Google Cloud Storage Sink Connector for Confluent Cloud

You can use the fully-managed Google Cloud Storage (GCS) Sink connector for Confluent Cloud to export Avro, JSON Schema, Protobuf, JSON (schemaless), or Bytes data from Apache Kafka® topics to GCS in Avro, Bytes, JSON, or Parquet format.

Additionally, for certain data layouts, the GCS Sink connector exports data by guaranteeing exactly-once delivery semantics to consumers of the GCS objects it produces.

Note

This is a Quick Start for the fully-managed cloud connector. If you are installing the connector locally for Confluent Platform, see Google Cloud Storage Sink Connector for Confluent Platform.

Features

The Google Cloud Storage (GCS) Sink connector provides the following features:

  • Exactly Once Delivery: Records that are exported using a deterministic partitioner are delivered with exactly-once semantics regardless of the eventual consistency of GCS.

  • Data Format with or without a Schema: The connector supports Avro, JSON Schema, Protobuf, JSON (schemaless), or Bytes input data formats. It supports Avro, Bytes, JSON, and Parquet output formats. A valid schema must be available in Schema Registry to use a schema-based message format (for example, Avro). See Schema Registry Enabled Environments for additional information.

  • Schema Evolution: schema.compatibility is set to NONE. Note that the schema.compatibility setting is affected when one file is closed and uploaded to a GCS object. If a record cannot be written to a file because its schema has changed relative to the records already in the file, the connector rotates by:

    1. Closing the file.
    2. Uploading the file to GCS.
    3. Committing offsets for the records in the file.
    4. Opening a new file.
    5. Writing the new record.
  • Scheduled Rotation and Rotation Interval: The connector supports a regularly scheduled interval for closing and uploading files to storage. See Scheduled Rotation for details.

  • Partitioner: The connector supports the TimeBasedPartitioner class based on the Kafka class TimeStamp. Time-based partitioning options are daily or hourly.

  • Flush size: Defaults to 1000. The value can be increased if needed. The value can be lowered (1 minimum) if you are running a Dedicated Confluent Cloud cluster. The minimum value is 1000 for non-dedicated clusters.

    The following scenarios describe a couple of ways records may be flushed to storage:

    • You use the default setting of 1000 and your topic has six partitions. Files start to be created in storage after more than 1000 records exist in each partition.

    • You use the default setting of 1000 and the partitioner is set to Hourly. 500 records arrive at one partition from 2:00pm to 3:00pm. At 3:00pm, an additional 5 records arrive at the partition. You will see 500 records in storage at 3:00pm.

      Note

      The properties rotate.schedule.interval.ms and rotate.interval.ms can be used with flush.size to determine when files are created in storage. These parameters kick in and files are stored based on which condition is met first.

      For example: You have one topic partition. You set flush.size=1000 and rotate.schedule.interval.ms=600000 (10 minutes). 500 records arrive at the topic partition from 12:01 to 12:10. 500 additional records arrive from 12:11 to 12:20. You will see two files in the storage bucket with 500 records in each file. This is because the 10 minute rotate.schedule.interval.ms condition tripped before the flush.size=1000 condition was met.

For more information and examples to use with the Confluent Cloud API for Connect, see the Confluent Cloud API for Managed and Custom Connectors section.

Limitations

Be sure to review the following information.

Quick Start

Use this quick start to get up and running with the Confluent Cloud GCS Sink connector. The quick start provides the basics of selecting the connector and configuring it to stream events to a GCS bucket using either the Confluent Cloud Console or the Confluent CLI.

Prerequisites
  • Authorized access to a Confluent Cloud cluster on Google Cloud.

  • The Confluent CLI installed and configured for the cluster. See Install the Confluent CLI.

  • Schema Registry must be enabled to use a Schema Registry-based format (for example, Avro, JSON_SR (JSON Schema), or Protobuf). See Schema Registry Enabled Environments for additional information.

  • The data system the sink connector is connecting to should be in the same region as your Confluent Cloud cluster. If you use a different region or cloud platform, be aware that you may incur additional data transfer charges. Contact your Confluent account team or Confluent Support if you need to use Confluent Cloud and connect to a data system that is in a different region or on a different cloud platform.

