Skip to main content
Data / ML, Engineering

Securing Kafka® Infrastructure at Uber

7 April 2022 / Global
Featured image for Securing Kafka® Infrastructure at Uber
Figure 1: uPKI Identity provisioning and initial identity fetch on service launch
Figure 2: Rotating workload identities
Figure 3: Sequence diagram which shows how Producer sends a message to Kafka cluster
Figure 4: Deep dive into how UPKIProvider fetches Key/Certs from uPKI and furnish them to JVM
Figure 5: Authorization workflow
Figure 6: Two way Authorizer Lookup with “allow.everyone.if.no.acl.found=true
Figure 7: Latency Improvements seen with JDK11
Prateek Agarwal

Prateek Agarwal

Prateek Agarwal is a Staff Software Engineer on Uber’s Streaming Data Team. He is passionate about distributed systems, security, and automation areas. He has been working on highly available, fault resilient streaming systems, including core Kafka, Zookeeper, and Kafka ecosystem services.

Ryan Turner

Ryan Turner

Ryan Turner is a Staff Software Engineer leading Platform Authentication and Kubernetes Security initiatives and a maintainer of the SPIRE project.

KK Sriramadhesikan

KK Sriramadhesikan

KK Is a Sr Staff Security Engineer at Uber. KK secures Uber’s use of the cloud. He also works on a broad set of cross-functional initiatives on Security & Privacy at Uber.

Posted by Prateek Agarwal, Ryan Turner, KK Sriramadhesikan