Enabling Kafka on a Certified Container

You can enable Kafka connection properties with SSL on a Certified Container setup.

Follow these steps to configure SSL-enabled Kafka:
  1. Copy the truststore and keystore (jks) certificates to the resources volume mapped folder, which is the same location where the database driver jar file, JCE files, and other resources are placed for the Certified Container deployment.
  2. Map the mount volume to the local directory in the Certified Container while loading the Certified Container image.
    For example:
    
1. Map /mnt/ibm/resources directory on the system to /ibm/resources directory in Certified Container.
2. Copy the truststore and keystore certificates to /mnt/ibm/resources directory.
   /mnt/ibm/resources/certificates/common-ca/truststore.jks
   /mnt/ibm/resources/certificates/kafka-consumer-1/kafka-consumer-1.jks
  3. Update SSL connection related properties in the Customization UI and use /ibm/resources/ in the path.
  4. Log in to the Customization UI as a user with APIUser permission, and click customer_overrides and navigate to the Property tab.
  5. Create a property using the property key nosql_prop for kafka.properties file as mentioned below:
    Property Key Property Value
    nosql_prop.ssl.truststore.location /ibm/resources/certificates/common-ca/truststore.jks
    nosql_prop.ssl.keystore.location /ibm/resources/certificates/kafka-consumer-1/kafka-consumer-1.jks
    Similarly, you can update other Kafka properties including the other SSL properties using the Customization UI.
    Property Key Property Value
    nosql_prop.bootstrap.servers  
    nosql_prop.security.protocol SSL
    nosql_prop.ssl.truststore.password  
    nosql_prop.ssl.keystore.password  
    nosql_prop.ssl.key.password  
    nosql_prop.ssl.enabled.protocols TLSv1.2,TLSv1.1,TLSv1
    nosql_prop.ssl.truststore.type JKS
    nosql_prop.ssl.keystore.type JKS
  6. Restart Sterling B2B Integrator for the changes to take effect.