Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Consume from a Kafka Cluster through SSH Tunnel

We are trying to consume from a Kafka Cluster using the Java Client. The Cluster is a behind a Jump host and hence the only way to access is through a SSH Tunnel. But we are not able read because once the consumer fetches metadata it uses the original hosts to connect to brokers. Can this behaviour be overridden? Can we ask Kafka Client to not use the metadata?

like image 458
Sourabh Avatar asked Aug 24 '17 06:08

Sourabh


People also ask

What is command line client to consume messages from Kafka cluster?

The Kafka distribution provides a command utility to see messages from the command line. It displays the messages in various modes. Kafka provides the utility kafka-console-consumer.sh which is located at ~/kafka-training/kafka/bin/kafka-console-producer.sh to receive messages from a topic on the command line.

How do I access Kafka outside Kubernetes cluster?

You can expose the Kafka cluster outside the Kubernetes cluster by declaring one or more externalListeners in the KafkaCluster custom resource. Above, externalListeners creates two external access points through which the Kafka cluster's brokers can be reached. These external listeners are registered in the advertized.


2 Answers

Not as far as I know.

The trick I used when I needed to do something similar was:

  1. setup a virtual interface for each Kafka broker
  2. open a tunnel to each broker so that broker n is bound to virtual interface n
  3. configure your /etc/hosts file so that the advertised hostname of broker n is resolved to the ip of the virtual interface n.

Es.

Kafka brokers:

  • broker1 (advertised as broker1.mykafkacluster)
  • broker2 (advertised as broker2.mykafkacluster)

Virtual interfaces:

  • veth1 (192.168.1.1)
  • veth2 (192.168.1.2)

Tunnels:

  • broker1: ssh -L 192.168.1.1:9092:broker1.mykafkacluster:9092 jumphost
  • broker2: ssh -L 192.168.1.2:9092:broker1.mykafkacluster:9092 jumphost

/etc/hosts:

  • 192.168.1.1 broker1.mykafkacluster
  • 192.168.1.2 broker2.mykafkacluster

If you configure your system like this you should be able reach all the brokers in your Kafka cluster.

Note: if you configured your Kafka brokers to advertise an ip address instead of a hostname the procedure can still work but you need to configure the virtual interfaces with the same ip address that the broker advertises.

like image 199
nivox Avatar answered Sep 23 '22 09:09

nivox


You don't actually have to add virtual interfaces to acces the brokers via SSH tunnel if they advertise a hostname. It's enough to add a hosts entry in /etc/hosts of your client and bind the tunnel to the added name.

Assuming broker.kafkacluster is the advertised.hostname of your broker:

/etc/hosts:
127.0.2.1 broker.kafkacluster

Tunnel:
ssh -L broker.kafkacluster:9092:broker.kafkacluster:9092 <brokerhostip/name>

like image 33
fwendlandt Avatar answered Sep 23 '22 09:09

fwendlandt