Confluent Cloud

Introduction

In this guide, you will learn how to connect to Confluent Cloud from Zilla. You can get started with a fully working config exampleopen in new window.

Prerequisites

Cluster Bootstrap server - see Confluent Cloud Cluster Settingsopen in new window
API Keys(Key, Secret) - see API Keys to Control Accessopen in new window

Confluent Cloud Parameters

Confluent Cloud is exposed over SASL_SSL authentication protocols and the Confluent Cloud cluster is secured by a TLS server certificate that is provided by a public certificate authority.

For a better understanding of the Zilla config, please use a brief explanation of replaceable values :

Value	Description
`API_KEY_KEY`	The API key from Confluent Console
`API_KEY_SECRET`	The Secret key from Confluent Console
`BOOTSTRAP_SERVER_HOSTNAME`	Confluent Kafka hostname
`BOOTSTRAP_SERVER_PORT`	Confluent Kafka port number

Before we proceed further let's use the below command to verify connectivity to your Kafka.

kcat -b BOOTSTRAP_SERVER_HOSTNAME:BOOTSTRAP_SERVER_PORT \
-X security.protocol=sasl_ssl -X sasl.mechanisms=PLAIN \
-X sasl.username=API_KEY_KEY -X sasl.password=API_KEY_SECRET \
-L

Configure Zilla

zilla.yaml

bindings:
  kafka_client:
    type: kafka
    kind: client
    exit: tls_client
    options:
      sasl:
        mechanism: plain
        username: API_KEY_KEY
        password: API_KEY_SECRET
  tls_client:
    type: tls
    kind: client
    options:
      trustcacerts: true
      sni:
        - BOOTSTRAP_SERVER_HOSTNAME
    exit: tcp_client
  tcp_client:
    type: tcp
    kind: client
    options:
      host: BOOTSTRAP_SERVER_HOSTNAME
      port: BOOTSTRAP_SERVER_PORT
    routes:
      - when:
          - cidr: 0.0.0.0/0

NOTE

SNI adds the domain name to the TLS handshake process so that the Zilla process reaches the right domain name and receives the correct SSL certificate.

To test the above config you can follow instructions in the README from the exampleopen in new window.