-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kafka: How to specify keystore + truststore files for authentication? #24602
Comments
Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
Update: After extensive research and trial and error, I was finally able to come up with a workaround: Essentially, instead of directly supplying the keystore to OTel's Kafka exporter, we extract the individual key and certificates from the keystore and directly supply those instead. See below for detailed steps:
|
Since this appears to be more of a missing feature than a bug (and I've discovered a workaround), I will close this bug report and open a feature request instead. |
Component(s)
exporter/kafka
What happened?
Description
We are attempting to use the OTEL agent's Kafka exporter to send data to our internal Kafka clusters. Our Kafka clusters require all Kafka clients (in this case, the OTEL agent) to authenticate to the cluster by specifying a keystore and truststore file. However, looking at the OTEL Kafka exporter auth settings (see below), there doesn't appear to be an obvious way to do so. In fact, the only cert-related settings come with a confusing instruction that they should only be used if TLS cert verification is disabled.
So, our question is: Does anyone know how to use the existing OTEL Kafka exporter auth settings to specify a keystore and truststore file, so we can authenticate to our internal Kafka clusters?
Or, alternatively, does anyone know for certain that this is not possible with OTEL as of now?
Note: This issue is focused on the Kafka exporter, but we have the exact same issue with the Kafka receiver as well.
Steps to Reproduce
For context, this is how we would authenticate to our internal Kafka clusters using the built-in Kafka console producer:
Eg. For the built-in Kafka console producer, we created a file named producer.properties with the following contents:
Essentially, we want to follow this same authentication procedure but, instead of using the built-in Kafka console producer to send data to Kafka, we want to use the OTEL agent (specifically, its Kafka exporter).
Expected Result
OTEL agent's Kafka exporter would expose auth settings that allow you to easily specify keystore and truststore files and passwords, similar to the producer.properties file that the built-in Kafka console producer uses.
Actual Result
OTEL agent's Kafka exporter does not appear to let you specify keystore and truststore fields and passwords, preventing you from authenticating via that mechanism.
Collector version
N/A
Environment information
Environment
N/A
OpenTelemetry Collector configuration
No response
Log output
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: