Connecting to Secure Kafka
Kafka does not support delegation tokens. You must configure the Kafka source/sink processor with the principal and keytab used to authenticate the stream applications with Kafka. Use these steps to configure SAM to communication with a secure Kafka service.
- Double click on the Kafka source/sink component on the canvas.
- Select the Security tab.
- Configure the Kerberos client principal, Kerberos keytab file, and
the Kafka service name. The client principal and keytab selected must exist on all the
worker nodes in the cluster. Using the storm-<cluster-name> principal is recommended because Ambari creates
that keytab on each worker node when running the Ambari Kerberos Wizard . Set the Kafka
service name to “kafka”.