Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can you use TLS for Kafka in Quarkus?

Tags:

java

apache-kafka

ibm-cloud

quarkus

The Kafka guide from Quarkus works nicely when running Kafka locally in Docker. I'm trying to change this sample by replacing the local Kafka service with a hosted Kafka service in the cloud which requires TLS.

Does anyone know how I can configure this? In the Quarkus documentation and the Smallrye documentation I don't see any properties for this.

I'd like to use the Kafka service in the IBM Cloud. Based on the documentation I've tried the following configuration in application.properties:

kafka.bootstrap.servers=broker-0-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-4-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-3-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-5-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-2-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-1-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093
kafka.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="token" password="...";
kafka.sasl.mechanism=PLAIN
kafka.security.protocol=SASL_SSL
kafka.ssl.protocol=TLSv1.2

Update: I've also tried Gunnar's suggestion below, but it doesn't work. When I use the following application.properties ...

mp.messaging.outgoing.generated-price.connector=smallrye-kafka
mp.messaging.outgoing.generated-price.topic=prices
mp.messaging.outgoing.generated-price.value.serializer=org.apache.kafka.common.serialization.IntegerSerializer

mp.messaging.outgoing.generated-price.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="token" password="...";
mp.messaging.outgoing.generated-price.sasl.mechanism=PLAIN
mp.messaging.outgoing.generated-price.security.protocol=SASL_SSL
mp.messaging.outgoing.generated-price.ssl.protocol=TLSv1.2

mp.messaging.incoming.prices.connector=smallrye-kafka
mp.messaging.incoming.prices.topic=prices
mp.messaging.incoming.prices.value.deserializer=org.apache.kafka.common.serialization.IntegerDeserializer

mp.messaging.outgoing.prices.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="token" password="...";
mp.messaging.outgoing.prices.sasl.mechanism=PLAIN
mp.messaging.outgoing.prices.security.protocol=SASL_SSL
mp.messaging.outgoing.prices.ssl.protocol=TLSv1.2

kafka.bootstrap.servers=broker-0-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-4-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-3-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-5-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-2-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-1-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093

... I get an error: javax.enterprise.inject.spi.DeploymentException: java.lang.IllegalArgumentException: Invalid channel configuration - the connector attribute must be set for channel prices at io.quarkus.smallrye.reactivemessaging.runtime.SmallRyeReactiveMessagingLifecycle.onApplicationStart(SmallRyeReactiveMessagingLifecycle.java:22)

Is TLS currently possible for Kafka in Quarkus?

Thanks

like image 765
Niklas Heidloff Avatar asked Nov 21 '19 12:11

Niklas Heidloff

People also ask

What protocol Kafka uses?

Kafka uses a binary protocol over TCP. The protocol defines all APIs as request response message pairs. All messages are size delimited and are made up of the following primitive types.

What is SSL in Kafka?

2. SSL Overview. By default, Apache Kafka sends all data as clear text and without any authentication. First of all, we can configure SSL for encryption between the broker and the client. This, by default, requires one-way authentication using public key encryption where the client authenticates the server certificate.

What is the default serializer for Kafka?

SerDes specified in the Streams configuration are used as the default in your Kafka Streams application.

Does Kafka use OpenSSL?

To generate self-signed certificates for Kafka server, complete the following steps. You must have Java keytool and OpenSSL to generate certificates and trust store. Optionally, you can use any SSL certificate generation utility instead of OpenSSL.

1 Answers

Have you tried specifying the relevant properties at the channel level? E.g. 

mp.messaging.outgoing.generated-price.connector=smallrye-kafka
mp.messaging.outgoing.generated-price.topic=mytopic
mp.messaging.outgoing.generated-price.ssl.protocol=...
mp.messaging.outgoing.generated-price.ssl.keystore.location=...
mp.messaging.outgoing.generated-price.ssl.keystore.password=...

You also could refer to variables when requiring the same values for multiple topics.

like image 108
Gunnar Avatar answered Oct 10 '22 23:10

Gunnar
Sign in to Comment

Related questions

How can you write tailMay in Haskell for Foldable, without using unsafe functions?
STRING_AGG with CASE WHEN
Flutter - FileSystemException: Cannot open file, path = '/path' (OS Error: Operation not permitted, errno = 1) on ios
Issue with Navigation Component Duplicate NavArgs
Plotly-Dash: Adding new yaxis per selected df column
Defining string literal constants once both as char const* and wchar const*
IP filtering on Google Cloud run
Electron run in production mode
How can i prove that cons after uncons over coinductive list(a.k.a Stream) are identity, in Agda?
Why can text-decoration in ::first-letter not cascade text-decoration in ::first-line?
LINQ Breaking changes in EF Core 3.0. How can I compare strings without getting the warning CA1308?
How to kill FFmpeg currently running process?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!