【发布时间】:2025-12-02 12:00:02
【问题描述】:
我正在使用这个舵图:https://github.com/helm/charts/tree/master/incubator/kafka
以及 values.yaml 中的这些覆盖
configurationOverrides:
advertised.listeners: |-
EXTERNAL://kafka-${KAFKA_BROKER_ID}.host-removed:$((31090 + ${KAFKA_BROKER_ID}))
listener.security.protocol.map: |-
PLAINTEXT:SASL_PLAINTEXT,EXTERNAL:SASL_PLAINTEXT
sasl.enabled.mechanisms: SCRAM-SHA-256
auto.create.topics.enable: false
inter.broker.listener.name: PLAINTEXT
sasl.mechanism.inter.broker.protocol: SCRAM-SHA-256
listener.name.EXTERNAL.scram-sha-256.sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="user" password="password";
基于此文档:https://kafka.apache.org/documentation/#security_jaas_broker
(快速总结)
Brokers may also configure JAAS using the broker configuration property sasl.jaas.config. The property name must be prefixed with the listener prefix including the SASL mechanism, i.e. listener.name.{listenerName}.{saslMechanism}.sasl.jaas.config. Only one login module may be specified in the config value. If multiple mechanisms are configured on a listener, configs must be provided for each mechanism using the listener and mechanism prefix
listener.name.sasl_ssl.scram-sha-256.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \
username="admin" \
password="admin-secret";
问题是当我启动 Kafka 时出现以下错误:
java.lang.IllegalArgumentException: Could not find a 'KafkaServer' or 'plaintext.KafkaServer' entry in the JAAS configuration. System property 'java.security.auth.login.config' is not set
根据优先顺序,如果上面的配置没有设置,它应该使用静态jass文件。
If JAAS configuration is defined at different levels, the order of precedence used is:
- 代理配置属性 listener.name.{listenerName}.{saslMechanism}.sasl.jaas.config
- 静态 JAAS 配置的{listenerName}.KafkaServer 部分
- 静态 JAAS 配置的 KafkaServer 部分
舵图不支持配置此 jaas 文件的方法,因此使用此属性似乎是所需的方式,我只是对配置不正确感到困惑。
注意:如果我禁用所有 SASL 并仅使用纯文本,则集群可以正常工作,但在真实环境中效果不佳。
【问题讨论】:
标签: kubernetes apache-kafka kubernetes-helm