This chapter covers:
- Setting up SSL between our cluster and our clients
- Looking at SASL with Kerberos
- Using quotas
- Configuring Access Control Lists (ACLs)
This chapter will focus on keeping our data locked down to only those that need to read or write to it. Since security is a huge area to cover, we will talk about some basic concepts to get a general background on the options we have in Kafka. This will not be an exhaustive guide of security in general, but with that foundation, we will try to discuss some of the practical actions you would take in your setup. We will have client impacts as well as brokers and ZooKeeper to make our cluster more secure.
Of course, your data might not need some of the protections we discuss. If you are not tracking anything of a secure nature, i.e. personal information or financial data, then you might not even need this protections. Knowing your data is key to deciding if you need the tradeoffs of managing access. For a quick example, if you are handling any thing related to personal information like date of birth or credit card numbers, you will mostly like want to look at most of the security options discussed in this chapter. However, if you are only handling generic information such as the number of web clicks on a series of marketing campaigns, your cluster might not need to introduce features like SSL that might slow down your throughput while at the same time increasing you CPU needs.