You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Status

Current state : discussion

Discussion thread : https://lists.apache.org/thread.html/c29f6744b3e87b8e691de8cf5feb31f33dd8c2a5e07b77f957255a4e@%3Cdev.kafka.apache.org%3E

JIRA :  Unable to render Jira issues macro, execution error.

Motivation

When specifying a dns alias in bootstrap.server, the Java client API doesn't resolve all the CNAMES behind it.

This breaks kerberos based SASL authentication and therefore clients are unable to connect to a secured cluster when using an alias.
The details are specified in the JIRA, but it boils down to the kafka server principal not matching the hostname referenced by the client, as the SaslAuthenticator will compare the alias' FQDN with the kafka broker hostname.

Public Interfaces

org.apache.kafka.clients

Proposed Changes

Change parseAndValidateAddresses() in ClientUtils to enable full dns resolution which will result in adding all underlying hosts as kafka nodes. This will allow using an alias in bootstrap.servers
Code snippets in the JIRA

Rejected alternatives

Other option considered :
Adding a new cluster.alias parameter allowing DNS alias resolution, and keep bootstrap.servers behaviour intact.
But a proliferation of parameters addressing roughly the same thing with a slight difference in behavior might confuse users.

  • No labels