Configuring PLAIN authentication
Learn how to configure PLAIN (basic) authentication by applying a custom authentication configuration for Kafka on an exposed listener.
To set up PLAIN, create a secret that contains the
jaas.conf
with the
username-password
configuration.echo -n 'org.apache.kafka.common.security.plain.PlainLoginModule required user_kafka="password";' > kafka-jaas.conf
kubectl create secret -n kafka generic my-kafka-secret-name --from-file=kafka-jaas.conf
Next, a Role and a RoleBinding is needed to be able to
use the
kafka-jaas.conf
secret:apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: kafka-configuration-role
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["my-kafka-secret-name"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kafka-configuration-role-binding
subjects:
- kind: ServiceAccount
name: my-cluster-kafka
namespace: kafka
roleRef:
kind: Role
name: kafka-configuration-role
apiGroup: rbac.authorization.k8s.io
Finally, the Kafka listener can be configured. By setting the
spec.kafka.listeners[n].authentication.sasl
to true
, the
Strimzi Cluster Operator will configure SASL protocol for the listener.