You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@flink.apache.org by "alex.decastro" <al...@lab49.com> on 2017/02/08 15:40:58 UTC
#kafka/#ssl: how to enable ssl authentication for a new kafka
consumer?
Dear flinkers,
I'm consuming from a kafka broker in a server that has ssl authentication
enabled? How do I config my consumer to compy with it?
Many thanks
Alex
--
View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/kafka-ssl-how-to-enable-ssl-authentication-for-a-new-kafka-consumer-tp11532.html
Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.
Re: #kafka/#ssl: how to enable ssl authentication for a new kafka
consumer?
Posted by "Tzu-Li (Gordon) Tai" <tz...@apache.org>.
Hi Alex,
Kafka authentication and data transfer encryption using SSL can be simply
done be configuring brokers and the connecting client.
You can take a look at this:
https://kafka.apache.org/documentation/#security_ssl.
The Kafka client that the Flink connector uses can be configured through the
`Properties` configuration provided when instantiating `FlinkKafkaConsumer`.
You just need to set values for these config properties:
https://kafka.apache.org/documentation/#security_configclients.
Note that SSL truststore / keystore locations must exist on all of your
Flink TMs for this to work.
Hope this helps!
- Gordon
--
View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/kafka-ssl-how-to-enable-ssl-authentication-for-a-new-kafka-consumer-tp11532p11610.html
Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.
Re: #kafka/#ssl: how to enable ssl authentication for a new kafka
consumer?
Posted by "alex.decastro" <al...@lab49.com>.
Cool, thanks. Just checked it.
One last question:
if the server hosting my Kafka broker has only SSL enabled, but not SASL
(Kerberos) how to go about enabling connection authentication between client
consumer and broker?
Same for data transfer?
--
View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/kafka-ssl-how-to-enable-ssl-authentication-for-a-new-kafka-consumer-tp11532p11547.html
Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.
Re: #kafka/#ssl: how to enable ssl authentication for a new kafka consumer?
Posted by Robert Metzger <rm...@apache.org>.
I've added another answer on SO that explains how you can pass a custom
configuration object to the execution environment.
On Thu, Feb 9, 2017 at 11:09 AM, alex.decastro <al...@lab49.com>
wrote:
> I found a similar question and answer at #stackoverflow
> http://stackoverflow.com/questions/37743194/local-flink-config-running-
> standalone-from-ide
>
> Verify?
>
>
>
> --
> View this message in context: http://apache-flink-user-
> mailing-list-archive.2336050.n4.nabble.com/kafka-ssl-how-
> to-enable-ssl-authentication-for-a-new-kafka-consumer-tp11532p11539.html
> Sent from the Apache Flink User Mailing List archive. mailing list archive
> at Nabble.com.
>
Re: #kafka/#ssl: how to enable ssl authentication for a new kafka
consumer?
Posted by "alex.decastro" <al...@lab49.com>.
I found a similar question and answer at #stackoverflow
http://stackoverflow.com/questions/37743194/local-flink-config-running-standalone-from-ide
Verify?
--
View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/kafka-ssl-how-to-enable-ssl-authentication-for-a-new-kafka-consumer-tp11532p11539.html
Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.
Re: #kafka/#ssl: how to enable ssl authentication for a new kafka
consumer?
Posted by "alex.decastro" <al...@lab49.com>.
Thanks Robert.
As a beginner Flinker, hot to tell my Flink app (in Intellij say) where the
flink-conf.yaml is.
Alex
--
View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/kafka-ssl-how-to-enable-ssl-authentication-for-a-new-kafka-consumer-tp11532p11538.html
Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.
Re: #kafka/#ssl: how to enable ssl authentication for a new kafka consumer?
Posted by Robert Metzger <rm...@apache.org>.
Check out the documentation:
https://ci.apache.org/projects/flink/flink-docs-release-1.2/dev/connectors/kafka.html#enabling-kerberos-authentication-for-versions-09-and-above-only
On Wed, Feb 8, 2017 at 4:40 PM, alex.decastro <al...@lab49.com>
wrote:
> Dear flinkers,
> I'm consuming from a kafka broker in a server that has ssl authentication
> enabled? How do I config my consumer to compy with it?
>
> Many thanks
> Alex
>
>
>
> --
> View this message in context: http://apache-flink-user-
> mailing-list-archive.2336050.n4.nabble.com/kafka-ssl-how-
> to-enable-ssl-authentication-for-a-new-kafka-consumer-tp11532.html
> Sent from the Apache Flink User Mailing List archive. mailing list archive
> at Nabble.com.
>