10 Protecting Kafka

 

This chapters covers

  • Security basics and related terminology
  • SSL between a cluster and clients
  • Access control lists (ACLs)
  • Network bandwidth and request rate quotas to limit demands on resources

This chapter focuses on keeping our data secured so that only those that need to read from or write to it have access. Because security is a huge area to cover, in this chapter, we will talk about some basic concepts to get a general background on the options we have in Kafka. Our goal in this chapter is not to set up security, but to learn some different options that you can talk with your security team on researching in the future and get familiar with the concepts. This will not be a complete guide to security in general, but sets the foundation for you. We will discuss practical actions you can take in your own setup, and we will look at the client impact, as well as brokers and ZooKeeper, to make our cluster more secure.

10.1 Security basics

 
 
 
 

10.1.1 Encryption with SSL

 
 
 

10.1.2 SSL between brokers and clients

 
 

10.1.3 SSL between brokers

 
 
 

10.2 Kerberos and the Simple Authentication and Security Layer (SASL)

 
 
 
 

10.3 Authorization in Kafka

 
 
 

10.3.1 Access control lists (ACLs)

 
 
 

10.3.2 Role-based access control (RBAC)

 
 
 
 

10.4 ZooKeeper

 
 

10.4.1 Kerberos setup

 
 
 
 

10.5 Quotas

 
 

10.5.1 Network bandwidth quota

 
 
 
 

10.5.2 Request rate quotas

 
 
 

10.6 Data at rest

 

10.6.1 Managed options

 
 
 

Summary

 
 
 

References

 
 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest