Zac, Kafka has its own built-in load-balancing mechanism based on partition assignment. Requests are processed by partition leaders, distributing load across the brokers in the cluster. If you want to put a proxy like HAProxy with SSL termination in front of your brokers for added security, you can do that. You can have completely independent trust chain between clients->proxy and proxy->broker. You need to configure Kafka brokers with the proxy host as the host in the advertised listeners for the security protocol used by clients.
On Thu, Nov 17, 2016 at 9:44 PM, Zac Harvey <zac.har...@welltok.com> wrote: > We have two Kafka nodes and for reasons outside of this question, would > like to set up a load balancer to terminate SSL with producers (clients). > The SSL cert hosted by the load balancer will be signed by trusted/root CA > that clients should natively trust. > > > Is this possible to do, or does Kafka somehow require SSL to be setup > directly on the Kafka servers themselves? > > > Thanks! > -- Regards, Rajini
