Fachartikel (englisch)Apache Kafka Cluster with KRaft & mTLS

2024-02-15T13:45:29+01:00Von Daniel Morlock

In earlier posts (1, 2), we've described the different use cases for Apache Kafka and the supported method for Kafka authentication based on the well known Ansible playbooks for the Confluent Platform. Since this deployment method is hardly flavored by Confluent and it deploys the Confluent Server instead of Apache Kafka by default, it is maybe a better choice, to deploy Apache Kafka from scratch.

Fachartikel (englisch)Keycloak High Availability mit Infinispan und MariaDB Galera

2024-02-01T16:45:54+01:00Von Adrian Vielsack

Keycloak is a versatile Opensource Identity Provider. Amongst all its features, there is the possibility of building a High-Availability Cluster. Keycloak itself has two different storages: one for persistent data, the database, mostly MariaDB or Postgres, and one for more frequently accessed data such as sessions and used action tokens (InfiniSpan).

Fachartikel (englisch)adeploy – An Universal Deployment Tool for Kubernetes

2023-08-22T10:24:20+01:00Von Daniel Morlock

We build an universal deployment tool for Kubernetes that supports rendering and deployment of lightweight Jinja templated k8s manifests as well as complex Helm charts. We've added support for easy secret management based on Gopass, running tests in CI/CD pipelines, extending upstream Helm Charts with custom Jinja-templates manifests as well as patching upstream Helm Charts before deploying.

Fachartikel (englisch)Kafka Security – First Steps

2023-10-05T07:10:13+01:00Von Daniel Morlock

Apache Kafka provides an unified, high-throughput, low-latency platform for handling real-time data feeds. Installing Apache Kafka, especially the right configuration of Kafka Security including authentication and encryption is kind of a challenge. This should give a brief summary about our experience and lessons learned when trying to install and configure Apache Kafka, the right way.

Fachartikel (englisch)Kafka Security – mTLS & ACL Authorization

2023-08-22T10:24:44+01:00Von Daniel Morlock

In my last post I wrote about first steps and lessions learned when setting up Apache Kafka with encryption, SASL SCRAM/Digest authentication and ACL authorization using Confluent Platform. This secures Kafka using SASL SCRAM between clients and Kafka Brokers and SASL MD5 digest between Kafka Brokers and ZooKeeper. This approach has some drawbacks i.e. the passwords must be stored on the clients and ZooKeeper is using MD5 hashes for passwords on the wire. So we try another approach by using Mutual TLS (mTLS) only, which seems a bit easier and which also seems to be suitable for a corporate environment.

Nach oben