Skip to main content
Uber logo

Schedule rides in advance

Reserve a rideReserve a ride

Schedule rides in advance

Reserve a rideReserve a ride
Data / ML, Engineering

Securing Kafka® Infrastructure at Uber

April 7, 2022 / Global
Featured image for Securing Kafka® Infrastructure at Uber
Figure 1: uPKI Identity provisioning and initial identity fetch on service launch
Figure 2: Rotating workload identities
Figure 3: Sequence diagram which shows how Producer sends a message to Kafka cluster
Figure 4: Deep dive into how UPKIProvider fetches Key/Certs from uPKI and furnish them to JVM
Figure 5: Authorization workflow
Figure 6: Two way Authorizer Lookup with “allow.everyone.if.no.acl.found=true
Figure 7: Latency Improvements seen with JDK11
Prateek Agarwal

Prateek Agarwal

Prateek Agarwal is a Staff Software Engineer on Uber’s Streaming Data Team. He is passionate about distributed systems, security, and automation areas. He has been working on highly available, fault resilient streaming systems, including core Kafka, Zookeeper, and Kafka ecosystem services.

Ryan Turner

Ryan Turner

Ryan Turner is a Staff Software Engineer leading Platform Authentication and Kubernetes Security initiatives and a maintainer of the SPIRE project.

KK Sriramadhesikan

KK Sriramadhesikan

KK Sriramadhesikan is a Senior Staff Security Engineer on Uber’s Security Engineering team. He leads secure authentication and authorization across Uber’s security infrastructure.

Posted by Prateek Agarwal, Ryan Turner, KK Sriramadhesikan