Skip to content

Latest commit

 

History

History
150 lines (118 loc) · 3.33 KB

README.adoc

File metadata and controls

150 lines (118 loc) · 3.33 KB
Raw

Azure Plugin

The kafkactl azure plugin allows to configure kafkactl to use an azure oauth credential flow for login. This allows to perform passwordless logins with Azure EventHubs.

Installation

You can install the pre-compiled binary or compile from source.

Install the pre-compiled binary

homebrew:

# install tap repostory once
brew tap deviceinsight/packages
# install
brew install kafkactl-azure-plugin
# upgrade
brew upgrade kafkactl-azure-plugin

winget:

winget install kafkactl-azure-plugin

deb/rpm:

Download the .deb or .rpm from the releases page and install with dpkg -i and rpm -i respectively.

manually:

Download the pre-compiled binaries from the releases page and copy to the desired location.

Compiling from source

go get -u github.com/deviceinsight/kafkactl-plugins/azure

Configuration

Minimal

The minimal kafkactl configuration needed to use this plugin looks as follows:

contexts:
    my-context:
        brokers:
            - my-eventhub-namespace.servicebus.windows.net:9093
        sasl:
            enabled: true
            mechanism: oauth
            tokenprovider:
                plugin: azure
        tls:
            enabled: true

AKS Cluster with managed identity

If you are unable to access the eventhub namespace from your local machine, but only from within an AKS cluster, you can create a managed identity and assign the managed identity a role with rights to your eventhub.

Then you can configure kafkactl as follows:

contexts:
    my-context-k8s:
        brokers:
            - my-eventhub-namespace.servicebus.windows.net:9093
        kubernetes:
            enabled: true
            image: deviceinsight/kafkactl-azure:latest-v5.1.0
            kubecontext: my-aks-cluster
            namespace: aks-namespace
            serviceaccount: managed-identity
            labels:
                azure.workload.identity/use: "true"
        sasl:
            enabled: true
            mechanism: oauth
            tokenprovider:
                plugin: azure
        tls:
            enabled: true

Options

Option Type Description

tenant-id

string

configure a fixed tenant

verbose

boolean

enable verbose logging

az-events

comma separated list

type of events to log (Request, Response, ResponseError, Retry)

log-body

boolean

log body of requests

log-headers

comma separated list

list of headers to be logged

log-query-params

comma separated list

list of queryParams to be logged

Example with all options configured:

contexts:
    my-context:
        brokers:
            - my-eventhub-namespace.servicebus.windows.net:9093
        sasl:
            enabled: true
            mechanism: oauth
            tokenprovider:
                plugin: azure
                options:
                    tenant-id: my-tenant-id
                    verbose: true
                    az-events: Request,Response
                    log-query-params: resource
                    log-headers: Metadata
                    log-body: true
        tls:
            enabled: true