Hello Apache Kafka community, There's nice documentation on enabling ZooKeeper security on an existing Apache Kafka cluster at https://kafka.apache.org/documentation/#zk_authz_migration
For your convenience here are the first two steps of migration: 1. Perform a rolling restart setting the JAAS login file, which enables brokers to authenticate. At the end of the rolling restart, brokers are able to manipulate znodes with strict ACLs, but they will not create znodes with those ACLs 2. Perform a second rolling restart of brokers, this time setting the configuration parameter zookeeper.set.acl to true, which enables the use of secure ACLs when creating znodes Problem is that there seems to be code in Kafka broker like ZookeeperLeaderElector which on a broker with configured JAAS config file, is setting ACLs even when zookeeper.set.acl=false Is it a bug or did I misunderstand something? Kind regards, Stevo Slavic.
