Kafka Strimzi SASL_SSL with SCRAM-SHA-512.authMech


Question 

How can I configure Lenses and Kafka Strimzi with auth Mechanism SCRAM-SHA-512

Answer 

First export the certificate and

kubectl get secret kafka-cluster-name-cluster-ca-cert -o jsonpath='{.data.ca\.crt}' | base64 --decode > ca.crt
kubectl get secret kafka-cluster-name-cluster-ca-cert -o jsonpath='{.data.ca\.password}' | base64 --decode > ca.password

Import the certificate to a jks keystore

keytool -importcert -alias strimzi-kafka-cert -file ca.crt -keystore truststore.jks -keypass myPassword

Create your kafka_jaas.conf file:

KafkaClient {
    org.apache.kafka.common.security.scram.ScramLoginModule required
    username="<Your KafkaUser Username >"
    password="<Your KafkaUser Password>"
    serviceName=kafka;
};

Next, add the following options to your docker-compose.yml

version: "3"
services:
  lenses:
    image: lensesio/lenses
    container_name: lenses
    ports:
      - 9991:9991
    volumes: 
      - ./license.json:/data/license.json
      - ./truststore.jks:/truststore.jks # The truststore your created above
      - ./kafka_jaas.conf:/kafka_jaas.conf # The kafka_jaas.conf you created above
    network_mode: host
    environment:
      LENSES_OPTS: "-Djava.security.auth.login.config=/kafka_jaas.conf"
      LENSES_SECURITY_USER: admin
      LENSES_SECURITY_PASSWORD: admin
      LENSES_PORT: 9991
      LENSES_KAFKA_BROKERS: "SASL_SSL://10.96.181.91:9094"
      LENSES_KAFKA_SETTINGS_CLIENT_SECURITY_PROTOCOL: SASL_SSL
      LENSES_KAFKA_SETTINGS_CLIENT_SASL_MECHANISM: SCRAM-SHA-512
      LENSES_KAFKA_SETTINGS_CLIENT_SSL_TRUSTSTORE_LOCATION: /truststore.jks
      LENSES_KAFKA_SETTINGS_CLIENT_SSL_TRUSTSTORE_PASSWORD: "changeit" # Password you entered during the truststore's creation.
                                                                        # Default is "changeit" if you used the systems truststore to import the certificate

Finally, start lenses

docker-compose up -d && docker logs -f lenses

Expected output:

2020-10-26 15:12:55,590 INFO  [c.l.k.l.r.StoreResources$:54] [ioapp-compute-0] Setting the local storage to [/data/storage]
2020-10-26 15:12:57,602 INFO  [c.z.h.HikariDataSource:110] [ioapp-compute-0] HikariPool-1 - Starting...
2020-10-26 15:12:57,928 INFO  [c.z.h.HikariDataSource:123] [ioapp-compute-0] HikariPool-1 - Start completed.
...               

2020-10-26 15:13:06,733 INFO  [c.l.k.l.MainUtils$:26] [ioapp-compute-11] 
Starting ...
  _
| |
| |     ___ _ __  ___  ___  ___
| |    / _ \ '_ \/ __|/ _ \/ __|
| |___|  __/ | | \__ \  __/\__ \
|______\___|_| |_|___/\___||___/
By Lenses.io
...
2020-10-26 15:13:13,629 INFO  [c.l.k.l.r.HttpServer:46] [ioapp-compute-12] Lenses http server started and listening to requests.
2020-10-26 15:13:39,964 INFO  [k.u.Log4jControllerRegistration$:31] [pool-11-thread-5] Registered kafka:type=kafka.Log4jController MBean
--
Last modified: June 18, 2024