Hello, I have setup kafka using kerberos successfully however if I try and reach kafka through an elb the kerberos authentication fails. The kafka brokers are each using their unique hostname for kerberos and when going through an elb the consumer/producer only sees the elb's dns record which doesn't have kerberos setup for it causing auth to fail. If I try to setup a service principle name for that dns record I can only associate it with one of the brokers behind the elb so the other ones fail.
I have tried setting up a service account and having the kafka brokers use that which works when a consumer/producer is talking to the instances through the elb however inter broker communication which is also over kerberos fails at that point because it is going directly to the other nodes instead of through the elb. I am not sure where to go from here as there doesn't appear to be a way to configure the inter broker communication to work differently then the incoming consumer communication short of getting rid of kerberos. Any advice would be greatly appreciated. Tyler Monahan