Application Access
With every project you get a technical user account to access Kafka. When you have configured Netilion events over Kafka, use the MQTT to Kafka bridge or configured additional Kafka topics, this account will be granted access to these topics.
The necessary credentials are stored in your default Key Vault. They are also synchronized to your Kubernetes namespace. There they are provided with a secret object, which is a Kubernetes data resource that can be access from the containers running in the cluster. The name of the secret is keyvault-project and it contains the following Kafka related values:
- confluent-bootstrap-endpoint
- confluent-sa-project-key
- confluent-sa-project-secret
The value
- confluent-bootstrap-url
is available too. It contains the same information as confluent-boostrap-endpoint, but with the protocol prefix SASL_SSL://. Most of the clients needs only the endpoint.
A typical configuration for a Kafka client will then look like:
bootstrap.servers=<confluent-bootstrap-endpoint>security.protocol=SASL_SSLsasl.mechanisms=PLAINsasl.username=<confluent-sa-project-key>sasl.password=<confluent-sa-project-secret>How to use the provided secret
In the Kubernetes deployment file the secret values can be copied to environment variables. These can then be accessed from within the container.
apiVersion: apps/v1kind: Deploymentmetadata: name: kafka-example labels: app: kafka-examplespec: replicas: 1 selector: matchLabels: app: kafka-example template: metadata: labels: app: kafka-example spec: containers: - name: kafka-consumer image: cir.endress.com/eh-ds-next/your-application:1.0 env: - name: KAFKA_BOOTSTRAP_URL valueFrom: secretKeyRef: name: keyvault-project key: confluent-bootstrap-endpoint - name: KAFKA_KEY valueFrom: secretKeyRef: name: keyvault-project key: confluent-sa-project-key - name: KAFKA_SECRET valueFrom: secretKeyRef: name: keyvault-project key: confluent-sa-project-secret