Kafka Connection

Supported Kafka Versions

  • 2.1.0

  • 3.4.x

Connection Configuration

Configure the fields required to create the connection as explained below.

Connection Name

Enter a unique name for this connection.


Scope

When creating connections, users can define the scope to customize their accessibility.

You can set the connection scope as follows:

  • Organization: Accessible to organization users across all Gathr projects for usage in applications.

  • Project: Accessible to organization users limited to projects that are specified by the connection owner for usage in applications.

  • Private: Accessible only to the connection owner for usage in applications.


Connection Type

Choose between a secure SSH Tunnel connection or a direct connection.

If Connection Type value is SSH Tunnel, additional fields will be displayed as given below:

To know more about SSH Tunneling with Gathr, see SSH Tunneling.

SSH Key

Provide the SSH key for authenticating the SSH host and user.

SSH Host

Enter the public IP address of your SSH host.

SSH User

Specify the default SSH username.

If Connection Type value is Direct Connection, then proceed by updating the following fields.


Zookeeper Hosts

List of comma separated IPs: port of Zookeeper for creating Kafka topic from Gathr.


Kafka Brokers

List of Kafka nodes for creating connections.


Enable Topic Administration

Allows the user to create and update topics in Kafka, provided they have the necessary authorization for these actions.


Enable SSL

Enable SSL for the Kafka connection.

Upload Truststore File

Upload the Truststore file for SSL in JKS format.

Truststore Password

Enter the password for the Truststore file.

Enable Authentication

Enable additional authentication settings.

Upload Keystore File

Upload the Keystore file for authentication in PKCS12 format.

Keystore Password

Enter the password for the Keystore file.

Password

Enter the password for the private key in the Keystore file.


Confluent Kafka

Check this box if you are using Confluent Kafka.

Enabling this option ensures compatibility with Confluent-specific configurations and optimizations.

Schema Registry URL

Enter the Schema Registry URL for your Kafka setup.

This is the location where Kafka stores and manages data schemas. It helps ensure consistency and compatibility of data formats in your Kafka topics.

Example: http://localhost:8081.


Enable SASL

Select to enable SASL based authentication for enhanced security in the Kafka connection.

SASL Mechanism

Choose how you want to securely prove your identity based on your Kafka server setup.

Enter one of these methods:

  • PLAIN: Send your username and password (make sure it’s a secure connection).

  • GSSAPI (Kerberos): Integrates with security systems like Kerberos. Offers secure authentication without sharing sensitive info.

  • SCRAM: Modern and secure. Uses a challenge-response approach, protecting against various attacks.

SASL JAAS Configuration

Specify how Java applications authenticate users using SASL.

Configure the Java Authentication and Authorization Service (JAAS) by defining login modules and options.

Tailor these settings to control how user identities are verified and authorized during authentication.

Example Values for JAAS Configuration:

  • com.example.CustomLoginModule required;

  • com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true keyTab="/path/to/keytab" principal="user@example.com";

  • org.apache.kafka.common.security.scram.ScramLoginModule required username="myUser" password="myPassword" principal="user@example.com" serviceName="kafka";

User Principal

Enter the unique identity (principal) for SASL authentication.

This identifies you during the authentication process.

Example Values for User Principal:

  • user123

  • user.one@example.com


Security Protocol

This field appears when SSL is enabled. Specify the security protocol for the Kafka connection.

Common options include:

  • SSL: If SSL is enabled, providing SSL ensures encrypted communication.

  • PLAINTEXT: If SSL is not enabled, you can provide PLAINTEXT for unencrypted communication.

When SASL is enabled, the following values are valid:

  • SASL_SSL: This protocol combines SASL for authentication and SSL for encryption. It ensures both secure authentication and encrypted data transmission, providing a high level of security.

  • SASL_PLAINTEXT: This option uses SASL for authentication but does not encrypt the data during transmission. It’s less secure compared to SASL_SSL but may be suitable for environments where encryption is not a requirement.

Make sure the selected protocol aligns with your security requirements and the configuration of your Kafka cluster.

Example Value for Security Protocol:

  • SSL

  • PLAINTEXT

  • SASL_SSL

  • SASL_PLAINTEXT


Add Configuration: Additional properties can be added using ADD CONFIGURATION link.


After entering all the details, click on the TEST button.

If the connection service identification and authentication details are provided correctly, a success message stating “connection available” is generated. Click on the CREATE button to save the changes.

If the details are incorrect or the server is down, you will get a message “Connection unavailable”.

Top