[#222] Add authentication for Kafka clients.

Signed-off-by: Abel Buechner-Mihaljevic <[email protected]>
eclipse · Jun 4, 2021 · 6b29136 · 6b29136
1 parent ae5db52
commit 6b29136
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/charts/hono/templates/_helpers.tpl b/charts/hono/templates/_helpers.tpl
@@ -227,6 +227,9 @@ kafka:
 {{- if .dot.Values.kafkaMessagingClusterExample.enabled }}
   commonClientConfig:
     bootstrap.servers: {{ .dot.Release.Name }}-{{ .dot.Values.kafka.nameOverride }}-0.{{ .dot.Release.Name }}-{{ .dot.Values.kafka.nameOverride }}-headless.{{ .dot.Release.Namespace }}:{{ .dot.Values.kafka.service.port }}
+    security.protocol: SASL_PLAINTEXT
+    sasl.mechanism: SCRAM-SHA-512
+    sasl.jaas.config: "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"{{ first .dot.Values.kafka.auth.sasl.jaas.clientUsers }}\" password=\"{{ first .dot.Values.kafka.auth.sasl.jaas.clientPasswords }}\";"
 {{- else if not .dot.Values.adapters.kafkaMessagingSpec }}
   {{- required ".Values.adapters.kafkaMessagingSpec MUST be provided if example Kafka cluster is disabled" nil }}
 {{- else if not (index .dot.Values.adapters.kafkaMessagingSpec.commonClientConfig "bootstrap.servers") }}

diff --git a/charts/hono/values.yaml b/charts/hono/values.yaml
@@ -1807,6 +1807,12 @@ kafka:
   zookeeper:
     persistence:
       size: 1Gi
+    auth:
+      enabled: true
+      clientUser: zookeeperUser
+      clientPassword: zookeeperPassword
+      serverUsers: zookeeperUser
+      serverPasswords: zookeeperPassword
   # Expose the Kafka service to be accessed from outside the cluster (LoadBalancer service).
   # Alternatively use NodePort configuration, for more information refer to
   # https://github.com/bitnami/charts/tree/master/bitnami/kafka#accessing-kafka-brokers-from-outside-the-cluster
@@ -1828,3 +1834,13 @@ kafka:
   nameOverride: kafka
   service:
     port: 9092
+  auth:
+    clientProtocol: sasl
+    sasl:
+      jaas:
+        clientUsers:
+          - "hono"
+        clientPasswords:
+          - "hono-secret"
+        zookeeperUser: zookeeperUser
+        zookeeperPassword: zookeeperPassword