[bitnami/kafka] Added description on how to set ssl.client.auth=required in Kafka configuration (#12650)

* Update README.md Added description on how to set `ssl.client.auth=required` in Kafka configuration. This is necessary for those that might need to use Kafka ACLs. This change is related with https://github.com/bitnami/charts/issues/12577 Signed-off-by: arasic <rasic.alis@gmail.com> * Update README.md Signed-off-by: Carlos Rodríguez Hernández <carlosrh@vmware.com> Signed-off-by: arasic <rasic.alis@gmail.com> Signed-off-by: Carlos Rodríguez Hernández <carlosrh@vmware.com> Co-authored-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>
2026-03-08 08:47:24 +08:00 · 2022-10-20 02:39:13 -04:00
parent 5ea074f9f0
commit 3620d8cae8
1 changed files with 6 additions and 0 deletions
--- a/bitnami/kafka/README.md
+++ b/bitnami/kafka/README.md
@@ -614,6 +614,12 @@ allowEveryoneIfNoAclFound=false
 superUsers=User:admin
 ```

+If you are using Kafka ACLs, you might encounter in kafka-authorizer.log the following event: `[...] Principal = User:ANONYMOUS is Allowed Operation [...]`. 
+
+By setting the following parameter: `auth.clientProtocol=mtls`, it will set the configuration in Kafka to `ssl.client.auth=required`. This option will require the clients to authenticate to Kafka brokers.
+
+As result, we will be able to see in kafka-authorizer.log the events specific Subject: `[...] Principal = User:CN=kafka,OU=...,O=...,L=...,C=..,ST=... is [...]`.
+
 If you also enable exposing metrics using the Kafka exporter, and you are using `sasl_tls`, `tls`, or `mtls` authentication protocols, you need to mount the CA certificated used to sign the brokers certificates in the exporter so it can validate the Kafka brokers. To do so, create a secret containing the CA, and set the `metrics.certificatesSecret` parameter. As an alternative, you can skip TLS validation using extra flags:

 ```console