Benthos kafka consumer with ssl authentication

I am using benthos (https://www.benthos.dev/) to consume messages from a Kafka topic.

Testing my Benthos configuration with a local kafka works fine, but when I test the same configuration using a production Kafka deployment, with SSL authentication, the Benthos configuration does not consume any messages.

The configuration can connect to Kafka, and the last log I can see is the following one.

"@timestamp":"2021-12-10T00:22:44Z","@service":"benthos","component":"benthos.input","level":"DEBUG","message":"Starting consumer group"}

When I run the same benthos configuration using a local kafka with no SSL, I can see one log more after the previous one.

{"@timestamp":"2021-12-09T23:49:50Z","@service":"benthos","component":"benthos.input","level":"DEBUG","message":"Consuming messages from topic 'topicname' partition '0'"}

I suspect that the lack of this last trace, when using the production kafka with SSL activated must be the clue of what is going wrong, but I am not able to figure out the problem. Could anyone help please ?

This is the Benthos configuraiton I am using.

input:
  kafka:
    addresses:
      - kafka-server:443
    topics:
      - kafka-topic
    tls:
      enabled: true
      root_cas_file: ssl/ca.crt
      client_certs:
        - cert_file: ssl/cert.pem
          key_file: sl/key.pem
    consumer_group: consumer-group
    start_from_oldest: false
    checkpoint_limit: 1
    commit_period: 1s
    max_processing_period: 600ms
    group:
      session_timeout: 50s
      heartbeat_interval: 8s
      rebalance_timeout: 60s

BR,
Esteban Collado

Ok, the benthos configuraiton I was using is fine. The problem was some ACL configuration on the kafka server side.

For anyone looking to test Benthos with Kafka TLS authentication, I put together a sample here, where I am generating valid certs using Terraform and configuring Redpanda (which offers the same API as Kafka) and Benthos in a docker-compose environment to communicate with each other over TLS.