Kafka
gnmic supports exporting subscription updates to multiple Apache Kafka brokers/clusters simultaneously
Configuration sample#
A Kafka output can be defined using the below format in gnmic config file under outputs section:
outputs:
output1:
# required
type: kafka
# kafka client name.
# if left empty, this field is populated with the output name used as output ID (output1 in this example).
# the full name will be '$(name)-kafka-prod'.
# If the flag --instance-name is not empty, the full name will be '$(instance-name)-$(name)-kafka-prod.
# note that each kafka worker (producer) will get client name=$name-$index
name: ""
# Comma separated brokers addresses
address: localhost:9092
# Kafka topic name
topic: telemetry
# Kafka SASL configuration
sasl:
# SASL user name
user:
# SASL password
password:
# SASL mechanism: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 and OAUTHBEARER are supported
mechanism:
# token url for OAUTHBEARER SASL mechanism
token-url:
# Kafka TLS config
tls:
# path to certificate authority file, this will be used to verify the kafka server certificate
ca-file:
# path to client certificate file.
cert-file:
# path to client key file.
key-file:
# boolean, controls whether a client verifies the server's certificate chain and host name
# if set to true, the kafka client accepts any certificate presented by the server and any host name in that certificate
skip-verify:
# The total number of times to retry sending a message
max-retry: 2
# Kafka connection timeout
timeout: 5s
# Wait time to reestablish the kafka producer connection after a failure
recovery-wait-time: 10s
# Exported msg format, json, protojson, prototext, proto, event
format: event
# string, one of `overwrite`, `if-not-present`, ``
# This field allows populating/changing the value of Prefix.Target in the received message.
# if set to ``, nothing changes
# if set to `overwrite`, the target value is overwritten using the template configured under `target-template`
# if set to `if-not-present`, the target value is populated only if it is empty, still using the `target-template`
add-target:
# string, a GoTemplate that allows for the customization of the target field in Prefix.Target.
# it applies only if the previous field `add-target` is not empty.
# if left empty, it defaults to:
# {{- if index . "subscription-target" -}}
# {{ index . "subscription-target" }}
# {{- else -}}
# {{ index . "source" | host }}
# {{- end -}}`
# which will set the target to the value configured under `subscription.$subscription-name.target` if any,
# otherwise it will set it to the target name stripped of the port number (if present)
target-template:
# boolean, if true the message timestamp is changed to current time
override-timestamps: false
# Number of kafka producers to be created
num-workers: 1
# (bool) enable debug
debug: false
# (int) number of messages to buffer before being picked up by the workers
buffer-size: 0
# (bool) enables the collection and export (via prometheus) of output specific metrics
enable-metrics: false
# list of processors to apply on the message before writing
event-processors:
Currently all subscriptions updates (all targets and all subscriptions) are published to the defined topic name
Kafka Security protocol#
Kafka clients can operate with 4 security protocols, their configuration is controlled via both .tls and .sasl fields under the output config.
| Security Protocol | Description | Configuration |
|---|---|---|
PLAINTEXT | Un-authenticated, non-encrypted channel | .tls and .sasl are NOT present |
SASL_PLAINTEXT | SASL authenticated, non-encrypted channel | only .sasl is present |
SASL_SSL | SASL authenticated, SSL channel | both .tls and .sasl are present |
SSL | SSL channel | only .tls is present |
Security Configuration Examples#
outputs:
output1:
type: kafka
topic: my_kafka_topic
# other fields
# no tls and no sasl fields
outputs:
output1:
type: kafka
topic: my_kafka_topic
sasl:
user: admin
password: secret
# other fields
# no tls field
Example1: Without server certificate verification
outputs:
output1:
type: kafka
topic: my_kafka_topic
sasl:
user: admin
password: secret
tls:
skip-verify: true
# other fields
# ...
outputs:
output1:
type: kafka
topic: my_kafka_topic
sasl:
user: admin
password: secret
tls:
ca-file: /path/to/ca-file
# other fields
# ...
outputs:
output1:
type: kafka
topic: my_kafka_topic
sasl:
user: admin
password: secret
tls:
cert-file: /path/to/cert-file
key-file: /path/to/cert-file
# other fields
# ...
outputs:
output1:
type: kafka
topic: my_kafka_topic
sasl:
user: admin
password: secret
tls:
cert-file: /path/to/cert-file
key-file: /path/to/cert-file
ca-file: /path/to/ca-file
# other fields
# ...
Example1: Without server certificate verification
outputs:
output1:
type: kafka
topic: my_kafka_topic
tls:
skip-verify: true
# other fields
# no sasl field
outputs:
output1:
type: kafka
topic: my_kafka_topic
tls:
ca-file: /path/to/ca-file
# other fields
# no sasl field
outputs:
output1:
type: kafka
topic: my_kafka_topic
tls:
cert-file: /path/to/cert-file
key-file: /path/to/cert-file
# other fields
# no sasl field
outputs:
output1:
type: kafka
topic: my_kafka_topic
tls:
cert-file: /path/to/cert-file
key-file: /path/to/cert-file
ca-file: /path/to/ca-file
# other fields
# no sasl field
Kafka Output Metrics#
When a Prometheus server is enabled, gnmic kafka output exposes 4 prometheus metrics, 3 Counters and 1 Gauge:
number_of_kafka_msgs_sent_success_total: Number of msgs successfully sent by gnmic kafka output. This Counter is labeled with the kafka producerIDnumber_of_written_kafka_bytes_total: Number of bytes written by gnmic kafka output. This Counter is labeled with the kafka producerIDnumber_of_kafka_msgs_sent_fail_total: Number of failed msgs sent by gnmic kafka output. This Counter is labeled with the kafka producerID as well as the failure reasonmsg_send_duration_ns: gnmic kafka output send duration in nanoseconds. This Gauge is labeled with the kafka producerID