  • A Google Cloud service account. You download service account credentials as a JSON file. These credentials are used when setting up the connector configuration.

    Important

    Your Google Cloud service account role must have permission to get, create, and delete objects in the GCS bucket. Note the following considerations:

    • The Storage Admin role can be selected for this purpose.
    • If you are concerned about security and do not want to use the Storage Admin role, use the storage.objects.get, storage.objects.create, and storage.objects.delete permissions. If you get a validation error stating that your service account does not have storage.buckets.get access, add this legacy permission.
    • The Storage Object Admin role will not work for this purpose.
  • Kafka cluster credentials. The following lists the different ways you can provide credentials.
    • Enter an existing service account resource ID.
    • Create a Confluent Cloud service account for the connector. Make sure to review the ACL entries required in the service account documentation. Some connectors have specific ACL requirements.
    • Create a Confluent Cloud API key and secret. To create a key and secret, you can use confluent api-key create or you can autogenerate the API key and secret directly in the Cloud Console when setting up the connector.

Caution

You can’t mix schema and schemaless records in storage using kafka-connect-storage-common. Attempting this causes a runtime exception.

Using the Confluent Cloud Console

Complete the following steps to set up and run the connector.

Step 1: Launch your Confluent Cloud cluster

See the Quick Start for Confluent Cloud for installation instructions.

Step 2: Add a connector

In the left navigation menu, click Connectors. If you already have connectors in your cluster, click + Add connector.

Step 3: Select your connector

Click the Google Cloud Storage Sink connector card.

Google Cloud Storage Sink Connector Card

Step 4: Set up the connection.

Note

  • Ensure you have all your prerequisites completed.
  • An asterisk ( * ) designates a required entry.

At the Add Google Cloud Storage Sink connector screen, complete the following:

If you’ve already populated your Kafka topics, select the topics you want to connect from the Topics list.

To create a new topic, click +Add new topic.

Step 5: Check the GCS bucket

  1. Go to the bucket Objects page for your GCS bucket.

  2. Open your topic folder and each subsequent folder until you see your messages displayed.

    Check the storage bucket

For more information and examples to use with the Confluent Cloud API for Connect, see the Confluent Cloud API for Managed and Custom Connectors section.

Tip

When you launch a connector, a Dead Letter Queue topic is automatically created. See Confluent Cloud Dead Letter Queue for details.

Using the Confluent CLI

Complete the following steps to set up and run the connector using the Confluent CLI.

Note

Make sure you have all your prerequisites completed.

Step 1: List the available connectors

Enter the following command to list available connectors:

confluent connect plugin list

Step 2: List the connector configuration properties

Enter the following command to show the connector configuration properties:

confluent connect plugin describe <connector-plugin-name>

The command output shows the required and optional configuration properties.

Step 3: Create the connector configuration file

Create a JSON file that contains the connector configuration properties. The following example shows the required connector properties.

{
    "name" : "confluent-gcs-sink",
    "connector.class" : "GcsSink",
    "kafka.auth.mode": "KAFKA_API_KEY",
    "kafka.api.key" : "<my-kafka-api-key>",
    "kafka.api.secret" : "<my-kafka-api-secret>",
    "topics" : "pageviews",
    "input.data.format" : "AVRO",
    "output.data.format" : "AVRO",
    "gcs.credentials.config" : "omitted"
    "gcs.bucket.name" : "<my-gcs-bucket-name>",
    "time.interval" : "HOURLY",
    "flush.size": "1000",
    "tasks.max" : "1"
}

Note the following property definitions:

  • connector.class: Identifies the connector plugin name.
  • name: Sets a name for your new connector.
  • "kafka.auth.mode": Identifies the connector authentication mode you want to use. There are two options: SERVICE_ACCOUNT or KAFKA_API_KEY (the default). To use an API key and secret, specify the configuration properties kafka.api.key and kafka.api.secret, as shown in the example configuration (above). To use a service account, specify the Resource ID in the property kafka.service.account.id=<service-account-resource-ID>. To list the available service account resource IDs, use the following command:

    confluent iam service-account list
    

    For example:

    confluent iam service-account list
    
       Id     | Resource ID |       Name        |    Description
    +---------+-------------+-------------------+-------------------
       123456 | sa-l1r23m   | sa-1              | Service account 1
       789101 | sa-l4d56p   | sa-2              | Service account 2
    
  • topics: Identifies the topic name or a comma-separated list of topic names.

