Using Kafka nodes with IBM Event Streams

You can configure KafkaConsumer, KafkaRead, and KafkaProducer nodes to connect to the Event Streams service in IBM® Cloud.

Follow these steps to configure a connection to IBM Event Streams:

1. Create a set of credentials in Event Streams, which the Kafka nodes use for the connection.
2. In Event Streams, view the credentials and make a note of the list of servers in the kafka_brokers_sasl property.
   You use this list of servers to populate the Bootstrap servers property on the KafkaConsumer, KafkaRead, and KafkaProducer nodes when you are creating your message flow.

   You will use the values in the User and Password fields to configure the security credentials that IBM App Connect Enterprise uses to connect to Event Streams.

3. Use either the mqsisetdbparms or mqsicredentials command to associate a username and password with a connection to Event Streams:
   • Configure security credentials by using the mqsisetdbparms command, specifying the required username (-u), password (-p), and resource name (-n). The resource name is in the form kafka:: followed by the name of the security identity that is specified on the Kafka node; for example, kafka::myKafkaSecId. Alternatively, you can use the default security identity, by specifying a resource name of kafka::KAFKA or kafka::KAFKA::integrationServerName.
     The following example shows how to specify a username, password, and named Kafka security identity:

     mqsisetdbparms -w workDir -n kafka::myKafkaSecId -u myUsername -p myPassword

     The following example hows how to specify a username and password, and specifies that the default Kafka security identity for the integration server will be used for connecting to Event Streams:

     mqsisetdbparms -w workDir -n kafka::KAFKA::myIntegrationServer1 -u myUsername -p myPassword

     For more information, see mqsisetdbparms command.

   • Configure security credentials by using the mqsicredentials command, specifying the username (--username), password (--password), credential type (--credential-type), and credential name (--credential-name). Specify the credential type as kafka, and specify a credential name that matches the value of the Security identifier parameter specified in the node. Alternatively, you can use the default security identity specified by the --set-as-default parameter on the mqsicredentials command.
     The following example shows how to specify a username, password, and named Kafka security identity:

     mqsicredentials --create --work-dir workDir --credential-type kafka --credential-name myKafkaSecId --username myUsername --password myPassword

     The following example shows how to specify a username and password, and specifies that the default Kafka security identity for the integration server will be used for connecting to Event Streams:

     mqsicredentials --create --work-dir workDir --credential-type kafka --credential-name myKafkaSecId --username myUsername --password myPassword

     mqsicredentials --set-as-default --work-dir workDir --credential-type kafka --credential-name myKafkaSecId

     For more information, see mqsicredentials command.

4. On the Security tab of the Kafka nodes, set the Security protocol property to SASL_SSL, and set the SSL protocol property to TLSv1.2.

   If the username and password that are to be used for connecting to Event Streams were configured by using the mqsicredentials command, specify the Security identifier property on the Kafka node, which will be used to access those credentials in the App Connect Enterprise vault.