How to Use Kafka Connect - Get Started

Kafka Connect is the framework to integrate popular systems, such as databases and cloud services with Apache Kafka®. This guide will help you get started in deploying Connect and leveraging connectors.

Ready to get started?

Deployment considerations

To get started with Kafka Connect, you must have a set of Kafka brokers. The Kafka brokers can be an earlier broker version, or the latest version. For more details, see Cross-Component Compatibility.

In addition to Kafka brokers, there are a few deployment options to consider as well. Understanding and acting on these deployment options ensures your Kafka Connect deployment will scale and support the long-term needs of your data pipeline.

Confluent Schema Registry

Although Schema Registry is an optional service for Kafka Connect, it enables you to easily use Avro, Protobuf, and JSON Schema as common data formats for the Kafka records that connectors read from and write to. This keeps the need to write custom code at a minimum and standardizes your data in a flexible format. You also get the added benefit of schema evolution and enforced compatibility rules. For more information, see Using Kafka Connect with Schema Registry and Configuring key and value converters.

Standalone and distributed mode

Connectors and tasks are logical units of work that run as a process. The process is called a worker in Kafka Connect. There are two modes for running workers:

  • Standalone mode: Useful for development and testing Kafka Connect on a local machine. It can also be used for environments that typically use single agents (for example, sending web server logs to Kafka).

  • Distributed mode: Distributed mode is recommended for production environments because of scalability, high availability, and management benefits. It runs Connect workers on multiple machines (nodes), which form a Connect cluster. Kafka Connect distributes running connectors across the cluster. You can add or remove nodes as your needs evolve.

    This mode is also more fault tolerant. For example, if a node unexpectedly leaves the cluster, Kafka Connect distributes the work of that node to other nodes in the cluster. And, because Kafka Connect stores connector configurations, status, and offset information inside the Kafka cluster where it is safely replicated, losing the node where a Connect worker runs does not result in any loss of data.

Try to identify which mode works best for your environment before getting started. For more information about the different deployment modes for Kafka Connect workers check out this video.

Operating environment

Connect workers operate well in containers and managed environments, such as Kubernetes, Apache Mesos, Docker Swarm, or Yarn. The distributed worker stores all states in Kafka making it easier to manage a cluster. And, by design, Kafka Connect does not handle restarting or scaling workers. This means your existing cluster management solution can continue to be used transparently. Note that the standalone worker state is stored on the local file system.

For more information about using Docker, see Install using Docker. For details about deploying and managing Confluent Platform in a Kubernetes environment, see Confluent for Kubernetes .

Kafka Connect workers are JVM processes that can run on shared machines with sufficient resources. Hardware requirements for Connect workers are similar to that of standard Java producers and consumers. Resource requirements mainly depend on the types of connectors operated by the workers. More memory is required for environments where large messages are sent and where a large numbers of messages get buffered before being written in aggregate form to an external system. Using compression continuously requires a more powerful CPU.

If you have multiple workers running concurrently on a single machine, ensure you know the resource limits (CPU and memory). Start with the default heap size setting and monitor internal metrics and the system. Verify the CPU, memory, and network (10 GbE or greater) are sufficient for the load.

Install a Connect plugin

Kafka Connect is designed to be extensible so developers can create custom connectors, transforms, and converters, and users can install and run them. This section will help you with installing Connect plugins.

Define a plugin

A Kafka Connect plugin is a set of JAR files containing the implementation of one or more connectors, transforms, or converters. Connect isolates each plugin from one another so libraries in one plugin are not affected by the libraries in any other plugins. This is very important when mixing and matching connectors from multiple providers.

Caution

It’s common to have many plugins installed in a Connect deployment. Ensure you have only one version of each plugin installed.

A Kafka Connect plugin can be any one of the following:

  • A directory on the file system that contains all required JAR files and third-party dependencies for the plugin. This is most common and is preferred.
  • A single uber JAR containing all the class files for a plugin and its third-party dependencies.

