SASL Authentication Failed - Metadata Access Issue

[0giv]

Name and Version

bitnami/kafka

What architecture are you using?

None

What steps will reproduce the bug?

We are encountering a failed auth error when trying to access metadata in Kafka. This issue occurs in the interaction between Kafka and the MQTT, JS Executor, HTTP, and CoAP transport services. Despite properly configuring the server.properties file inside the container and setting up the TB configuration, authentication fails.

Affected Components

• Kafka
• MQTT Transport
• JS Executor
• HTTP Transport
• CoAP Transport

1. The server.properties configuration inside the container is as follows:

     # Listeners configuration
      listeners=CLIENT://:9092,INTERNAL://:9094
      listener.security.protocol.map=INTERNAL:SASL_PLAINTEXT, CLIENT:SASL_PLAINTEXT
      advertised.listeners=CLIENT://tb-kafka.thingsboard.svc.cluster.local:9092, INTERNAL://tb-kafka-broker-headless.thingsboard.svc.cluster.local:9094
      # Zookeeper configuration
      zookeeper.connect=tb-kafka-zookeeper:2181
      #broker.id=
      # Kafka data logs directory
      log.dir=/bitnami/kafka/data
      # Kafka application logs directory
      logs.dir=/opt/bitnami/kafka/logs
      
      # Common Kafka Configuration
      
      sasl.enabled.mechanisms=PLAIN
      # Interbroker configuration
      inter.broker.listener.name=INTERNAL
      sasl.mechanism.inter.broker.protocol=PLAIN
      # Listeners SASL JAAS configuration
      listener.name.client.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required user_user1="password-placeholder-0";
      listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="inter_broker_user" password="interbroker-password-placeholder" user_inter_broker_user="interbroker-password-placeholder" user_user1="password-placeholder-0";
      # End of SASL JAAS configuration
      
      # Custom Kafka Configuration

2. The TB configuration is as follows:

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: tb-kafka-config
      namespace: thingsboard
      labels:
        name: tb-kafka-config
    data:
      TB_QUEUE_TYPE: kafka
      TB_KAFKA_SERVERS: tb-kafka-broker-headless.thingsboard.svc.cluster.local:9094
      TB_QUEUE_KAFKA_CONFLUENT_SASL_JAAS_CONFIG: org.apache.kafka.common.security.plain.PlainLoginModule required username="inter_broker_user" password="usdS1c85Ui";
      TB_QUEUE_KAFKA_CONFLUENT_SASL_MECHANISM: PLAIN
      TB_QUEUE_KAFKA_CONFLUENT_SECURITY_PROTOCOL: SASL_PLAINTEXT

What is the expected behavior?

Metadata access should be successful, and SASL authentication should work correctly.

What do you see instead?

Failed authentication with /10.100.x.x

[carrodher]

Hi, the issue may not be directly related to the Bitnami container image/Helm chart, but rather to how the application is being utilized, configured in your specific environment, or tied to a particular scenario that is not easy to reproduce on our side.

If you think that's not the case and would like to contribute a solution, we'd like to invite you to create a pull request. The Bitnami team is excited to review your submission and offer feedback. You can find the contributing guidelines here.

Your contribution will greatly benefit the community. Please don't hesitate to contact us if you have any questions or need help.

Suppose you have questions about the application, customizing its content, or using technology and infrastructure. In that case, we strongly recommend that you consult the forums and user guides provided by the project responsible for the application or technology.

With that said, we'll keep this ticket open until the stale bot automatically closes it, in case someone from the community contributes valuable insights.