search

confluentinc / kafka-images

Confluent Docker images for Apache Kafka
Apache License 2.0
30 stars 137 forks source link

Zookeeper authentication #115

Open digz6666 opened 3 years ago

digz6666 commented 3 years ago

I'm trying to enable authentication on cp-zookeeper but couldn't find anything from the official docs.

According to following docs I should use zookeeper_jaas.conf: https://docs.confluent.io/platform/current/security/security_tutorial.html#generating-keys-certs

I passed auth provider env variable but couldn't figure out how to pass zookeeper_jaas.conf.

digz6666 commented 3 years ago

I passed zookeeper_jaas.conf but couldn't tell if zookeeper auth is enabled.

docker-compose.yml

version: "3.8"

services:
  zookeeper:
    image: confluentinc/cp-zookeeper:7.0.0
    environment:
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000
      ZOOKEEPER_AUTH_PROVIDER_SASL: "org.apache.zookeeper.server.auth.SASLAuthenticationProvider"
      KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/kafka/zookeeper_jaas.conf"
    ports:
      - 2181:2181
    volumes:
      - ./zookeeper/zookeeper_jaas.conf:/etc/kafka/zookeeper_jaas.conf

zookeeper_jaas.conf

Server {
       org.apache.zookeeper.server.auth.DigestLoginModule required
       user_super="admin-secret"
       user_kafka="kafka-secret";
};
andrewegel commented 2 years ago

Is there still an open question here?