Kafka authentication
Ansible Playbooks for Confluent Platform supports the following authentication modes for Kafka:
- SASL PLAIN: Uses a simple username and password for authentication.
- SASL SCRAM: Uses usernames and password stored in ZooKeeper. Credentials get created during installation.
- SASL GSSAPI (Kerberos): Uses your Kerberos or Active Directory server for authentication.
- mTLS: Ensures that traffic is secure and trusted in both directions between Kafka and clients.
By default, Kafka is installed with no authentication.
ZooKeeper authentication
Ansible Playbooks for Confluent Platform supports the following authentication modes for ZooKeeper:
- SASL with DIGEST-MD5: Uses hashed values of the user’s password for authentication.
- SASL GSSAPI (Kerberos): Uses your Kerberos or Active Directory server for authentication.
- mTLS: Ensures that traffic is secure and trusted in both directions between Kafka and clients.
By default, ZooKeeper is installed with no authentication.
Components authentication
Ansible Playbooks for Confluent Platform supports mTLS authentication for all other Confluent Platform components.
By default, Confluent Platform components are installed with no authentication.
To enable mTLS for all components, set the following parameters in hosts.yml
file:
all:
vars:
ssl_enabled: true
ssl_mutual_auth_enabled: true