THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Status
Current state : discussion
Discussion thread : https://lists.apache.org/thread.html/c29f6744b3e87b8e691de8cf5feb31f33dd8c2a5e07b77f957255a4e@%3Cdev.kafka.apache.org%3E
JIRA :
Motivation
When specifying a dns alias in bootstrap.server, the Java client API doesn't resolve all the CNAMES behind it.
This breaks kerberos based SASL authentication and therefore clients are unable to connect to a secured cluster when using an alias.
The details are specified in the JIRA, but it boils down to the kafka server principal not matching the hostname referenced by the client, as the SaslAuthenticator will compare the alias' FQDN with the kafka broker hostname.
Public Interfaces
org.apache.kafka.clients
Proposed Changes
Change parseAndValidateAddresses() in ClientUtils to enable full dns resolution which will result in adding all underlying hosts as kafka nodes. This will allow using an alias in bootstrap.servers
Code snippets in the JIRA
Rejected alternatives
Other option considered :
Adding a new cluster.alias parameter allowing DNS alias resolution, and keep bootstrap.servers behaviour intact.
But a proliferation of parameters addressing roughly the same thing with a slight difference in behavior might confuse users.