  • input.data.format: Sets the input message format (data coming from the Kafka topic). Valid entries are AVRO, JSON_SR, PROTOBUF, JSON, or BYTES. You must have Confluent Cloud Schema Registry configured if using a schema-based message format (for example, Avro, JSON_SR (JSON Schema), or Protobuf).

    Note

    Input format JSON to output format AVRO does not work for the connector.

  • "output.data.format": Sets the output Kafka record value format (data coming from the connector). Valid entries are AVRO, BYTES, JSON, or PARQUET. Note that if output format BYTES is selected, the input message format must also be BYTES. A valid schema must be available in Schema Registry to use a schema-based message format (for example, Avro). For more information, see Google Cloud Storage Sink Connector limitations.

  • gcs.credentials.config: This contains the contents of the downloaded JSON file. See Formatting GCS credentials for details about how to format and use the contents of the downloaded credentials file.

  • rotate.schedule.interval.ms and rotate.interval.ms: See Scheduled Rotation for details about using these properties.

  • (Optional) flush.size: Defaults to 1000. The value can be increased if needed. The value can be lowered (1 minimum) if you are running a Dedicated Confluent Cloud cluster. The minimum value is 1000 for non-dedicated clusters.

    The following scenarios describe a couple of ways records may be flushed to storage:

    • You use the default setting of 1000 and your topic has six partitions. Files start to be created in storage after more than 1000 records exist in each partition.

    • You use the default setting of 1000 and the partitioner is set to Hourly. 500 records arrive at one partition from 2:00pm to 3:00pm. At 3:00pm, an additional 5 records arrive at the partition. You will see 500 records in storage at 3:00pm.

      Note

      The properties rotate.schedule.interval.ms and rotate.interval.ms can be used with flush.size to determine when files are created in storage. These parameters kick in and files are stored based on which condition is met first.

      For example: You have one topic partition. You set flush.size=1000 and rotate.schedule.interval.ms=600000 (10 minutes). 500 records arrive at the topic partition from 12:01 to 12:10. 500 additional records arrive from 12:11 to 12:20. You will see two files in the storage bucket with 500 records in each file. This is because the 10 minute rotate.schedule.interval.ms condition tripped before the flush.size=1000 condition was met.

  • time.interval: Sets how your messages are grouped in the GCS bucket. Valid entries are DAILY or HOURLY.

Tip

The time.interval property above and the following optional properties topics.dir and path.format can be used to build a directory structure for stored data. For example: You set "time.interval" : "HOURLY", "topics.dir" : "json_logs/hourly", and "path.format" : "'dt'=YYYY-MM-dd/'hr'=HH". The result is the directory structure: //bucket-name>/json_logs/daily/<Topic-Name>/dt=2020-02-06/hr=09/<files>.

The following are optional properties that can be used to organize your data in storage:

  • topics.dir: A top-level directory path to use for stored data. Defaults to topics if not used.
  • path.format: Configures the time-based partitioning path created. The property converts the UNIX timestamp to a date format string. If not used, this property defaults to 'year'=YYYY/'month'=MM/'day'=dd/'hour'=HH if an HOURLY time interval was selected or 'year'=YYYY/'month'=MM/'day'=dd if a Daily Time interval was selected.

Single Message Transforms: See the Single Message Transforms (SMT) documentation for details about adding SMTs using the CLI. See Unsupported transformations for a list of SMTs that are not supported with this connector.

See Configuration Properties for all property values and definitions.

