[Verse 1]
Controllers gossip through encrypted wire
TLS certificates they require
No more plaintext floating in the air
SASL mechanisms handle authentication with care
Bootstrap servers exchange their secret keys
Mutual validation puts the network at ease
[Chorus]
Security flows through every node
Metadata locked with cryptographic code
ACLs live in the log, no ZooKeeper store
Authentication guards each connection door
Audit trails capture every change
KRaft security rearranged
[Verse 2]
Brokers authenticate with fresh credentials
Inter-cluster handshakes, now essential
Principal mappings route identity
GSSAPI, PLAIN, or SCRAM authority
Protocol adapters validate each request
Digital signatures put trust to the test
[Chorus]
Security flows through every node
Metadata locked with cryptographic code
ACLs live in the log, no ZooKeeper store
Authentication guards each connection door
Audit trails capture every change
KRaft security rearranged
[Bridge]
Gone are the ZooKeeper ACL days
Metadata log holds permission arrays
Create, delete, alter operations tracked
Timestamps and principals, nothing redacted
Compliance officers celebrate
Immutable records seal our fate
[Verse 3]
Bootstrap protocol negotiates the trust
Certificate chains verified, password robust
Cross-cluster replication needs secure lanes
Encrypted metadata flows through fiber veins
Observer nodes mirror without compromise
Security policies behind administrative eyes
[Chorus]
Security flows through every node
Metadata locked with cryptographic code
ACLs live in the log, no ZooKeeper store
Authentication guards each connection door
Audit trails capture every change
KRaft security rearranged
[Outro]
Controllers united in cryptographic dance
No single point where hackers advance
Distributed trust across the cluster wide
KRaft security, our fortress and guide