Spring引导application.yml中的Spring Kafka SSL设置

我正在尝试使用Kafka客户端设置Spring Boot应用程序以使用SSL。 我将我的keystore.jks和truststore.jks存储在文件系统(在docker容器上)上,因为: https : //github.com/spring-projects/spring-kafka/issues/710

这是我的application.yml:

spring: kafka: ssl: key-password: pass keystore-location: /tmp/kafka.client.keystore.jks keystore-password: pass truststore-location: /tmp/kafka.client.truststore.jks truststore-password: pass 

但是,当我启动应用程序(在docker容器中)时,它说:

 Caused by: java.lang.IllegalStateException: Resource 'class path resource [tmp/kafka.client.keystore.jks]' must be on a file system [..] Caused by: java.io.FileNotFoundException: class path resource [tmp/kafka.client.keystore.jks] cannot be resolved to URL because it does not exist 

我检查了容器,/ tmp中有.jks。

我无法理解如何将.jks传递给spring boot。

更新06/07/2018

这是我的dockerfile

 FROM openjdk:8-jdk-alpine VOLUME /tmp COPY ssl/kafka.client.keystore.jks /tmp COPY ssl/kafka.client.truststore.jks /tmp ARG JAR_FILE ADD ${JAR_FILE} app.jar ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"] 

根据讨论并启用kafka ssl配置,首先需要在consumerFactory中启用并设置ssl属性

 @Bean public ConsumerFactory consumerFactory() { Map props = new HashMap<>(); props.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, bootstrapServers); props.put(ConsumerConfig.GROUP_ID_CONFIG, groupId); props.put(ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class); props.put(ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG, JsonSerializable.class); props.put(ConsumerConfig.CLIENT_ID_CONFIG, clientId); props.put(ConsumerConfig.ENABLE_AUTO_COMMIT_CONFIG, enableAutoCommit); props.put(ConsumerConfig.AUTO_COMMIT_INTERVAL_MS_CONFIG, autoCommitInterval); props.put(ConsumerConfig.SESSION_TIMEOUT_MS_CONFIG, sessionTimeout); props.put(ConsumerConfig.MAX_POLL_RECORDS_CONFIG, maxRecords); props.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, offSet); if (sslEnabled) { props.put("security.protocol", "SSL"); props.put("ssl.truststore.location", trustStoreLocation); props.put("ssl.truststore.password", trustStorePassword); props.put("ssl.key.password", keyStorePassword); props.put("ssl.keystore.password", keyStorePassword); props.put("ssl.keystore.location", keyStoreLocation); } return new DefaultKafkaConsumerFactory<>(props, new StringDeserializer(), new JsonDeserializer<>(Task.class)); } 

并将证书复制到docker容器中

 COPY ssl/stage/* /var/lib/kafka/stage/