Step 4: Load the configuration file and create the connector

Enter the following command to load the configuration and start the connector:

confluent connect cluster create --config-file <file-name>.json

For example:

confluent connect cluster create --config-file gcs-sink-config.json

Example output:

Created connector confluent-gcs-sink lcc-ix4dl

Step 5: Check the connector status

Enter the following command to check the connector status:

confluent connect cluster list

Example output:

ID          |       Name         | Status  | Type
+-----------+--------------------+---------+------+
lcc-ix4dl   | confluent-gcs-sink | RUNNING | sink

Step 6: Check the GCS bucket.

  1. Go to the bucket Objects page for your GCS bucket.

  2. Open your topic folder and each subsequent folder until you see your messages displayed.

    ../_images/ccloud-gcp-bucket-details.png

For more information and examples to use with the Confluent Cloud API for Connect, see the Confluent Cloud API for Managed and Custom Connectors section.

Tip

When you launch a connector, a Dead Letter Queue topic is automatically created. See Confluent Cloud Dead Letter Queue for details.

Formatting GCS credentials

The contents of the downloaded credentials file must be converted to string format before it can be used in the connector configuration.

  1. Convert the JSON file contents into string format.

  2. Add an escape character \ before all \n entries in the Private Key section so that each section begins with \\n (see the highlighted lines below). The example below has been formatted so that the \\n entries are easier to see. Most of the credentials key has been omitted.

    Tip

    A script is available that converts the credentials to a string and also adds the additional escape characters \ where needed. See Stringify Google Cloud Credentials.

      {
          "name" : "confluent-gcs-sink",
          "connector.class" : "GcsSink",
          "kafka.api.key" : "<my-kafka-api-key>",
          "kafka.api.secret" : "<my-kafka-api-secret>",
          "topics" : "pageviews",
          "data.format" : "AVRO",
          "gcs.credentials.config" : "{\"type\":\"service_account\",\"project_id\":\"connect-
          1234567\",\"private_key_id\":\"omitted\",
          \"private_key\":\"-----BEGIN PRIVATE KEY-----
          \\nMIIEvAIBADANBgkqhkiG9w0BA
          \\n6MhBA9TIXB4dPiYYNOYwbfy0Lki8zGn7T6wovGS5pzsIh
          \\nOAQ8oRolFp\rdwc2cC5wyZ2+E+bhwn
          \\nPdCTW+oZoodY\\nOGB18cCKn5mJRzpiYsb5eGv2fN\/J
          \\n...rest of key omitted...
          \\n-----END PRIVATE KEY-----\\n\",
          \"client_email\":\"pub-sub@connect-123456789.iam.gserviceaccount.com\",
          \"client_id\":\"123456789\",\"auth_uri\":\"https:\/\/accounts.google.com\/o\/oauth2\/
          auth\",\"token_uri\":\"https:\/\/oauth2.googleapis.com\/
          token\",\"auth_provider_x509_cert_url\":\"https:\/\/
          www.googleapis.com\/oauth2\/v1\/
          certs\",\"client_x509_cert_url\":\"https:\/\/www.googleapis.com\/
          robot\/v1\/metadata\/x509\/pub-sub%40connect-
          123456789.iam.gserviceaccount.com\"}",
          "gcs.bucket.name" : "<my-gcs-bucket-name>",
          "time.interval" : "HOURLY",
          "tasks.max" : "1"
      }
    
  3. Add all the converted string content to the "gcs.credentials.config" section of your configuration file as shown in the example above.

Scheduled Rotation

Two optional properties are available that allow you to set up a rotation schedule. These properties are provided in the Cloud Console (shown below) and in the Confluent CLI.

Rotate Schedule and Rotate Interval
  • rotate.schedule.interval.ms (Scheduled rotation): This property allows you to configure a regular schedule for when files are closed and uploaded to storage. The default value is -1 (disabled). For example, when this is set for 600000 ms, you will see files available in the storage bucket at least every 10 minutes. rotate.schedule.interval.ms does not require a continuous stream of data.

    Note

    Using the rotate.schedule.interval.ms property results in a non-deterministic environment and invalidates exactly-once guarantees.

