Kafka - random high port

Hi All,

I am running the confluent kafka containers, one for kraft and one for a broker. The containers are ran in podman and use network ‘host’. I need to use the JMX interface to monitor stats, for this i have enabled JMX using KAFKA_JMX_OPTS, as below:

KAFKA_JMX_OPTS: -Dcom.sun.management.jmxremote.port=1091 -Dcom.sun.management.jmxremote.host= -Djava.net.preferIPv4Stack=true -Djava.rmi.server.hostname= -Dcom.sun.management.jmxremote.rmi.port=1091 -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false

Kafka controller and broker appear to be listening on 1091 but also open a random high port. How do i stop this random high port ?

Thanks in advance!

Which specific image / version are you running?

How are you configuring kafka in the containers? e.g., do you have a Docker Compose file? I’m wondering what listeners you have configured (KAFKA_LISTENERS / KAFKA_ADVERTISED_LISTENERS environment variables)


I am using podman containers managed by systemd. I am passing in ENV variables to configure my nodes and bind mounting truststore/certs.

Image: docker.io/confluentinc/cp-kafka:7.5.0-1-ubi8
I have two listeners SSL Listeners on 9093, 9094 all working as expected.

LISTEN 0 50* users:((“java”,pid=3875131,fd=113)) <— JMX
LISTEN 0 50* users:((“java”,pid=3875131,fd=467)) <–MTLS SSL LISTENER
LISTEN 0 50* users:((“java”,pid=3875131,fd=114)) << — ? Random high port - possibly jmri? Changes across reboots.
LISTEN 0 50* users:((“java”,pid=3875131,fd=468)) ← MTLS LISTENER

Very likely it’s JMX-related, either RMI or there’s also a port for local connections. Check this and this out for further reading and ways to configure those ports. Bear in mind that the image you’re using includes Java 11, so any post-Java 11 features wouldn’t be doable out of the box. If you really needed those features you might attempt upgrading java in the image (*ymmv).

thanks. Interesting that confluent recommend Java 17 but build containers using ubi8 (java 11) and not ubi8/openjdk-17. I suspect the port is the local jmx port which i dont think can be changed or disabled in java 11 ;(.

I confirmed that if you upgrade to Java 17 and use the following env var, it’ll do the trick and JMX will only use the two configured ports:

KAFKA_JMX_OPTS: -Djava.rmi.server.hostname= -Dcom.sun.management.jmxremote=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.port=9101 -Dcom.sun.management.jmxremote.rmi.port=9101 -Dcom.sun.management.jmxremote.local.port=9102

Those properties are from the Baeldung article, and the env variable is documented here.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.