--- kind: Deployment apiVersion: apps/v1 metadata: namespace: dev-1 name: kafka labels: app: kafka spec: replicas: 1 selector: matchLabels: app: kafka template: metadata: labels: app: kafka spec: containers: - name: kafka image: wurstmeister/kafka volumeMounts: - name: kafka-auth mountPath: "/etc/kafka" readOnly: true ports: - containerPort: 9092 - containerPort: 9094 env: - name: KAFKA_ADVERTISED_PORT value: "9092" - name: KAFKA_ADVERTISED_HOST_NAME value: "kafka-service" - name: KAFKA_ZOOKEEPER_CONNECT value: zookeeper:2181 - name: KAFKA_BROKER_ID value: "0" - name: KAFKA_LISTENERS value: SASL_PLAINTEXT://:9094 - name: KAFKA_ADVERTISED_LISTENERS value: SASL_PLAINTEXT://kafka-cluster:9094 - name: KAFKA_INTER_BROKER_LISTENER_NAME value: SASL_PLAINTEXT - name: KAFKA_SASL_ENABLED_MECHANISMS value: PLAIN - name: KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL value: PLAIN - name: KAFKA_OPTS value: "-Djava.security.auth.login.config=/etc/kafka/kafka_server_jaas.conf" volumes: - name: kafka-auth configMap: name: kafka-auth --- apiVersion: v1 kind: Service metadata: name: kafka-cluster namespace: dev-1 labels: app: kafka spec: ports: - port: 9092 name: kafka-inside - port: 9094 name: kafka-outside selector: app: kafka --- apiVersion: v1 kind: ConfigMap metadata: name: kafka-auth namespace: dev-1 data: kafka_server_jaas.conf: | KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username="" --> specify username password="" --> specify password user_kafka_gear_user=""; --> specify password }; --- apiVersion: v1 kind: Secret metadata: namespace: dev-1 name: kafka-secrets type: Opaque data: username: --> specify username password: --> specify password