要确保
libssl-dev
,但它可能还需要那些libsasl2-dev
, libsasl2-modules
,但libssl-dev
应该足够了
adding the following to the DOCKERFILE
should help to resolve it将以下内容添加到
DOCKERFILE
应该有助于解决它
RUN apk add libressl-dev
here is the official libssl and thealpine pkg这是官方的 libssl和alpine pkg
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.