Kafka SSL Source

Provided by: "Apache Software Foundation"

Support Level for this Kamelet is: "Stable"

Receive data from Kafka topics with SSL/TLS support

Configuration Options

The following table summarizes the configuration options available for the kafka-ssl-source Kamelet:

Property	Name	Description	Type	Default	Example
bootstrapServers	Bootstrap Servers	Required Comma separated list of Kafka Broker URLs.	string
sslKeyPassword	SSL Key Password	Required The password of the private key in the key store file.	string
sslTruststoreLocation	SSL Truststore Location	Required The location of the trust store file.	string
topic	Topic Names	Required Comma separated list of Kafka topic names.	string
allowManualCommit	Allow Manual Commit	Whether to allow doing manual commits.	boolean	false
autoCommitEnable	Auto Commit Enable	If true, periodically commit to ZooKeeper the offset of messages already fetched by the consumer.	boolean	true
autoOffsetReset	Auto Offset Reset	What to do when there is no initial offset. There are 3 enums and the value can be one of latest, earliest, none.	string	latest
consumerGroup	Consumer Group	A string that uniquely identifies the group of consumers to which this source belongs.	string		my-group-id
deserializeHeaders	Automatically Deserialize Headers	When enabled the Kamelet source will deserialize all message headers to String representation.	boolean	true
pollOnError	Poll On Error Behavior	What to do if kafka threw an exception while polling for new messages. There are 5 enums and the value can be one of DISCARD, ERROR_HANDLER, RECONNECT, RETRY, STOP.	string	ERROR_HANDLER
saslJaasConfig	JAAS Configuration	Java Authentication and Authorization Service (JAAS) for Simple Authentication and Security Layer (SASL) configuration.	string
saslMechanism	SASL Mechanism	The Simple Authentication and Security Layer (SASL) Mechanism used.	string	GSSAPI
securityProtocol	Security Protocol	Protocol used to communicate with brokers. SASL_PLAINTEXT, PLAINTEXT, SASL_SSL and SSL are supported.	string	SSL
sslEnabledProtocols	SSL Enabled Protocols	The list of protocols enabled for SSL connections. TLSv1.2, TLSv1.1 and TLSv1 are enabled by default.	string	TLSv1.2,TLSv1.1,TLSv1
sslEndpointAlgorithm	SSL Endpoint Algorithm	The endpoint identification algorithm to validate server hostname using server certificate. Use none or false to disable server hostname verification.	string	https
sslKeystoreLocation	SSL Keystore Location	The location of the key store file. This is optional for client and can be used for two-way authentication for client.	string
sslKeystorePassword	SSL Keystore Password	The store password for the key store file.This is optional for client and only needed if ssl.keystore.location is configured.	string
sslProtocol	SSL Protocol	The SSL protocol used to generate the SSLContext. Default setting is TLS, which is fine for most cases. Allowed values in recent JVMs are TLS, TLSv1.1 and TLSv1.2. SSL, SSLv2 and SSLv3 may be supported in older JVMs, but their usage is discouraged due to known security vulnerabilities.	string	TLSv1.2
topicIsPattern	Topic Is Pattern	Whether the topic is a pattern (regular expression). This can be used to subscribe to dynamic number of topics matching the pattern.	boolean	false

Property

Name

Description

Type

Default

Example

bootstrapServers

Bootstrap Servers

Required Comma separated list of Kafka Broker URLs.

string

sslKeyPassword

SSL Key Password

Required The password of the private key in the key store file.

string

sslTruststoreLocation

SSL Truststore Location

Required The location of the trust store file.

string

topic

Topic Names

Required Comma separated list of Kafka topic names.

string

allowManualCommit

Allow Manual Commit

Whether to allow doing manual commits.

boolean

false

autoCommitEnable

Auto Commit Enable

If true, periodically commit to ZooKeeper the offset of messages already fetched by the consumer.

boolean

true

autoOffsetReset

Auto Offset Reset

What to do when there is no initial offset. There are 3 enums and the value can be one of latest, earliest, none.

string

latest

consumerGroup

Consumer Group

A string that uniquely identifies the group of consumers to which this source belongs.

string

my-group-id

deserializeHeaders

Automatically Deserialize Headers

When enabled the Kamelet source will deserialize all message headers to String representation.

boolean

true

pollOnError

Poll On Error Behavior

What to do if kafka threw an exception while polling for new messages. There are 5 enums and the value can be one of DISCARD, ERROR_HANDLER, RECONNECT, RETRY, STOP.

string

ERROR_HANDLER

saslJaasConfig

JAAS Configuration

Java Authentication and Authorization Service (JAAS) for Simple Authentication and Security Layer (SASL) configuration.

string

saslMechanism

SASL Mechanism

The Simple Authentication and Security Layer (SASL) Mechanism used.

string

GSSAPI

securityProtocol

Security Protocol

Protocol used to communicate with brokers. SASL_PLAINTEXT, PLAINTEXT, SASL_SSL and SSL are supported.

