There is no listener to topic mappings right now. But you can run two listeners one PLAINTEXT and another SASL. Configure your authorizer to allow anonymous read/write on topics that are public and the topics you want to protect give a explicit ACL to principal names. This will protect any read/writes on the secure topics and it will reject any request on PLAINTEXT port for these topics as AuthorizationException and rest of the topics you can continue access through both the ports.
-Harsha On Tue, Jul 17, 2018, at 5:09 PM, Matt L wrote: > Hi, > > I have an existing Kafka Cluster that is configured as PLAINTEXT. We want > to enable SASL (GSSAPI) as an additional listener. > > Is there a way to force specific topics to only accept traffic > (publish/consume) from a certain listener? > > e.g. if i create a topic and set ACLS, how do i stop a client from using > the PLAINTEXT protocol and publishing and consuming to that topic > > Thanks!