Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-10478

advertised.listeners should allow duplicated ports

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.7.0
    • Component/s: core
    • Labels:
      None

      Description

      The same validations performed for listeners endpoints are also applied to advertised.listeners.

      It makes sense that neither parameter should allow duplicated listener names. The port number restriction is different though.

      It makes sense that we only allow one listener per port, since two listeners cannot bind to the same port at the same time (considering a single network interface).

      For advertised listeners, though this doesn't apply since Kafka doesn't actually bind to the advertised listener ports. A practical application of relaxing this restriction for advertised.listeners is the following:

      When configuring Kafka using Kerberos authentication and a Load Balancer we need to have two SASL_SSL listeners: (A) one running with the kafka/hostname principal and (B) another using kafka/lb_name, which is necessary for proper authentication when using the LB FQDN. After bootstrap, though, the client receives the brokers' addresses with the actual host FQDNs advertised by the brokers. To connect to the brokerd using the hostnames the client must connect to the listener A to be able to authenticate successfully with Kerberos.

        Attachments

          Activity

            People

            • Assignee:
              asdaraujo Andre Araujo
              Reporter:
              asdaraujo Andre Araujo

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment