I'm trying to apply mTLS security on Kafka rest proxy and no luck. The model that I'm looking for is as below.
Browser --https://host:443/--> Kafka Rest proxy --kerberos--> Kafka Brokers
Rest-proxy to Kafka brokers is working fine, but client to rest proxy is working only with http://host:port/
My Kafka-rest.properties is as below.
id=kafka-rest-test-server
ssl.keystore.location=/Users/xxxx/kafka/keystore.jks
ssl.keystore.password=dummy
ssl.key.password=dummy
ssl.keystore.type=JKS
#ssl.endpoint.identification.algorithm=https
ssl.client.authentication=REQUIRED
ssl.truststore.location=/Users/xxxx/kafka/truststore.jks
ssl.truststore.password=dummy
schema.registry.url=http://localhost:8081
zookeeper.connect=localhost:2181
bootstrap.servers=host1:9093,host2:9093
client.ssl.truststore.location=/Users/xxxx/kafka/truststore.jks
client.ssl.truststore.password=dummy
client.security.protocol=SASL_SSL
client.sasl.kerberos.service.name=kafka
client.sasl.jaas.config=<jaas config string>
Can someone please point what am I missing here?
After lot of googling learnt that, PORT is deprecated when rest-proxy is deployed in k8s, so I need to define listeners="https://0.0.0.0:port". Once I added mTLS is working.