I am planning to deploy Kafka cluster. I have below query :
1) To secure producer and consumer communication with Kafka broker, SSL can be used. If I have a cluster of 9 brokers and 3 zookeeper nodes and if I do not want to use self-signed certificates, do I have to buy a certificate for each of the nodes (9 + 3 certs, way too costly)?
As I have read that producer/consumer contacts one of the broker nodes directly, without contacting zookeeper.
Thanks,
Viral
Research "letsencrypt". You don't have to pay for trusted certificates. Also you can combine many domains/hostnames into one certificate
Yes you need to have certificate created per individual Kafka broker nodes on the cluster . So Keystore contains key and certificate of your broker , import this to truststore signed by CA . Similarlu If you signed the certificate with same CA on truststore then all the clients signed by this CA already know it's authorized .
Also if you enabled ssl.client.authorize enabled then client must have it's own Keystore (key+certifcate) signed by CA on truststore
I don't think zookeeper requires a certificate .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.