[jira] [Created] (KAFKA-10478) advertised.listeners should allow duplicated ports

["Andre Araujo (Jira)" <ji...@apache.org>]

Andre Araujo created KAFKA-10478:
------------------------------------

             Summary: advertised.listeners should allow duplicated ports
                 Key: KAFKA-10478
                 URL: https://issues.apache.org/jira/browse/KAFKA-10478
             Project: Kafka
          Issue Type: Improvement
          Components: core
            Reporter: Andre Araujo


The same [validations|https://github.com/apache/kafka/blob/391ad90112fb2e9a85bf76250d57863bbf33b383/core/src/main/scala/kafka/utils/CoreUtils.scala#L259-L260] performed for {{listeners}} endpoints are also applied to [{{advertised.listeners}}|https://github.com/apache/kafka/blob/e8b2dcdee6f25e9344d52b84e86328ec616bf819/core/src/main/scala/kafka/server/KafkaConfig.scala#L1689-L1691].

It makes sense that neither parameter should allow duplicated listener names. The port number restriction is different though.

It makes sense that we only allow one listener per port, since two listeners cannot bind to the same port at the same time (considering a single network interface).

For advertised listeners, though this doesn't apply since Kafka doesn't actually bind to the advertised listener ports. A practical application of relaxing this restriction for {{advertised.listeners}} is the following:

When configuring Kafka using Kerberos authentication and a Load Balancer we need to have two SASL_SSL listeners: (A) one running with the {{kafka/hostname}} principal and (B) another using {{kafka/lb_name}}, which is necessary for proper authentication when using the LB FQDN. After bootstrap, though, the client receives the brokers' addresses with the actual host FQDNs advertised by the brokers. To connect to the brokerd using the hostnames the client must connect to the listener A to be able to authenticate successfully with Kerberos.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)