我在使用 istio 设置外部 kafka 时遇到了问题。普通 tcp (SASL_PLAINTEXT) 工作正常。看我的配置:
k 编辑 gw istio-configuration-gw
- hosts:
- '*'
port:
name: kafka-0
number: 9094
protocol: TLS
tls:
credentialName: tls-cert
mode: SIMPLE # I try also PASSTHROUGH
虚拟服务
tls: # I try also tcp
- match:
- port: 9094
sniHosts:
- '*'
route:
- destination:
host: kafka-0-external.default.svc.cluster.local
port:
number: 9094
istio-入口网关
- name: tls-kafka-0 # I tried also tcp-
nodePort: 32317
port: 9094
protocol: TCP
targetPort: 9094
目前我收到错误消息
EOF during handshake, handshake status is NEED_UNWRAP
Unexpected status returned by SSLEngine.wrap, expected CLOSED, received OK. Will not send close message to peer.
客户端设置
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username=admin password=admin;
bootstrap.servers=host:9094
security.protocol=SASL_SSL
sasl.mechanism=SCRAM-SHA-512