  • rotate.interval.ms (Rotation interval): This property allows you to specify the maximum time span (in milliseconds) that a file can remain open for additional records. When using this property, the time span interval for the file starts with the timestamp of the first record added to the file. The connector closes and uploads the file to storage when the timestamp of a subsequent record falls outside the time span set by the first file’s timestamp. The minimum value is 600000 ms (10 minutes). This property defaults to the interval set by the time.interval property. rotate.interval.ms requires a continuous stream of data.

    Important

    The start and end of the time span interval is determined using file timestamps. For this reason, a file could potentially remain open for a long time if a record does not arrive with a timestamp falling outside the time span set by the first file’s timestamp.

Configuration Properties

Use the following configuration properties with the fully-managed connector. For self-managed connector property definitions and other details, see the connector docs in Self-managed connectors for Confluent Platform.

Which topics do you want to get data from?

topics

Identifies the topic name or a comma-separated list of topic names.

  • Type: list
  • Importance: high

Schema Config

schema.context.name

Add a schema context name. A schema context represents an independent scope in Schema Registry. It is a separate sub-schema tied to topics in different Kafka clusters that share the same Schema Registry instance. If not used, the connector uses the default schema configured for Schema Registry in your Confluent Cloud environment.

  • Type: string
  • Default: default
  • Importance: medium

Input messages

input.data.format

Sets the input Kafka record value format. Valid entries are AVRO, JSON_SR, PROTOBUF, JSON or BYTES. Note that you need to have Confluent Cloud Schema Registry configured if using a schema-based message format like AVRO, JSON_SR, and PROTOBUF.

  • Type: string
  • Importance: high

How should we connect to your data?

name

Sets a name for your connector.

  • Type: string
  • Valid Values: A string at most 64 characters long
  • Importance: high

Kafka Cluster credentials

kafka.auth.mode

Kafka Authentication mode. It can be one of KAFKA_API_KEY or SERVICE_ACCOUNT. It defaults to KAFKA_API_KEY mode.

  • Type: string
  • Default: KAFKA_API_KEY
  • Valid Values: KAFKA_API_KEY, SERVICE_ACCOUNT
  • Importance: high
kafka.api.key

Kafka API Key. Required when kafka.auth.mode==KAFKA_API_KEY.

  • Type: password
  • Importance: high
kafka.service.account.id

The Service Account that will be used to generate the API keys to communicate with Kafka Cluster.

  • Type: string
  • Importance: high
kafka.api.secret

Secret associated with Kafka API key. Required when kafka.auth.mode==KAFKA_API_KEY.

  • Type: password
  • Importance: high

GCP credentials

gcs.credentials.config

GCP service account JSON file with write permissions for Google Cloud Storage.

  • Type: password
  • Importance: high

Google Cloud Storage details

gcs.bucket.name

A Google Cloud Storage bucket must be in the same region as your Confluent Cloud cluster.

  • Type: string
  • Importance: high
gcs.compression.type

Compression type for file written to GCS. Applied when using JsonFormat or ByteArrayFormat. Available values: none, gzip

  • Type: string
  • Default: none
  • Importance: low
gcs.part.size

The Part Size(bytes) in GCS Multi-part Uploads.

  • Type: int
  • Default: 5242880
  • Valid Values: [5242880,…,2147483647]
  • Importance: high

Output messages

output.data.format

Set the output message format for values. Valid entries are AVRO, JSON, PARQUET or BYTES. Note that you need to have Confluent Cloud Schema Registry configured if using a schema-based message format like AVRO. Note that the output message format defaults to the value in the Input Message Format field. If either PROTOBUF or JSON_SR is selected as the input message format, you should select one explicitly. If no value for this property is provided, the value specified for the ‘input.data.format’ property is used.

  • Type: string
  • Importance: high
parquet.codec

Compression type for parquet files written to GCS.

  • Type: string
  • Importance: high

Organize my data by…

topics.dir

Top-level directory where ingested data is stored.