string

SSL

sslEnabledProtocols

SSL Enabled Protocols

The list of protocols enabled for SSL connections. TLSv1.2, TLSv1.1 and TLSv1 are enabled by default.

string

TLSv1.2,TLSv1.1,TLSv1

sslEndpointAlgorithm

SSL Endpoint Algorithm

The endpoint identification algorithm to validate server hostname using server certificate. Use none or false to disable server hostname verification.

string

https

sslKeystoreLocation

SSL Keystore Location

The location of the key store file. This is optional for client and can be used for two-way authentication for client.

string

sslKeystorePassword

SSL Keystore Password

The store password for the key store file.This is optional for client and only needed if ssl.keystore.location is configured.

string

sslProtocol

SSL Protocol

The SSL protocol used to generate the SSLContext. Default setting is TLS, which is fine for most cases. Allowed values in recent JVMs are TLS, TLSv1.1 and TLSv1.2. SSL, SSLv2 and SSLv3 may be supported in older JVMs, but their usage is discouraged due to known security vulnerabilities.

string

TLSv1.2

topicIsPattern

Topic Is Pattern

Whether the topic is a pattern (regular expression). This can be used to subscribe to dynamic number of topics matching the pattern.

boolean

false

Dependencies

At runtime, the kafka-ssl-source Kamelet relies upon the presence of the following dependencies:

mvn:org.apache.camel.kamelets:camel-kamelets-utils:4.4.4-SNAPSHOT
camel:core
camel:kafka
camel:kamelet

Camel JBang usage

Prerequisites

You’ve installed JBang.
You have executed the following command:

jbang app install camel@apache/camel

Supposing you have a file named route.yaml with this content:

- route:
    from:
      uri: "kamelet:timer-source"
      parameters:
        period: 10000
        message: 'test'
      steps:
        - to:
            uri: "kamelet:log-sink"

You can now run it directly through the following command

camel run route.yaml

Camel K Environment Usage

This section describes how you can use the kafka-ssl-source.

Knative source

You can use the kafka-ssl-source Kamelet as a Knative source by binding it to a Knative object.

kafka-ssl-source-pipe.yaml

apiVersion: camel.apache.org/v1
kind: Pipe
metadata:
  name: kafka-ssl-source-pipe
spec:
  source:
    ref:
      kind: Kamelet
      apiVersion: camel.apache.org/v1
      name: kafka-ssl-source
    properties:
      bootstrapServers: The Bootstrap Servers
      sslKeyPassword: The SSL Key Password
      sslTruststoreLocation: The SSL Truststore Location
      topic: The Topic Names
  sink:
    ref:
      kind: Channel
      apiVersion: messaging.knative.dev/v1
      name: mychannel

Prerequisite

You have Camel K installed on the cluster.

Procedure for using the cluster CLI

Save the kafka-ssl-source-pipe.yaml file to your local drive, and then edit it as needed for your configuration.
Run the source by using the following command:
```
kubectl apply -f kafka-ssl-source-pipe.yaml
```

Procedure for using the Kamel CLI

Configure and run the source by using the following command:

kamel bind channel:mychannel -p "source.bootstrapServers=The Bootstrap Servers" -p "source.sslKeyPassword=The SSL Key Password" -p "source.sslTruststoreLocation=The SSL Truststore Location" -p "source.topic=The Topic Names" kafka-ssl-source

This command creates the Kamelet Pipe in the current namespace on the cluster.

Kafka source

You can use the kafka-ssl-source Kamelet as a Kafka source by binding it to a Kafka topic.

kafka-ssl-source-pipe.yaml

apiVersion: camel.apache.org/v1
kind: Pipe
metadata:
  name: kafka-ssl-source-pipe
spec:
  source:
    ref:
      kind: Kamelet
      apiVersion: camel.apache.org/v1
      name: kafka-ssl-source
    properties:
      bootstrapServers: The Bootstrap Servers
      sslKeyPassword: The SSL Key Password
      sslTruststoreLocation: The SSL Truststore Location
      topic: The Topic Names
  sink:
    ref:
      kind: KafkaTopic
      apiVersion: kafka.strimzi.io/v1beta1
      name: my-topic

Prerequisites

You’ve installed Strimzi.
You’ve created a topic named my-topic in the current namespace.
You have Camel K installed on the cluster.

Procedure for using the cluster CLI

Save the kafka-ssl-source-pipe.yaml file to your local drive, and then edit it as needed for your configuration.
Run the source by using the following command:
```
kubectl apply -f kafka-ssl-source-pipe.yaml
```

Procedure for using the Kamel CLI

Configure and run the source by using the following command:

kamel bind kafka.strimzi.io/v1beta1:KafkaTopic:my-topic -p "source.bootstrapServers=The Bootstrap Servers" -p "source.sslKeyPassword=The SSL Key Password" -p "source.sslTruststoreLocation=The SSL Truststore Location" -p "source.topic=The Topic Names" kafka-ssl-source

This command creates the Kamelet Pipe in the current namespace on the cluster.

Kamelet source file

https://github.com/apache/camel-kamelets/blob/main/kamelets/kafka-ssl-source.kamelet.yaml