Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enable kafka cluster across public net #14

Open
spwangxp opened this issue Oct 13, 2020 · 4 comments
Open

enable kafka cluster across public net #14

spwangxp opened this issue Oct 13, 2020 · 4 comments

Comments

@spwangxp
Copy link
Collaborator

spwangxp commented Oct 13, 2020
edited
Loading

允许 Kafka 多节点集群在公网被使用。
优点:业务对接更方便
缺点:1,添加 ssl 验证或导致性能损耗。2,所有的流量都经过 LB 和 vpc router,包括内网访问,访问速率将受到多方面限制。

配置文件示例。

#zookeeper.connect=139.198.189.37:10081/kafka1/t5  // wrong zk 无需被代理
#zookeeper.connect=172.23.5.12:2181/kfk/t5         #// right

# method 1 ---> deprecated
advertised.port=10011
advertised.host.name=139.198.189.37

# method 2
advertised.listeners=PLAINTEXT://139.198.189.37:10011
listeners=PLAINTEXT://172.23.5.11:9092
# all lb listener should use TCP rather http
# eg. 139.198.189.37:10011 --> 172.23.5.11:9092
内网访问流量流向:源主机 --> LB EIP ---> 目的主机

# method 3  associate_eip to kafka role
advertised.listeners=OUTSIDE://139.198.187.102:10011,INSIDE://172.23.5.11:9092  # notice the order, the first one will display in cmak
listeners=INSIDE://:9092,OUTSIDE://:10011
listener.security.protocol.map=INSIDE:PLAINTEXT,OUTSIDE:PLAINTEXT
inter.broker.listener.name=INSIDE # Name of listener used for communication between brokers
# The flow is mainly route by ports rather than ip, 
内网流量可以通过 9092 端口走内网IP,也可以通过 10011 端口走外网IP(需要改 dns)
@hlwanghl
Copy link
Contributor

associate_eip 可以绑公网 IP: https://docs.qingcloud.com/appcenter/docs/specifications/specifications.html#advanced_actions

这儿有篇文章看有没有帮助:https://www.confluent.io/blog/kafka-listeners-explained/

@hlwanghl
Copy link
Contributor

另外这个 issue 好像就是做这个的:#8

@spwangxp
Copy link
Collaborator Author

嗯嗯,有帮助,如果每个节点都绑 EIP 可能有点浪费,如果性能损耗严重的话那估计得考虑这个了。

关于内网访问这个我再看看,所有流量都走 EIP 不太好。

@spwangxp
Copy link
Collaborator Author

方案比较 #9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hlwanghl @spwangxp