Kafka Rest Proxy

less than 1 minute read

Kafka Rest Proxy Security

The Kafka REST Proxy provides a RESTful interface to a Kafka cluster. It makes it easy to produce and consume messages, view the state of the cluster, and perform administrative actions without using the native Kafka protocol or clients. Examples of use cases include reporting data to Kafka from any frontend app built in any language, ingesting messages into a stream processing framework that doesn’t yet support Kafka, and scripting administrative actions.

Create Keytabs for Kafka Rest Proxy

Refer SASL_Kerberos for more details.

sudo kadmin.local

kadmin: addprinc -randkey rest@EKBANA.COM

kadmin: xst -norandkey -k /etc/security/keytabs/restProxy.keytab rest@EKBANA.COM

Configure (kafka-rest.properties)

You can refer SSL-Encryption for generating certificates.

listeners=http://nn1.ekbana.com:8082

schema.registry.url=https://nn1.ekbana.com:8081
zookeeper.connect=10.10.5.20:2181,10.10.5.21:2181,10.10.5.22:2181
bootstrap.servers=SASL_SSL://nn1.ekbana.com:9092,SASL_SSL://nn2.ekbana.com:9092,SASL_SSL://dn1.ekbana.com:9092

# ssl security

ssl.truststore.location=/etc/security/ssl/restProxy.client.truststore.jks
ssl.truststore.password=Truststore-password
ssl.keystore.location=/etc/security/ssl/restProxy.client.keystore.jks
ssl.keystore.password=Keystore-password
ssl.key.password=Key-password

ssl.protocol=SSL
inter.instance.protocol=http
ssl.client.auth=true

sasl.mechanism=GSSAPI
sasl.kerberos.service.name=kafka
security.protocol=SASL_SSL

sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required \
   useKeyTab=true \
   storeKey=true \
   keyTab="/etc/security/keytabs/restProxy.keytab" \
   principal="rest@EKBANA.COM";


# Rest Proxy Client

client.bootstrap.servers=SASL_SSL://nn1.ekbana.com:9092,SASL_SSL://nn2.ekbana.com:9092,SASL_SSL://dn1.ekbana.com:9092

client.ssl.protocol=SSL
client.ssl.truststore.location=/etc/security/ssl/restProxy.client.truststore.jks
client.ssl.truststore.password=Truststore-password
client.ssl.keystore.location=/etc/security/ssl/restProxy.client.keystore.jks
client.ssl.keystore.password=Keystore-password
client.ssl.key.password=Key-password

client.security.protocol=SASL_SSL
client.sasl.mechanism=GSSAPI
client.sasl.kerberos.service.name=kafka

client.sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required \
   useKeyTab=true \
   storeKey=true \
   keyTab="/etc/security/keytabs/restProxy.keytab" \
   principal="rest@EKBANA.COM";

Start Kafka Rest Proxy

/usr/share/kafka-confluent/bin/kafka-rest-start /usr/share/kafka-confluent/etc/kafka-rest/kafka-rest.properties

You May Also Enjoy

Introduction to Autoencoder

7 minute read

Autoencoder Difference between generative and discriminative modelling Generative modelling Generative modelling is a statistical modeling technique that ...

Semantic Segmentation using U-Net

3 minute read

U-Net U-Net is a U-shaped encoder-decoder network architecture, which consists of four encoder blocks and four decoder blocks that are connected via bridge...

Ramer–Douglas–Peucker algorithm

2 minute read

The Problem When we were working on a satellite image of one of the local area of Nepal, we had to simplify the obtained mask to feed into the GIS system. I...

Replication & Consistency in Cassandra

9 minute read

Before we start with the consistency, replication and read-write operation in Cassandra, let’s first familiarize ourselves with what Cassandra is and its arc...