Configuring Kafka instance settings in Red Hat OpenShift Streams for Apache Kafka

Guide
  • Red Hat OpenShift Streams for Apache Kafka 1
  • Updated 22 February 2023
  • Published 11 October 2022

Configuring Kafka instance settings in Red Hat OpenShift Streams for Apache Kafka

Guide
Red Hat OpenShift Streams for Apache Kafka 1
  • Updated 22 February 2023
  • Published 11 October 2022

As a developer of applications and services, you can review and modify settings for your Kafka instances. By modifying these settings, you can configure your Kafka instances to suit your particular environment.

Reviewing and editing Kafka instance settings in OpenShift Streams for Apache Kafka

Use the Red Hat OpenShift Streams for Apache Kafka web console to review and adjust settings for a Kafka instance.

As an alternative to using the OpenShift Streams for Apache Kafka web console, you can use the rhoas command-line interface (CLI) to update certain Kafka instance settings, as shown in the following example command:

Example CLI command to disable connection reauthentication
rhoas kafka update --reauthentication false

For a list of Kafka instance settings that you can update using the CLI, see the rhoas kafka update entry in the CLI command reference (rhoas).

Prerequisites
Procedure
  1. In the OpenShift Streams for Apache Kafka web console, click Kafka Instances and select a Kafka instance.

  2. Select the Settings tab.

  3. Adjust any of the settings as needed.

Kafka instance settings in OpenShift Streams for Apache Kafka

You can edit the following Kafka instance settings in Red Hat OpenShift Streams for Apache Kafka.

Connection re-authentication

When a client connects to a Kafka instance, the session lasts for five minutes. At that point, the client must reauthenticate to stay connected. Many Kafka clients automatically reauthenticate to remain connected, but some Kafka clients do not.

If you use a Kafka client that does not support connection reauthentication, the client is disconnected when the five-minute session expires. To prevent the client from being disconnected every five minutes, disable the Connection re-authentication setting.

Before disabling connection re-authentication, you should be aware of the security risks. If you disable connection re-authentication, and then an attacker obtains credentials to your Kafka instance, they will be able to stay connected indefinitely. Deactivating the user account or service account will not close the connections that the attacker has opened. In this scenario, you would need to add Access Control List rules (ACLs) to prevent the unauthorized connections from performing any operations (see Managing account access in OpenShift Streams for Apache Kafka). You could also contact Red Hat Support for assistance.

Disabling connection re-authentication will restart your Kafka instance.