Closed ozahavi closed 9 months ago
Hi,
Did you try the provisioning.extraProvisioningCommands
value? There you could configure extra settings for the topic
Hi,
Did you try the
provisioning.extraProvisioningCommands
value? There you could configure extra settings for the topic
Nope, I was thinking of configuring it via extraConfig
similar to the way I configured authorizerClassName
.
The question is, what are the needed keys and the structure that need to be added in?
Hi,
It seems that this question is more related to the usage of Kafka itself rather than the Bitnami packaging of the application. Did you check the Kafka documentation or their support page?
I finally found an example for setting ACLs on values.yaml
- https://github.com/bitnami/charts/blob/main/bitnami/kafka/values.yaml#L2110C1-L2124.
It seems to work, but I am now running into a different issue with the authorizer. From the provisioner job logs -
Error while executing ACL command: org.apache.kafka.common.errors.SecurityDisabledException: No Authorizer is configured.
I am configuring the authorizer according to - https://github.com/bitnami/charts/blob/main/bitnami/kafka/README.md?plain=1#L1125-L1152, like this
extraConfig = {
authorizerClassName = "kafka.security.auth.StandardAuthorize"
}
When looking at the server.properties file the authorizer row looks odd as it's structure is different from all other of the configurations.
authorizerClassName: kafka.security.auth.StandardAuthorizer
Any idea what might I be doing wrong?
Hello @ozahavi, could it be you are parsing the extraConfig
param as an array? It expects a single string so it should be something like this:
$ helm install kafka oci://registry-1.docker.io/bitnamicharts/kafka --set extraConfig="authorizerClassName=kafka.security.auth.StandardAuthorizer",...
Hello @ozahavi, could it be you are parsing the
extraConfig
param as an array? It expects a single string so it should be something like this:$ helm install kafka oci://registry-1.docker.io/bitnamicharts/kafka --set extraConfig="authorizerClassName=kafka.security.auth.StandardAuthorizer",...
Tried with a string, this is how it looks in the values.yaml
-
extraConfig: authorizerClassName=kafka.security.auth.StandardAuthorizer
And this is how it looks on the config map -
listener.name.client.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required user_telemetry="password-placeholder-0" user_mlops="password-placeholder-1";
listener.name.client.scram-sha-256.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required;
listener.name.client.scram-sha-512.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required;
listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="inter_broker_user" password="interbroker-password-placeholder" user_inter_broker_user="interbroker-password-placeholder" user_2="password-placeholder-0" user_1="password-placeholder-1";
listener.name.internal.scram-sha-256.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="inter_broker_user" password="interbroker-password-placeholder";
listener.name.internal.scram-sha-512.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="inter_broker_user" password="interbroker-password-placeholder";
# End of SASL JAAS configuration
authorizerClassName=kafka.security.auth.StandardAuthorizer
And still getting this in the provisioning log -
Error while executing ACL command: org.apache.kafka.common.errors.SecurityDisabledException: No Authorizer is configured.
java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.SecurityDisabledException: No Authorizer is configured.
@FraPazGal @javsalgar any suggestions?
I think this comes from a syntax error. Going by Kafka's documentation, you should be using the following syntax:
authorizer.class.name=org.apache.kafka.metadata.authorizer.StandardAuthorizer
#### Using it our chart ####
$ helm install kafka oci://registry-1.docker.io/bitnamicharts/kafka --set extraConfig="authorizer.class.name=org.apache.kafka.metadata.authorizer.StandardAuthorizer",...
It's possible you got confused by our README, as authorizerClassName
was a custom parameter we used that was later on parsed for Kafka (see that https://github.com/bitnami/charts/blob/main/bitnami/kafka/README.md?plain=1#L1125-L1152 refers to deprecated settings of our chart).
Could you try using the official syntax? If the issue persist please share with an updated values info to help us reproduce the error on our side.
Name and Version
bitnami/kafka 26.3.1
What architecture are you using?
None
What steps will reproduce the bug?
I have configured my Kafka cluster with two topics and two users, but I cannot understand from the docs where I should configure the actual ACL and assign each user permissions to a topic (ACL rules).
Are you using any custom parameters or values?