kafka-proxy
Description
The kafka-proxy
plugin can be used to configure advanced parameters for the kafka upstream of Apache APISIX, such as SASL authentication.
Attributes
Name | Type | Required | Default | Valid values | Description |
---|---|---|---|---|---|
sasl | object | optional | {“username”: “user”, “password” :”pwd”} | SASL/PLAIN authentication configuration, when this configuration exists, turn on SASL authentication; this object will contain two parameters username and password, they must be configured. | |
sasl.username | string | required | SASL/PLAIN authentication username | ||
sasl.password | string | required | SASL/PLAIN authentication password |
NOTE: encrypt_fields = {"sasl.password"}
is also defined in the schema, which means that the field will be stored encrypted in etcd. See encrypted storage fields.
note
If SASL authentication is enabled, the sasl.username
and sasl.password
must be set. The current SASL authentication only supports PLAIN mode, which is the username password login method.
Example usage
When we use scheme as the upstream of kafka, we can add kafka authentication configuration to it through this plugin.
curl -X PUT 'http://127.0.0.1:9180/apisix/admin/routes/r1' \
-H 'X-API-KEY: <api-key>' \
-H 'Content-Type: application/json' \
-d '{
"uri": "/kafka",
"plugins": {
"kafka-proxy": {
"sasl": {
"username": "user",
"password": "pwd"
}
}
},
"upstream": {
"nodes": {
"kafka-server1:9092": 1,
"kafka-server2:9092": 1,
"kafka-server3:9092": 1
},
"type": "none",
"scheme": "kafka"
}
}'
Now, we can test it by connecting to the /kafka
endpoint via websocket.
Disable Plugin
To disable the kafka-proxy
Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.