Skip to content

Latest commit

 

History

History
83 lines (70 loc) · 4.06 KB

File metadata and controls

83 lines (70 loc) · 4.06 KB

Quick Start SSL

This folder contains a variant of the Quick Start app configured to establish a secure connection with the Kafka broker.

The docker-compose.yml file has been revised to enable support for SSL, as follows:

  • broker:

    • Enabling of SSL enabled on port 29094.
    • Definition of new environment variables to configure key store, trust store, client authentication, and secrets:
      • KAFKA_SSL_TRUSTSTORE_FILENAME
      • KAFKA_SSL_TRUSTSTORE_CREDENTIALS
      • KAFKA_SSL_KEYSTORE_FILENAME
      • KAFKA_SSL_KEYSTORE_CREDENTIALS
      • KAFKA_SSL_KEY_CREDENTIALS
      • KAFKA_SSL_CLIENT_AUTH
  • kafka-connector:

    Adaption of adapters.xml to include:

    • New SSL endpoint (broker:29094):
      <param name="bootstrap.servers">broker:29094</param>
    • Encryption settings:
      <param name="encryption.enable">true</param>
      <param name="encryption.protocol">TLSv1.2</param>
      <param name="encryption.hostname.verification.enable">false</param>
    • Configuration of the trust store to authenticate the broker:
      <param name="encryption.truststore.path">secrets/kafka.connector.truststore.jks</param>
      <param name="encryption.truststore.password">kafka-connector-truststore-password</param>
    • Configuration of the key store for client authentication with the broker:
      <param name="encryption.keystore.enable">true</param>
      <param name="encryption.keystore.path">secrets/kafka-connector.keystore.jks</param>
      <param name="encryption.keystore.password">kafka-connector-password</param>
      <param name="encryption.keystore.key.password">kafka-connector-private-keypassword</param>
  • producer:

    • Parameter --bootstrap-servers set to the new SSL endpoint (broker:29094).
    • Provisioning of the producer.properties configuration file to enable SSL support:
      # Enable SSL
      security.protocol=SSL
      # Trust store configuration to authenticate the broker
      ssl.truststore.location=/usr/app/secrets/producer.truststore.jks
      ssl.truststore.password=producer-truststore-password
      # Key tore configuration for client authentication with the broker
      ssl.keystore.location=/usr/app/secrets/producer.keystore.jks
      ssl.keystore.password=producer-password
      ssl.key.password=producer-password
      # Disable host name verification
      ssl.endpoint.identification.algorithm=

In addition, all services reference the local secrets folder to retrieve their secrets:

In particular,

You can regenerate all of them with:

./generate-secrets.sh

Run

From this directory, follow the same instructions you can find in the Quick Start section of the main README file.