As a developer of applications and services, you can review and modify settings for your Kafka instances. By modifying these settings, you can configure your Kafka instances to suit your particular environment.
Reviewing and editing Kafka instance settings in OpenShift Streams for Apache Kafka
Use the Red Hat OpenShift Streams for Apache Kafka web console to review and adjust settings for a Kafka instance.
As an alternative to using the OpenShift Streams for Apache Kafka web console, you can use the rhoas
command-line interface (CLI) to update certain Kafka instance settings, as shown in the following example command:
rhoas kafka update --reauthentication false
For a list of Kafka instance settings that you can update using the CLI, see the rhoas kafka update
entry in the CLI command reference (rhoas).
-
You have a running Kafka instance with at least one Kafka topic in OpenShift Streams for Apache Kafka (see Getting started with Red Hat OpenShift Streams for Apache Kafka).
-
In the OpenShift Streams for Apache Kafka web console, click Kafka Instances and select a Kafka instance.
-
Select the Settings tab.
-
Adjust any of the settings as needed.
Kafka instance settings in OpenShift Streams for Apache Kafka
You can edit the following Kafka instance settings in Red Hat OpenShift Streams for Apache Kafka.
- Connection re-authentication
-
When a client connects to a Kafka instance, the session lasts for five minutes. At that point, the client must reauthenticate to stay connected. Many Kafka clients automatically reauthenticate to remain connected, but some Kafka clients do not.
If you use a Kafka client that does not support connection reauthentication, the client is disconnected when the five-minute session expires. To prevent the client from being disconnected every five minutes, disable the
Connection re-authentication
setting.Before disabling connection re-authentication, you should be aware of the security risks. If you disable connection re-authentication, and then an attacker obtains credentials to your Kafka instance, they will be able to stay connected indefinitely. Deactivating the user account or service account will not close the connections that the attacker has opened. In this scenario, you would need to add Access Control List rules (ACLs) to prevent the unauthorized connections from performing any operations (see Managing account access in OpenShift Streams for Apache Kafka). You could also contact Red Hat Support for assistance.
Disabling connection re-authentication will restart your Kafka instance.