Benthos带有SSL身份验证的Kafka消费者

huangapple go评论123阅读模式
英文:

Benthos kafka consumer with ssl authentication

问题

我正在使用benthos(https://www.benthos.dev/)来消费来自Kafka主题的消息。

使用本地Kafka测试我的Benthos配置正常工作,但是当我使用生产Kafka部署测试相同的配置时,配置无法消费任何消息。

配置可以连接到Kafka,我能看到的最后一条日志如下。

"timestamp":"2021-12-10T00:22:44Z","service":"benthos","component":"benthos.input","level":"DEBUG","message":"Starting consumer group"}

当我使用没有SSL的本地Kafka运行相同的benthos配置时,我可以在上一条日志之后看到一条更多的日志。

{"timestamp":"2021-12-09T23:49:50Z","service":"benthos","component":"benthos.input","level":"DEBUG","message":"Consuming messages from topic 'topicname' partition '0'"}

我怀疑在使用启用了SSL的生产Kafka时缺少这个最后的跟踪可能是出错的线索,但我无法找出问题所在。有人可以帮忙吗?

这是我正在使用的Benthos配置。

input:
kafka:
addresses:
- kafka-server:443
topics:
- kafka-topic
tls:
enabled: true
root_cas_file: ssl/ca.crt
client_certs:
- cert_file: ssl/cert.pem
key_file: sl/key.pem
consumer_group: consumer-group
start_from_oldest: false
checkpoint_limit: 1
commit_period: 1s
max_processing_period: 600ms
group:
session_timeout: 50s
heartbeat_interval: 8s
rebalance_timeout: 60s

顺祝商祺,
Esteban Collado

英文:

I am using benthos (https://www.benthos.dev/) to consume messages from a Kafka topic.

Testing my Benthos configuration with a local kafka works fine, but when I test the same configuration using a production Kafka deployment, with SSL authentication, the Benthos configuration does not consume any messages.

The configuration can connect to Kafka, and the last log I can see is the following one.

"@timestamp":"2021-12-10T00:22:44Z","@service":"benthos","component":"benthos.input","level":"DEBUG","message":"Starting consumer group"}

When I run the same benthos configuration using a local kafka with no SSL, I can see one log more after the previous one.

{"@timestamp":"2021-12-09T23:49:50Z","@service":"benthos","component":"benthos.input","level":"DEBUG","message":"Consuming messages from topic 'topicname' partition '0'"}

I suspect that the lack of this last trace, when using the production kafka with SSL activated must be the clue of what is going wrong, but I am not able to figure out the problem. Could anyone help please ?

This is the Benthos configuraiton I am using.

input:
  kafka:
    addresses:
      - kafka-server:443
    topics:
      - kafka-topic
    tls:
      enabled: true
      root_cas_file: ssl/ca.crt
      client_certs:
        - cert_file: ssl/cert.pem
          key_file: sl/key.pem
    consumer_group: consumer-group
    start_from_oldest: false
    checkpoint_limit: 1
    commit_period: 1s
    max_processing_period: 600ms
    group:
      session_timeout: 50s
      heartbeat_interval: 8s
      rebalance_timeout: 60s

BR,
Esteban Collado

答案1

得分: 1

好的,我明白了。以下是翻译好的内容:

好的,我使用的 benthos 配置是正确的。问题出在 kafka 服务器端的一些 ACL 配置上。

英文:

Ok, the benthos configuraiton I was using is fine. The problem was some ACL configuration on the kafka server side.

答案2

得分: 0

对于任何想要测试使用Kafka TLS身份验证的人,我在这里提供了一个示例,我使用Terraform生成有效的证书,并在docker-compose环境中配置了Redpanda(提供与Kafka相同的API)和Benthos,以便它们可以通过TLS进行通信。

示例链接:这里

Redpanda链接:这里

英文:

For anyone looking to test Benthos with Kafka TLS authentication, I put together a sample here, where I am generating valid certs using Terraform and configuring Redpanda (which offers the same API as Kafka) and Benthos in a docker-compose environment to communicate with each other over TLS.

huangapple
  • 本文由 发表于 2021年12月10日 08:33:44
  • 转载请务必保留本文链接:https://go.coder-hub.com/70298415.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定