  • Type: string
  • Default: topics
  • Importance: high
path.format

This configuration is used to set the format of the data directories when partitioning with TimeBasedPartitioner. The format set in this configuration converts the Unix timestamp to proper directories strings. If you want to organize files like the following example, s3://<s3-bucket-name>/json_logs/daily/<Topic-Name>/dt=2020-02-06/hr=09/<files>, please put topic.directory=json_logs/daily, path.format=’dt’=YYYY-MM-dd/’hr’=HH, and time.interval=HOURLY.

  • Type: string
  • Default: ‘year’=YYYY/’month’=MM/’day’=dd/’hour’=HH
  • Importance: high
time.interval

Partitioning interval of data, according to the time ingested to storage.

  • Type: string
  • Importance: high
rotate.schedule.interval.ms

Scheduled rotation uses rotate.schedule.interval.ms to close the file and upload to storage on a regular basis using the current time, rather than the record time. Setting rotate.schedule.interval.ms is nondeterministic and will invalidate exactly-once guarantees. Minimum value is 600000ms (10 minutes).

  • Type: int
  • Default: -1
  • Importance: medium
rotate.interval.ms

The connector’s rotation interval specifies the maximum timespan (in milliseconds) a file can remain open and ready for additional records. In other words, when using rotate.interval.ms, the timestamp for each file starts with the timestamp of the first record inserted in the file. The connector closes and uploads a file to the blob store when the next record’s timestamp does not fit into the file’s rotate.interval time span from the first record’s timestamp. If the connector has no more records to process, the connector may keep the file open until the connector can process another record (which can be a long time). Minimum value is 600000ms (10 minutes). If no value for this property is provided, the value specified for the ‘time.interval’ property is used.

  • Type: int
  • Importance: high
flush.size

Number of records written to storage before invoking file commits.

  • Type: int
  • Default: 1000
  • Valid Values: [1000,…] for non-dedicated clusters and [1,…] for dedicated clusters
  • Importance: high
timestamp.field

Sets the field that contains the timestamp used for the TimeBasedPartitioner

  • Type: string
  • Default: “”
  • Importance: high
timezone

Sets the timezone used by the TimeBasedPartitioner.

  • Type: string
  • Default: UTC
  • Importance: high
behavior.on.null.values

How to handle records with null values, e.g Kafka tombstone records. Valid options are ‘ignore’ and ‘fail’. Default is ‘ignore’

  • Type: string
  • Default: ignore
  • Importance: low
locale

Sets the locale to use with TimeBasedPartitioner.

  • Type: string
  • Default: en
  • Importance: high
enhanced.avro.schema.support

When set to true, this property preserves Avro schema package information and Enums when going from Avro schema to Connect schema. This information is added back in when going from Connect schema to Avro schema.

  • Type: boolean
  • Default: true
  • Importance: low
schema.compatibility

The schema compatibility rule to use when the connector is observing schema changes.

  • Type: string
  • Default: NONE
  • Importance: high
value.converter.connect.meta.data

Toggle for enabling/disabling connect converter to add its meta data to the output schema or not.

  • Type: boolean
  • Default: true
  • Importance: medium

Consumer configuration

max.poll.interval.ms

The maximum delay between subsequent consume requests to Kafka. This configuration property may be used to improve the performance of the connector, if the connector cannot send records to the sink system. Defaults to 300000 milliseconds (5 minutes).

  • Type: long
  • Default: 300000 (5 minutes)
  • Valid Values: [60000,…,1800000] for non-dedicated clusters and [60000,…] for dedicated clusters
  • Importance: low
max.poll.records

The maximum number of records to consume from Kafka in a single request. This configuration property may be used to improve the performance of the connector, if the connector cannot send records to the sink system. Defaults to 500 records.

  • Type: long
  • Default: 500
  • Valid Values: [1,…,500] for non-dedicated clusters and [1,…] for dedicated clusters
  • Importance: low

Number of tasks for this connector

tasks.max

Maximum number of tasks for the connector.

  • Type: int
  • Valid Values: [1,…]
  • Importance: high

Next Steps

For an example that shows fully-managed Confluent Cloud connectors in action with Confluent Cloud ksqlDB, see the Cloud ETL Demo. This example also shows how to use Confluent CLI to manage your resources in Confluent Cloud.

../_images/topology.png