我有一个用Golang写的Confluence Kafka消费者。我正在尝试将它部署在PKS集群中。
Kafka的结构是这样的
kafka.bootstrap.servers=server.myserver.com
kafka.security.protocol=SASL_SSL
kafka.sasl.mechanisms=GSSAPI
kafka.group.id=kafka-go-getting-started
kafka.auto.offset.reset=latest
kafka.topic=topic.consumer-topic
acks=all
我需要配置我的Dockerfile的GSSAPI机制与SASL_SSL协议。我已经设法解决了GSSAPI的事情,但是,目前它显示,
**Failed to create consumer: Unsupported value "SASL_SSL" for configuration property "security.protocol": OpenSSL not available at build time**
下面是我的Dockerfile的外观:
FROM golang:1.19-alpine3.16 as c-bindings
RUN apk update && apk upgrade && apk add pkgconf git bash build-base sudo
RUN git clone https://github.com/edenhill/librdkafka.git
RUN cd librdkafka && ./configure && make && sudo make install
FROM c-bindings as app-builder
WORKDIR /go/app
COPY . .
RUN go mod download
RUN go mod verify
RUN go build -race -tags musl --ldflags "-extldflags -static -s -w" -o main ./main.go
FROM scratch AS app-runner
WORKDIR /go/app/
COPY --from=app-builder /go/app/main ./main
CMD ["/go/app/main"]`
在Dockerfile中尝试了一些方法来使OpenSSL可用,但是事情仍然是一样的。不确定GSSAPI机制和SASL_SSL协议是否可以通过一个共同的解决方案解决。
[Nov 2022年05月]最近一次尝试:
停靠文件,
FROM golang:1.19-alpine as c-bindings
RUN apk update && apk upgrade && apk add pkgconf git bash build-base sudo
FROM c-bindings as app-builder
WORKDIR /go/app
COPY . .
RUN go mod download
RUN go mod verify
RUN apk add zstd-dev
RUN apk add krb5
RUN apk add cyrus-sasl-gssapiv2
RUN apk add cyrus-sasl-dev
RUN apk add openssl-dev
RUN git clone https://github.com/edenhill/librdkafka.git
RUN cd librdkafka && ./configure --install-deps && make && sudo make install
COPY krb5.conf /etc/krb5.conf
COPY jaas.conf /etc/jaas.conf
RUN go build -race -tags dynamic -o main ./main.go
CMD ["/go/app/main"]
Kafka配置-
kafka.bootstrap.servers=server.myserver.com
kafka.security.protocol=SASL_SSL
kafka.sasl.mechanism=GSSAPI
kafka.group.id=kafka-go-getting-started
kafka.auto.offset.reset=latest
kafka.topic=topic.consumer-topic
kafka.ssl.ca.location=/etc/ssl/certs/my-cert.pem
kafka.sasl.kerberos.service.name=kafka
kafka.sasl.kerberos.keytab=/etc/security/keytab/consumer.keytab
kafka.sasl.kerberos.principal=principal@myprincipal.COM
acks=all
现在,从技术上讲,容器正在运行。但是,它无法运行Kafka消费者应用程序,并出现以下错误-
GSSAPI错误:令牌的MIC无效(未知机械代码0表示未知机械)
1条答案
按热度按时间eqqqjvef1#
这是因为您缺少SSL或SASL相关性,您需要确保
libssl-dev
,尽管它也可能需要那些libsasl2-dev
、libsasl2-modules
,但libssl-dev
应该足够了将以下内容添加到
DOCKERFILE
应该有助于解决此问题这里是official libssl和alpine pkg