Kafka Endpoints Reference

This is a reference for the Kafka Endpoints integration. The following properties are unique to this integration.

The endpoint configuration follows the same pattern as the Kafka moogdb module; there is a minimum set of required parameters and an optional set of parameters. See the descriptions below for detailed descriptions.

See the Apache Kafka documentation for details on SSL and SASL in Kafka.

Name

A unique name for the endpoint for use in Workflow Engine configuration.

Type

String

Required

Yes

Default

N/A

Servers

The list of brokers to connect to. A server configuration consists of the server name and port.

Server Name

Name of the server to connect to.

Type

String

Required

Yes

Default

N/A

Port

Port to communicate over.

Type

Integer

Required

Yes

Default

9092

Compression

The compression algorithm to use.

Type

One of: none, lz4, gzip, snappy.

Required

No

Default

none

SSL Configuration

See the Apache Kafka documentation for detailed descriptions of SSL configuration in Kafka.

USESSL

Whether to use SSL configuration. Check the box to enable.

Type

Boolean

Required

No

Default

Disabled

truststore.location

Path to the SSL truststore file.

Type

String

Required

Yes, if using SSL.

Default

N/A

truststore.password

Password for the SSL truststore file.

Type

String

Required

Yes, if using SSL.

Default

N/A

keystore.location

Path to the keystore file.

Type

String

Required

Yes, if using SSL.

Default

N/A

keystore.password

Password for the keystore file.

Type

String

Required

Yes, if using SSL.

Default

N/A

key.password

SSL certificate password.

Type

String

Required

Yes, if using SSL.

Default

N/A

endpoint.identification.algorithm

Method to validate server hosts, for example HTTPS. Leave blank to disable.

Type

String

Required

Yes, if using SSL.

Default

N/A

SASL Configuration

See the Apache Kafka documentation for detailed descriptions of SASL configuration in Kafka.

USESASL

Whether to use SASL. Check the box to enable.

Type

Boolean

Required

No

Default

Disabled

sasl.mechanism

SASL mechanism to use to authenticate.

Type

Choose from PLAIN, SCRAM-SHA-256, SCRAM-SHA-512, OAUTHBEARER

Required

Yes, if using SASL.

Default

N/A

security.protocol

Security protocol to use.

Type

Choose from SASL_SSL, SASL_PLAINTEXT

Required

Yes, if using SASL.

Default

N/A

sasl.jaas.config

Base module to use. Each requires additional parameters, defined under Additional SASL JaaS Config.

Type

One of: PLAIN, SCRAM, OAUTHBEARER, GSSAPI

Required

Yes, if using SASL.

Default

N/A

Additional SASL JaaS Config

Each JaaS base module (PLAIN, SCRAM, OAUTHBEARER, GSSAPI) requires additional parameters which you specify in this field.

The UI creates the string up to and including "required". This field must contain the remainder of the string after this. For example, if the connection was using "PLAIN", the "Additional SASL JaaS config" should contain the username and password:

username=John.Doe password=PASSWORD123

Example configurations for each base module are as follows:

Type

Example

PLAIN

org.apache.kafka.common.security.plain.PlainLoginModule required username=Jane.Doe password=Password123;

SCRAM

org.apache.kafka.common.security.scram.ScramLoginModule required username=John.Doe password=My_Password;

OAUTHBEARER

org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredLoginPrincipalClaimName="sub" unsecuredLoginStringClaim_sub="Jane.Doe";

GSSAPI

com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab="KEYTAB_FILE_PATH_HERE" principal="SERVICENAME/HOST@REALM";

Additional Properties

SASL Login refresh parameters. You only need to configure these if sasl.jaas.config is set to OAUTHBEARER. Defaults to Kafka recommended default values.

window.factor

Login refresh thread will sleep until the specified window factor relative to the credential's lifetime is reached, at which point it attempts to refresh the credential.

Type

Double

Required

Yes, if sasl.jaas.config is set to OAUTHBEARER.

Default

0.8

Valid Values

Between 0.5 (50%) and 1.0 (100%) inclusive.

window.jitter

Maximum amount of random jitter relative to the credential's lifetime that is added to the login refresh thread's sleep time. Legal values are between 0 and 0.25 (25%) inclusive.

Type

Double

Required

Yes, if sasl.jaas.config is set to OAUTHBEARER.

Default

Between 0 and 0.25 (25%) inclusive.

min.period.seconds

Desired minimum time for the login refresh thread to wait before refreshing a credential, in seconds. This value and sasl.login.refresh.buffer.seconds are both ignored if their sum exceeds the remaining lifetime of a credential.

Type

Short

Required

Yes, if sasl.jaas.config is set to OAUTHBEARER.

Default

60

Valid Values

0 and 900

min.buffer.seconds

When refreshing a credential, amount of buffer time to maintain, in seconds, before credential expiration. If a refresh would otherwise occur closer to expiration than the number of buffer seconds, the refresh is moved up to maintain as much of the buffer time as possible. This value and sasl.login.refresh.min.period.seconds are both ignored if their sum exceeds the remaining lifetime of a credential.

Type

Short

Required

Yes, if sasl.jaas.config is set to OAUTHBEARER.

Default

300

Valid Values

Between 0 and 3600

Kerberos Properties

You only need to configure these if sasl.jaas.config is set to GSSAPI.

kerberos.debug.log

Whether to use authentication debugging. Check to enable.

Type

Boolean

Required

Yes, if sasl.jaas.config is set to GSSAPI.

Default

Disabled

sasl.kerberos.service.name

Name of the Kerberos service.

Type

String

Required

Yes, if sasl.jaas.config is set to GSSAPI.

Default

N/A

kerberos.conf.file.path

Path to the Kerberos configuration file.

Type

String

Required

Yes, if sasl.jaas.config is set to GSSAPI.

Default

N/A