Securing communications to Kafka
IBM® Business Automation Insights relies on messages that are sent and received through Kafka topics.
About this task
IBM Business Automation Insights messages are produced by event emitters and Flink ingestion jobs. Flink jobs other than ingestion jobs also consume and process these messages. For all these messages, IBM Business Automation Insights supports SSL encryption of the communications to Kafka, and supports authentication either with a user name and password, or through Kerberos.
You secure communications to Kafka first for the initial configuration of IBM Business Automation Insights and possibly later when you work with it and need to update your configuration. In this case, see Updating your Business Automation Insights deployment to load your configuration changes.
- Certificate values must be base64-encoded.
- For 18.0.0 and For 18.0.1 If the server certificate is self-signed, the kafka.caCertificate parameter must also reference the server certificate.
- New in 18.0.2 Unless the server certificate is self-signed, the kafka.serverCertificate parameter must contain the root CA certificate.
Connecting to IBM Event Streams on IBM Cloud Private
Procedure
Example
- For
18.0.0 and For
18.0.1
kafka.securityProtocol=SASL_SSL kafka.serverCertificate=<server certificate> kafka.caCertificate=<Signer CA or self-signed server certificate> kafka.username=token kafka.password=<API key>
- New in 18.0.2
kafka.securityProtocol=SASL_SSL kafka.serverCertificate=<server certificate> kafka.username=token kafka.password=<API key>
Connecting to Kafka by using SSL with user name and password authentication
Procedure
Connecting to Kafka by using SSL only
Procedure
Example
- For
18.0.0 and For
18.0.1
kafka.securityProtocol=SSL kafka.serverCertificate=<server certificate> kafka.caCertificate=<Signer CA or self-signed server certificate>
- New in 18.0.2
kafka.securityProtocol=SSL kafka.serverCertificate=<server certificate>
Connecting to Kafka by using Kerberos
Procedure
Connecting to Kafka by using SSL with Kerberos authentication
Procedure
Example
- For
18.0.0 and For
18.0.1
kafka.securityProtocol=SASL_SSL kafka.serverCertificate=<server certificate> kafka.caCertificate=<Signer CA or self-signed server certificate> kafka.saslKerberosServiceName=<the principal name of the Kafka broker>
- New in 18.0.2
kafka.securityProtocol=SASL_SSL kafka.serverCertificate=<server certificate> kafka.saslKerberosServiceName=<the principal name of the Kafka broker>