search

envoyproxy / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
25.05k stars 4.82k forks source link

[kafka] Filter requests by API key #36978

Closed adamkotwasinski closed 1 week ago

adamkotwasinski commented 2 weeks ago

Title: Filter requests by API key

Description: Filter requests by API key. This allows us to provide finer-grained control over what Kafka clients (consumers/producers) can do when they use particular endpoints for the Kafka cluster. The perfect world would be single Kafka cluster with two sets of listeners where clients can connect - one set dedicated for producers, and one for consumers. Connecting to the wrong one and sending an unsupported request would then deny the forwarding upstream. Response rewriting would take care of advertising two sets of listeners, so the real Kafka addresses would not be propagated to the users.

This allows the proxy to control the access to Kafka without requiring any changes to the upstream cluster's / downstream clients' configuration.

envoy-broker-filtering-requests

adamkotwasinski commented 2 weeks ago

/assign @adamkotwasinski

KBaichoo commented 1 week ago

cc @mattklein123

adamkotwasinski commented 1 week ago

Delivered through ability to configure broker filter : https://github.com/envoyproxy/envoy/pull/36979/files#diff-437067755aa99b1d71e1b0acbdc55e296d1a0f617ecb19287f1afa1568d5d5ddR182