Connect Self-Managed Kafka Clients to Confluent Cloud

Connect your clients and applications to Confluent Cloud resources from .NET, Go, and Python applications using Confluent .NET Client for Apache Kafka®, Confluent Golang Client for Kafka, and Confluent Python Client for Kafka. The More examples and demos section below includes links to many more examples using popular clients and tools.

To protect data in motion between Confluent Cloud resources (for example, Kafka clusters, Confluent Cloud Schema Registry, and API endpoints) and your connecting clients and applications, Confluent Cloud supports Transport Layer Security (TLS) encryption, the successor of the now-deprecated Secure Socket Layer (SSL).

For the encryption of your data in motion, Confluent Cloud uses TLS certificates from Let’s Encrypt, an open certificate authority (CA) provided by the nonprofit Internet Security Research Group (ISRG). For details on the Let’s Encrypt hierarchy of certificates, see their Chain of Trust.

Warning

Confluent recommends that you avoid certificate pinning because it can introduce connection failures. Confluent may change certificates or properties of these certificates at any time. So if the certificate you pinned is replaced, then your applications may fail to connect.

If your organization absolutely requires pinning, then pin to the Let’s Encrypt ISRG Root X1 certificate instead of any subordinate certificate. However, be aware that if Confluent switches CA providers, connections to your applications may be impacted.

Confluent Cloud serves the following chain of trust:

  Certificate chain
0 i:/C=US/O=Let's Encrypt/CN=R3
1 i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1

Prerequisites

  • Before connecting a client application to Confluent Cloud, increase the timeout for API version requests from the default value of 10 seconds. You can change this with librdkafka api.version.request.timeout.ms parameter. For more information, see the librdkafka configuration documentation.
  • Specify the location of your client configuration for TLS/SSL (ssl.ca.location) if your operating system and configuration requires it, for example, if your OS does not provide root CA certificates or if the certificates are stored in a non-standard location.
  • For librdkafka-based clients (C/C++, .NET, Python, and Go), to connect to Confluent Cloud, you need Let’s Encrypt TLS certificates installed locally. For RHEL and CentOS, these certificates are not included and must be downloaded.
  • For Java clients, use a Java version of at least 7u151 or 8u141.

Connect a .NET Application to Confluent Cloud

You can configure the Confluent .NET Client for Kafka to connect to a Kafka cluster in Confluent Cloud.

  1. Install the Confluent .NET Client for Apache Kafka.
  2. Customize the .NET Confluent Cloud example for your Confluent Cloud cluster, specifically bootstrap.servers, sasl.username, and sasl.password.
  3. Integrate with your environment.

Connect a Go application to Confluent Cloud

You can configure the Confluent Golang Client for Kafka to connect to a Kafka cluster in Confluent Cloud.

  1. Install the Confluent Golang Client for Apache Kafka.

    Important

    The Confluent Golang Client for Kafka depends on librdkafka, which must be installed separately.

  2. Customize the Golang Confluent Cloud example for your Confluent Cloud cluster, specifically bootstrap.servers, sasl.username, and sasl.password.

  3. Integrate with your environment.

Connect a Python application to Confluent Cloud

You can configure the Confluent Python Client for Kafka to connect to a Kafka cluster in Confluent Cloud.

  1. Install the Confluent Python Client for Apache Kafka.
  2. Customize the Python Confluent Cloud example for your Confluent Cloud cluster, specifically bootstrap.servers, sasl.username, and sasl.password.
  3. Integrate with your environment.

More examples and demos

  • To view a working example of hybrid Kafka clusters from self-hosted to Confluent Cloud, see cp-demo.
  • For example configurations for all Confluent Platform components and clients connecting to Confluent Cloud, see template examples for components.
  • See the collection of client examples for supported programming languages in Code Examples for Apache Kafka.
    • The “Hello, World!” examples produce to and consume from any Kafka cluster, including Confluent Cloud, using client libraries for the following programming languages: C (librdkafka), Clojure, C-sharp/.NET, Go, Groovy, Java, Java Spring Boot, Kotlin, Node.js, Python, Ruby, Rust, and Scala.
    • For the subset of language client libraries that support it, the examples demonstrate how to use Confluent Cloud Schema Registry and Avro.