A Kafka Connect plugin should never contain any libraries provided by the Kafka Connect runtime. Kafka Connect finds the plugins using a plugin path defined as a comma-separated list of directory paths in the plugin.path worker configuration property. The following shows an example plugin.path worker configuration property:

plugin.path=/usr/local/share/kafka/plugins

Install a plugin

To install a plugin, you must place the plugin directory or uber JAR (or a symbolic link that resolves to one of these) in a directory already listed in the plugin path. Or, you can update the plugin path by adding the absolute path of the directory containing the plugin. Using the previous plugin path example, you would create a /usr/local/share/kafka/plugins directory on each machine running Connect and then place the plugin directories (or uber JARs) there.

When you start your Connect workers, each worker discovers all connectors, transforms, and converter plugins found inside the directories on the plugin path. When you use a connector, transform, or converter, the Connect worker loads the classes from the respective plugin first, followed by the Kafka Connect runtime and Java libraries. Connect explicitly avoids all of the libraries in other plugins. This prevents conflicts and makes it very easy to add and use connectors and transforms developed by different providers.

To find the components that fit your needs, check out the Confluent Hub page–it has an ecosystem of connectors, transforms, and converters. To install a connector using the Confluent CLI, see the confluent connect plugin install command. For a full list of supported connectors, see Supported Connectors.

Earlier versions of Kafka Connect required a different approach to installing connectors, transforms, and converters. All the scripts for running Connect recognized the CLASSPATH environment variable. You would export this variable to define the list of paths to the connector JAR files. The following example shows an older CLASSPATH export variable mechanism:

export CLASSPATH=/path/to/my/connectors/*
bin/connect-standalone standalone.properties new-custom-connector.properties

Confluent does not recommend exporting CLASSPATH environment variable as using this method to create a path to plugins can result in library conflicts that can cause Kafka Connect and connectors to fail. Use the plugin.path configuration property which properly isolates each plugin from other plugins and libraries.

Note

As described in Installing Connect Plugins, connector plugin JAR files are placed in the plugin path (Connect worker property: plugin.path). However, a few connectors may require that you additionally export the CLASSPATH to the plugin JAR files when starting the connector (export CLASSPATH=<path-to-jar-files>). While not recommended, CLASSPATH is required for these connectors because Kafka Connect uses classloading isolation to distinguish between system classes and regular classes, and some plugins load system classes (for example, javax.naming and others in the package javax). An example error message showing this issue is provided below. If you see an error that resembles the example below, in addition to adding the plugin path, you must also export CLASSPATH=<path-to-jar-files> when starting the connector.

Caused by: javax.naming.NoInitialContextException:
Cannot instantiate class: com.tibco.tibjms.naming.TibjmsInitialContextFactory
[Root exception is java.lang.ClassNotFoundException: com.tibco.tibjms.naming.TibjmsInitialContextFactory]

Tip

By default, connectors inherit the partitioner used for the Kafka topic. You can create a custom partitioner for a connector which you must place in the connector’s /lib folder.

You can also put partitioners in a common location of choice. If you choose this option, you must add a symlink to the location from each connector’s /lib folder. For example, you would place a custom partitioner in the path share/confluent-hub-components/partitioners and then add the symlink share/confluent-hub-components/kafka-connect-s3/lib/partitioners -> ../../partitioners.

Configure and run workers

The following sections provide information about running workers in standalone mode and distributed mode. For a list of worker configuration properties, see Kafka Connect Worker Configuration Properties.

This video explains the different deployment modes for Kafka Connect workers.

Standalone mode

Standalone mode is typically used for development and testing, or for lightweight, single-agent environments-for example, sending web server logs to Kafka. The following example shows a command that launches a worker in standalone mode:

bin/connect-standalone worker.properties connector1.properties [connector2.properties connector3.properties ...]

The first parameter (worker.properties) is the worker configuration properties file. Note that worker.properties is an example file name. You can use any valid file name for your worker configuration file. This file gives you control over settings such as the Kafka cluster to use and serialization format. For an example configuration file that uses Avro and Schema Registry in a standalone mode, open the file located at etc/schema-registry/connect-avro-standalone.properties. You can copy and modify this file for use as your standalone worker properties file.

