Control Center ConfigurationΒΆ
Create a file with a KafkaClient
entry at /tmp/kafka_client_jaas.conf
. The KafkaClient
section of
is where the principal for the client needs to be specified. This will be used later to authenticate the Control Center and Kafka Connect
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="monitoring_interceptor"
password="monitoring-interceptor-secret";
};
It is possible to pass the JAAS config file location as JVM parameter to each client JVM as
-Djava.security.auth.login.config=/tmp/kafka_client_jaas.conf
This will allow the confluent.monitoring.interceptor.
and confluent.metrics.reporter.
to communicate with the secured Kafka broker. Any broker with the
confluent.monitoring.interceptor.
or confluent.metrics.reporter.
will need to have a valid KafkaClient
section in the JAAS config.
The Control Center needs to know that security is enabled. Internally, the Control Center uses Kafka Streams as a state store, so with a secured broker, they also need to be secured.
Edit the /tmp/control-center.properties
:
########### Control Center security ###########
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
########### Kafka Streams ###########
confluent.controlcenter.streams.sasl.mechanism=PLAIN
confluent.controlcenter.streams.security.protocol=SASL_PLAINTEXT
The Control Center can be now be started
$ CONTROL_CENTER_OPTS=-Djava.security.auth.login.config=/tmp/kafka_client_jaas.conf \
KAFKA_OPTS=-Djava.security.auth.login.config=/tmp/kafka_client_jaas.conf \
./bin/control-center-start /tmp/control-center.properties