Connect Clients to Confluent Cloud

Connect your clients and applications to Confluent Cloud resources from .NET, Go, and Python applications using Confluent .NET Client for Apache Kafka®, Confluent Golang Client for Apache Kafka®, and Confluent Python Client for Apache Kafka®. The More examples and demos section below includes links to many more examples using popular clients and tools.

To protect data in motion between Confluent Cloud resources (for example, Kafka clusters, Confluent Cloud Schema Registry, and API endpoints) and your connecting clients and applications, Confluent Cloud supports Transport Layer Security (TLS) encryption, the successor of the now-deprecated Secure Socket Layer (SSL).

For the encryption of your data in motion, Confluent Cloud uses TLS certificates from Let’s Encrypt, an open certificate authority (CA) provided by the nonprofit Internet Security Research Group (ISRG). For details on the Let’s Encrypt hierarchy of certificates, see their Chain of Trust.

Confluent Cloud serves the following chain of trust:

Certificate chain
0 i:/C=US/O=Let's Encrypt/CN=R3
1 i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
2 i:/O=Digital Signature Trust Co./CN=DST Root CA X3

Important

All Confluent Cloud customers have been upgraded with the new ISRG Root X1 certificate.

  • Until September 29, 2021, both the new ISRG Root X1 and the older IdenTrust DST Root CA X3 root certificates are available. After that date, the older IdenTrust DST Root CA X3 will no longer be available. For details, see Let’s Encrypt Transitioning to ISRG’s Root.
  • After September 29, 2021, only the ISRG Root X1 root certificate is required.
  • For clients and applications that use a custom trust store to establish trust, ensure the ISRG Root X1 root certificate is installed in your trust store by September 29, 2021.
  • Confluent Support customers only: Get more details and a link to an example script to automate the update process in Prepare for Confluent Cloud root certificate change.

Prerequisites

  • Before connecting a client application to Confluent Cloud, increase the timeout for API version requests from the default value of 10 seconds. You can change this with librdkafka api.version.request.timeout.ms parameter. For more information, see the librdkafka configuration documentation.
  • Specify the location of your client configuration for SSL (ssl.ca.location) if your operating system and configuration requires it, for example, if your OS does not provide root CA certificates or if the certificates are stored in a non-standard location.
  • For librdkafka-based clients (C/C++, .NET, Python, and Go), to connect to Confluent Cloud, you need Let’s Encrypt TLS certificates installed locally. For RHEL and CentOS, these certificates are not included and must be downloaded.
  • For Java clients, use a Java version of at least 7u151 or 8u141.

Connect a .NET Application to Confluent Cloud

You can configure the Confluent .NET Client for Kafka to connect to a Kafka cluster in Confluent Cloud.

  1. Install the Confluent .NET Client for Apache Kafka.
  2. Customize the .NET Confluent Cloud example for your Confluent Cloud cluster, specifically bootstrap.servers, sasl.username, and sasl.password.
  3. Integrate with your environment.

Connect a Go application to Confluent Cloud

You can configure the Confluent Golang Client for Kafka to connect to a Kafka cluster in Confluent Cloud.

  1. Install the Confluent Golang Client for Apache Kafka.

    Important

    The Confluent Golang Client for Kafka depends on librdkafka, which must be installed separately.

  2. Customize the Golang Confluent Cloud example for your Confluent Cloud cluster, specifically bootstrap.servers, sasl.username, and sasl.password.

  3. Integrate with your environment.

Connect a Python application to Confluent Cloud

You can configure the Confluent Python Client for Kafka to connect to a Kafka cluster in Confluent Cloud.

  1. Install the Confluent Python Client for Apache Kafka.
  2. Customize the Python Confluent Cloud example for your Confluent Cloud cluster, specifically bootstrap.servers, sasl.username, and sasl.password.
  3. Integrate with your environment.

More examples and demos

  • To view a working example of hybrid Apache Kafka® clusters from self-hosted to Confluent Cloud, see cp-demo.
  • For example configurations for all Confluent Platform components and clients connecting to Confluent Cloud, see template examples for components.
  • See the collection of client examples for supported programming languages in Code Examples for Apache Kafka.
    • The “Hello, World!” examples produce to and consume from any Kafka cluster, including Confluent Cloud, using client libraries for the following programming languages: C (librdkafka), Clojure, C-sharp/.NET, Go, Groovy, Java, Java Spring Boot, Kotlin, Node.js, Python, Ruby, Rust, and Scala.
    • For the subset of language client libraries that support it, the examples demonstrate how to use Confluent Cloud Schema Registry and Avro.