[jira] [Resolved] (KAFKA-10478) advertised.listeners should allow duplicated ports

Fri, 02 Oct 2020 02:00:18 -0700 


     [ 
https://issues.apache.org/jira/browse/KAFKA-10478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mickael Maison resolved KAFKA-10478.
------------------------------------
    Fix Version/s: 2.7.0
       Resolution: Fixed

> advertised.listeners should allow duplicated ports
> --------------------------------------------------
>
>                 Key: KAFKA-10478
>                 URL: https://issues.apache.org/jira/browse/KAFKA-10478
>             Project: Kafka
>          Issue Type: Improvement
>          Components: core
>            Reporter: Andre Araujo
>            Assignee: Andre Araujo
>            Priority: Major
>             Fix For: 2.7.0
>
>
> The same 
> [validations|https://github.com/apache/kafka/blob/391ad90112fb2e9a85bf76250d57863bbf33b383/core/src/main/scala/kafka/utils/CoreUtils.scala#L259-L260]
>  performed for {{listeners}} endpoints are also applied to 
> [{{advertised.listeners}}|https://github.com/apache/kafka/blob/e8b2dcdee6f25e9344d52b84e86328ec616bf819/core/src/main/scala/kafka/server/KafkaConfig.scala#L1689-L1691].
> It makes sense that neither parameter should allow duplicated listener names. 
> The port number restriction is different though.
> It makes sense that we only allow one listener per port, since two listeners 
> cannot bind to the same port at the same time (considering a single network 
> interface).
> For advertised listeners, though this doesn't apply since Kafka doesn't 
> actually bind to the advertised listener ports. A practical application of 
> relaxing this restriction for {{advertised.listeners}} is the following:
> When configuring Kafka using Kerberos authentication and a Load Balancer we 
> need to have two SASL_SSL listeners: (A) one running with the 
> {{kafka/hostname}} principal and (B) another using {{kafka/lb_name}}, which 
> is necessary for proper authentication when using the LB FQDN. After 
> bootstrap, though, the client receives the brokers' addresses with the actual 
> host FQDNs advertised by the brokers. To connect to the brokerd using the 
> hostnames the client must connect to the listener A to be able to 
> authenticate successfully with Kerberos.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to