This is a bit out of my memory. And also out of our logging. So I don't know anymore if a message like that occured, and can't look it up anymore.
Peter
Original Message:
Sent: Apr 10, 2024 04:51 PM
From: Ben Urbanski
Subject: Connection to Azure Event Hub via Kafka Producer
Hello @Peter van de Riet. When trying to reproduce this to add better logging when the truststore doesn't contain a certificate for Kafka, we found that there were log events. Is it possible that you missed these, or that we misunderstood the problem?
------------------------------
Ben Urbanski
Product Manager, API Gateway
Layer7 API Management
Original Message:
Sent: Dec 14, 2023 04:30 AM
From: Peter van de Riet
Subject: Connection to Azure Event Hub via Kafka Producer
Update with working configuration:
First error was a missing certificate in the trust-store. No logging was pointing in that direction.
After fixing the certificate and a lot of trial and error we have a working solution. Maybe not all is needed, but this is working:
------------------------------
Peter van de Riet
The Netherlands
Original Message:
Sent: Dec 08, 2023 09:17 AM
From: Ben Urbanski
Subject: Connection to Azure Event Hub via Kafka Producer
That looks more correct when using Kafka's PLAIN mechanism for SAS per this documentation, https://learn.microsoft.com/en-us/azure/event-hubs/azure-event-hubs-kafka-overview#shared-access-signature-sas.
You'll definitely want to verify network connectivity between your gateway and the endpoint.
Also, is Azure providing any useful log information for the failure?
In any case, you can open a support case, and we'll try to help you troubleshoot this further. However, we probably will not have access to Azure Event Hub ourselves.
------------------------------
Ben Urbanski
Product Manager, API Gateway
Layer7 API Management
Original Message:
Sent: Dec 08, 2023 07:57 AM
From: Peter van de Riet
Subject: Connection to Azure Event Hub via Kafka Producer
Thanks for the answers, the screenshot was one of many tries. From my local machine in intellij it works with the $connection, that was a final try. The best I can think of is with username "SAS-Layer7" and password the value from primary key (ending in "SwE=") but that doesn't work either. Not with PLAIN nor SCRAM-SHA-256.
This is the connection string (redacted)
Endpoint=sb://******.servicebus.windows.net/;SharedAccessKeyName=SAS-Layer7;SharedAccessKey=******SwE=
I asked the network team to check if maybe the traffic is blocked in some way.
------------------------------
Peter van de Riet
The Netherlands
Original Message:
Sent: Dec 08, 2023 01:07 AM
From: Raju Gurram
Subject: Connection to Azure Event Hub via Kafka Producer
Kafka client configurations are global and static in nature. As of now, configuring them using context variables is unsupported. Please revise the configuration with a specific user name.
Original Message:
Sent: Dec 07, 2023 10:31 AM
From: Ben Urbanski
Subject: Connection to Azure Event Hub via Kafka Producer
Hello Peter,
Here is our documentation for configuring Kafka clients on the Layer7 API Gateway. However, it doesn't include examples for Azure Event Hub.
In fact, while Azure Event Hub supports Kafka protocol connections, it's not exactly Kafka and I expect your mileage might vary.
However, based on the error you're getting and the screenshot you've provided, I suspect the problem might be the Username you specified. It looks like you're trying to use a context variable value, but with the wrong syntax. $ConnectionString should be ${ConnectionString}.
------------------------------
Ben Urbanski
Product Manager, API Gateway
Layer7 API Management
Original Message:
Sent: Dec 07, 2023 08:15 AM
From: Peter van de Riet
Subject: Connection to Azure Event Hub via Kafka Producer
It seems I can't find the good documentation. I have a Azure Event Hub and with the IDE I can produce events. From the gateway I don't know how to configure the Kafka Client. In below picture I have tried to show what the configuration. Is there any documentation on this, or something I can try?
The error in the logging is:
Connection to node -1 (*****.servicebus.windows.net/<ip>:9093) terminated during authentication. This may happen due to any of the following reasons: (1) Authentication failed due to invalid credentials with brokers older than 1.0.0, (2) Firewall blocking Kafka TLS traffic (eg it may only allow HTTPS traffic), (3) Transient network issue.
------------------------------
Peter van de Riet
The Netherlands
------------------------------