'Benthos kafka consumer with ssl authentication

I am using benthos (https://www.benthos.dev/) to consume messages from a Kafka topic.

Testing my Benthos configuration with a local kafka works fine, but when I test the same configuration using a production Kafka deployment, with SSL authentication, the Benthos configuration does not consume any messages.

The configuration can connect to Kafka, and the last log I can see is the following one.

"@timestamp":"2021-12-10T00:22:44Z","@service":"benthos","component":"benthos.input","level":"DEBUG","message":"Starting consumer group"}

When I run the same benthos configuration using a local kafka with no SSL, I can see one log more after the previous one.

{"@timestamp":"2021-12-09T23:49:50Z","@service":"benthos","component":"benthos.input","level":"DEBUG","message":"Consuming messages from topic 'topicname' partition '0'"}

I suspect that the lack of this last trace, when using the production kafka with SSL activated must be the clue of what is going wrong, but I am not able to figure out the problem. Could anyone help please ?

This is the Benthos configuraiton I am using.

input:
  kafka:
    addresses:
      - kafka-server:443
    topics:
      - kafka-topic
    tls:
      enabled: true
      root_cas_file: ssl/ca.crt
      client_certs:
        - cert_file: ssl/cert.pem
          key_file: sl/key.pem
    consumer_group: consumer-group
    start_from_oldest: false
    checkpoint_limit: 1
    commit_period: 1s
    max_processing_period: 600ms
    group:
      session_timeout: 50s
      heartbeat_interval: 8s
      rebalance_timeout: 60s

BR, Esteban Collado

goapache-kafkabenthos


Solution 1:[1]

Ok, the benthos configuraiton I was using is fine. The problem was some ACL configuration on the kafka server side.

Solution 2:[2]

For anyone looking to test Benthos with Kafka TLS authentication, I put together a sample here, where I am generating valid certs using Terraform and configuring Redpanda (which offers the same API as Kafka) and Benthos in a docker-compose environment to communicate with each other over TLS.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Esteban Collado
Solution 2 Mihai Todor

Related Questions

How do I find the size of the array in go

How to cache the compiled regex in Go

Adding metric labels in prometheus on the fly

Golang http request results in EOF errors when making multiple requests successively

Chromedp with Golang has deadline exceeded if element doesnt exist. Is there a way to extend the context timeout after a deadline?

Is a Go goroutine a coroutine?

How to delete an element from a Slice in Golang

Need help on creating a UDF, returning "Unable to create a new Lua state"

chromedp - Go - Show invalid printer settings error (-32000) - When setting WithMarginTop

How to sort map by value and if value equals then by key in Go?

How to correctly set Mock Row and Query for go-sqlmock

Mock functions in Go

How do I reverse an array in Go?

Increase Heap size in GO

Go linter in VS code not working for packages across multiple files?