search

bitnami / containers

Bitnami container images
https://bitnami.com
Other
3.25k stars 4.75k forks source link

[bitnami/schema-registry] SASL_SSL is not working #70483

Closed miguelbirdie closed 2 weeks ago

miguelbirdie commented 1 month ago

Name and Version

bitnami/schema-registry

What architecture are you using?

None

What steps will reproduce the bug?

  1. Having the following configuration for schema registry 
          - name: SCHEMA_REGISTRY_KAFKA_BROKERS
      value: SASL_SSL://b-1:9096,SASL_SSL://b-2:9096,SASL_SSL://b-3:9096
    - name: SCHEMA_REGISTRY_KAFKA_SASL_MECHANISM
      value: SCRAM-SHA-512
    - name: SCHEMA_REGISTRY_KAFKA_SASL_USERS
      value: confluent-registry
    - name: SCHEMA_REGISTRY_KAFKA_SASL_PASSWORDS
      value: password
    - name: SCHEMA_REGISTRY_LISTENERS
      value: http://0.0.0.0:8081
    - name: SCHEMA_REGISTRY_AVRO_COMPATIBILY_LEVEL
      value: NONE
    - name: SCHEMA_REGISTRY_HEAP_OPTS
      value: -XX:InitialRAMPercentage=80.0 -XX:MaxRAMPercentage=80.0
    - name: SCHEMA_REGISTRY_JVM_PERFORMANCE_OPTS
      value: -XX:MetaspaceSize=96m -XX:+UseG1GC -XX:MaxGCPauseMillis=20 -XX:InitiatingHeapOccupancyPercent=35
        -XX:G1HeapRegionSize=16M -XX:MinMetaspaceFreeRatio=50 -XX:MaxMetaspaceFreeRatio=80
    - name: SCHEMA_REGISTRY_JMX_OPTS
      value: -javaagent:/opt/jmx_prometheus_javaagent.jar=5556:/etc/jmx-schema-registry/jmx-schema-registry-prometheus.yml
        -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false
        -Dcom.sun.management.jmxremote.ssl=false
    image: bitnami/schema-registry:7.6.2
  2. We are getting this issue: 
    In order to configure the TLS encryption for communication with Kafka brokers, you must mount your schema-registry.keystore.jks and schema-registry.truststore.jks certificates to the /opt/bitnami/schema-registry/certs directory.

What is the expected behavior?

This configuration has been tested with confluentic docker image and it works. keystore is not needed for SASL_SSL

What do you see instead?

keystore is required

Additional information

I've tested this using Kafka in AWS MSK

dgomezleon commented 1 month ago

Thank you for bringing this issue to our attention. Since it seems you are familiar with the cause of the error, would you like to create a PR to implement a solution? The Bitnami team will be excited to review your submission and offer feedback. You can find the contributing guidelines here.

Your contribution will greatly benefit the community. Feel free to reach out if you have any questions or need assistance.

github-actions[bot] commented 3 weeks ago

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

github-actions[bot] commented 2 weeks ago

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.