Control Center Security on Confluent Platform¶
Configuring security for Control Center requires planning and needs to be done carefully. You can secure Control Center as a server, meaning you can require users to login when they access Control Center in their browser, and you can secure its communication with the browser.
In addition, because Control Center relies on Kafka Connect, Apache Kafka® brokers, Kafka Streams, interceptors, and metrics reporters to work properly, you can also secure Control Center as a proxy server to each of these components, if the component has been secured.
After a Confluent Platform component is secured, it will be unable to communicate with other non-secured components. For instance, if you have a secured Kafka broker and a secured Control Center, but you have not secured Connect, Control Center will act erratically when you attempt to use it. Be sure to secure all components in your environment.
General Security Configuration¶
- Configure TLS for Control Center on Confluent Platform
- Configure SASL for Control Center on Confluent Platform
- Configure HTTP Basic Authentication with Control Center on Confluent Platform
- Configure Control Center with LDAP authentication on Confluent Platform
- Configure RBAC for Control Center on Confluent Platform
- Configure Control Center to work with Kafka ACLs on Confluent Platform
- TLS and HTTP Basic Authentication among Confluent Control Center Components
- mTLS Authentication for Confluent Control Center Monitoring and Alerting