Description
The same validations performed for listeners endpoints are also applied to advertised.listeners.
It makes sense that neither parameter should allow duplicated listener names. The port number restriction is different though.
It makes sense that we only allow one listener per port, since two listeners cannot bind to the same port at the same time (considering a single network interface).
For advertised listeners, though this doesn't apply since Kafka doesn't actually bind to the advertised listener ports. A practical application of relaxing this restriction for advertised.listeners is the following:
When configuring Kafka using Kerberos authentication and a Load Balancer we need to have two SASL_SSL listeners: (A) one running with the kafka/hostname principal and (B) another using kafka/lb_name, which is necessary for proper authentication when using the LB FQDN. After bootstrap, though, the client receives the brokers' addresses with the actual host FQDNs advertised by the brokers. To connect to the brokerd using the hostnames the client must connect to the listener A to be able to authenticate successfully with Kerberos.
Attachments
Issue Links
- links to