Deploying SAM Applications in a Secure Cluster
Also available as:

Connecting to Secure Kafka

Kafka does not support delegation tokens. You must configure the Kafka source/sink processor with the principal and keytab used to authenticate the stream applications with Kafka. Use these steps to configure SAM to communication with a secure Kafka service.

  1. Double click on the Kafka source/sink component on the canvas.
  2. Select the Security tab.
  3. Configure the Kerberos client principal, Kerberos keytab file, and the Kafka service name. The client principal and keytab selected must exist on all the worker nodes in the cluster. Using the storm-<cluster-name> principal is recommended because Ambari creates that keytab on each worker node when running the Ambari Kerberos Wizard . Set the Kafka service name to “kafka”.