...
Kafka Direct interface without using Message Router/ DMaaP client:
The below Kafka configuration details needs to be added in the application yaml of both publisher(cps-core) and consumer(cps-temporal) of the events published to Kafka. These configuration should preferably be defined in application-helm.yaml included in the OOM charts to provide flexibility while deploying the application.
spring:
...
Topics are auto generated in ONAP DMaaP Kafka. Hence topic creation is not covered in the scope of cps.
Based on the encryption and authentication mechanism used, the required configurations could change and hence it is suggested to use override files for configuring the required values according to the used environment.
Encryption and
...
AMQ Streams supports encryption and authentication, which is configured as part of the listener configuration.
...
Authentication Listener Configuration
Encryption and authentication in Kafka brokers is configured per listener.
...
Supported security protocols are are :
1.PLAINTEXT : Listener without any encryption or authentication. CPS application by default is configured to use PLAINTEXT both with testcontainers and docker-compose.
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
kafka:
bootstrap-servers: ${KAFKA_BOOTSTRAP_SERVER}
security:
protocol: PLAINTEXT
# to be added only in producer
producer:
group-id: ${KAFKA_GROUP_ID:cps-temporal-group}
client-id: ${KAFKA_client_ID:cps}
# to be added only in consumer
consumer:
group-id: ${KAFKA_CONSUMER_GROUP_ID:cps-temporal-group}
client-id: ${KAFKA_client_ID:cps} |
Any
...
other
...
security
...
protocol
...
to
...
be
...
used
...
could
...
be
...
configured
...
using
...
the
...
OOM
...
charts.
The
...
below
...
values
...
are
...
to
...
be
...
defined
...
in
...
the
...
values.yaml
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
kafka
sasl_plaintext:
security:
protocol: SASL_PLAINTEXT
ssl:
trust-store-type:
trust-store-location:
trust-store-password:
properties:
sasl.mechanism: PLAIN
sasl_ssl:
security:
protocol: SASL_SSL
ssl:
trust-store-type: JKS
trust-store-location: file:///C:/Users/adityaputhuparambil/ltec-com-strimzi.jks
trust-store-password: secret
properties:
sasl.mechanism: SCRAM-SHA-512
sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
ssl.endpoint.identification.algorithm: |
2. SSL : Listener using TLS encryption and, optionally, authentication using TLS client certificates.
3. SASL_PLAINTEXT using Plain mechanism:
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
kafka:
security:
protocol: '{{ .Values.kafka.sasl_plaintext.security.protocol }}'
ssl:
trust-store-type: '{{ .Values.kafka.sasl_plaintext.security.trust-store-type }}'
trust-store-location: '{{ .Values.kafka.sasl_plaintext.security.trust-store-location }}'
trust-store-password: '{{ .Values.kafka.sasl_plaintext.security.trust-store-password }}'
properties:
sasl.mechanism: '{{ .Values.kafka.sasl_plaintext.proeprties.sasl_mechanism }}'
sasl.jaas.config: '{{ .Values.kafka.sasl.jaas.config }}' |
4. SASL_SSL using SCRAM-SHA-256 and SCRAM-SHA-512 : Implements authentication using Salted Challenge Response Authentication Mechanism (SCRAM). SCRAM credentials are stored centrally in ZooKeeper. SCRAM can be used in situations where ZooKeeper cluster nodes are running isolated in a private network.
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
kafka:
security:
protocol: '{{ .Values.kafka.sasl_ssl.security.protocol }}'
ssl:
trust-store-type: '{{ .Values.kafka.sasl_ssl.security.trust-store-type }}'
trust-store-location: '{{ .Values.kafka.sasl_ssl.security.trust-store-location }}'
trust-store-password: '{{ .Values.kafka.sasl_ssl.security.trust-store-password }}'
properties:
sasl.mechanism: '{{ .Values.kafka.sasl_ssl.proeprties.sasl_mechanism }}'
sasl.jaas.config: '{{ .Values.kafka.sasl.jaas.config }}' |
Application-helm configuration :
The final configuration required in application-helm.yaml :
...