添加 kafka 的 helm 仓库
1
|
helm install my-release oci://registry-1.docker.io/bitnamicharts/kafka
|
找到暴露端口的地方
这样可以把 30001,30002,30003 暴露出去、
#如何给 kafka 添加认证
外部访问添加 SASL_PLAINTEXT 认证
修改 values.yaml 文件
主要修改项如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
allowPlaintextListener: true
deleteTopicEnable: true
numPartitions: 30
extraEnvVars:
- name: KAFKA_CFG_SECURITY_INTER_BROKER_PROTOCOL
value: "SASL_PLAINTEXT"
- name: KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL
value: "PLAIN"
- name: KAFKA_CFG_SASL_ENABLED_MECHANISMS
value: "PLAIN"
- name: KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND
value: "true"
auth:
enabled: true
ssl: false
## Kafka client user.
brokerUser: brokeruser
## Kafka client password.
brokerPassword: brokerpassword
## Kafka inter broker communication user.
interBrokerUser: adminuser
## Kafka inter broker communication password.
interBrokerPassword: adminpassword
## Kafka Zookeeper user.
zookeeperUser: admin
## Kafka Zookeeper password.
zookeeperPassword: adminpassword
|
修改 templates/statefulset.yaml 文件
修改 SASL_SSL 为 SASL_PLAINTEXT
1
2
3
4
5
|
value: "SASL_SSL://:$(KAFKA_PORT_NUMBER)"
value: "SASL_PLAINTEXT://:$(KAFKA_PORT_NUMBER)"
value: 'SASL_SSL://$(MY_POD_NAME).{{ template "kafka.fullname" . }}-headless.{{.Release.Namespace}}.svc.{{ .Values.clusterDomain }}:$(KAFKA_PORT_NUMBER)'
value: 'SASL_PLAINTEXT://$(MY_POD_NAME).{{ template "kafka.fullname" . }}-headless.{{.Release.Namespace}}.svc.{{ .Values.clusterDomain }}:$(KAFKA_PORT_NUMBER)'
|
移除证书相关配置
1
2
3
4
5
6
7
8
9
10
11
12
|
- {{- if .Values.auth.enabled }}
- - name: kafka-certificates
- mountPath: /opt/bitnami/kafka/conf/certs/
- readOnly: true
- {{- end }}
- {{ if .Values.auth.enabled }}
- - name: kafka-certificates
- secret:
- secretName: {{ required "A secret containing the Kafka JKS certificates is required when authentication in enabled" .Values.auth.certificatesSecret }}
- defaultMode: 256
- {{ end }}
|
修改 templates/scripts-configmap.yaml 文件
1
2
3
4
|
# 原始配置
export KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=INTERNAL:PLAINTEXT,EXTERNAL:PLAINTEXT
# 添加 EXTERNAL 认证
export KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=INTERNAL:PLAINTEXT,EXTERNAL:SASL_PLAINTEXT
|