The second parameter (connector1.properties) is the connector configuration properties file. All connectors have configuration properties that are loaded with the worker. As shown in the example, you can launch multiple connectors using this command.

If you run multiple standalone workers on the same host machine, the following two configuration properties must be unique for each worker:

  • offset.storage.file.filename: The storage file name for connector offsets. This file is stored on the local filesystem in standalone mode. Using the same file name for two workers will cause offset data to be deleted or overwritten with different values.

  • listeners: A list of URIs the REST API will listen on in the format protocol://host:port,protocol2://host2:port–the protocol is either HTTP or HTTPS. You can specify hostname as 0.0.0.0 to bind to all interfaces or leave hostname empty to bind to the default interface.

    Note

    You update the etc/schema-registry/connect-avro-standalone.properties file if you need to apply a change to Connect when starting Confluent Platform services using the Confluent CLI.

Distributed mode

Distributed mode does not have any additional command-line parameters other than loading the worker configuration file. New workers will either start a new group or join an existing one with a matching group.id. Workers then coordinate with the consumer groups to distribute the work to be done.

The following shows an example command that launches a worker in distributed mode:

bin/connect-distributed worker.properties

For an example distributed mode configuration file that uses Avro and Schema Registry, open etc/schema-registry/connect-avro-distributed.properties. You can make a copy of this file, modify it, use it as the new worker.properties file. Note that worker.properties is an example file name. You can use any valid file name for your properties file.

In standalone mode, connector configuration property files are added as command-line parameters. However, in distributed mode, connectors are deployed and managed using a REST API request. To create connectors, you start the worker and then make a REST request to create the connector. REST request examples are provided in many supported connector documents. For instance, see the Azure Blob Storage Source connector REST-based example for one example.

Note that if you run many distributed workers on one host machine for development and testing, the listeners configuration property must be unique for each worker. This is the port the REST interface listens on for HTTP requests.

Note

You update the etc/schema-registry/connect-avro-distributed.properties file if you need to apply a change to Connect when starting Confluent Platform services using the Confluent CLI.

Connect internal topics

Connect stores connector and task configurations, offsets, and status in several Kafka topics. These are referred to as Kafka Connect internal topics. It is important that these internal topics have a high replication factor, a compaction cleanup policy, and an appropriate number of partitions.

Kafka Connect can create the internal topics when it starts up, using the Connect worker configuration properties to specify the topic names, replication factor, and number of partitions for these topics. Connect verifies that the properties meet the requirements and creates all topics with compaction cleanup policy.

Distributed workers that are configured with matching group.id values discover each other and form a Kafka Connect cluster. All workers in the cluster use the same three internal topics to share connector configurations, offset data, and status updates. For this reason, all distributed worker configurations in the same Connect cluster must have matching config.storage.topic, offset.storage.topic, and status.storage.topic properties.

In addition to the three required internal topic names, the distributed worker configuration should have identical values for the following listed properties. This ensures that any worker in the cluster will create missing internal topics with the desired property values. Note that these configuration properties have practical default values.

  • config.storage.replication.factor
  • offset.storage.replication.factor
  • offset.storage.partitions
  • status.storage.replication.factor
  • status.storage.partitions

Note

Starting with Confluent Platform version 6.0, Kafka Connect can create internal topics using the Kafka broker’s default.replication.factor and num.partitions values. For more information, see Use Kafka broker default topic settings.

As each distributed worker starts up, it uses the internal Kafka topics if they already exist. If not, the worker tries to create the topics using the worker configuration properties. This gives you the option of manually creating the topics before starting Kafka Connect, if you require topic-specific settings or when Kafka Connect does not have the necessary privileges to create the topics. If you do create the topics manually, follow the guidelines provided in the list of configuration properties.

If you want to create a distributed worker that is independent of an existing Connect cluster, you must create new worker configuration properties. The following configuration properties must be different from the worker configurations used in an existing cluster:

  • group.id
  • config.storage.topic
  • offset.storage.topic
  • status.storage.topic

It is important to note that Connect clusters cannot share group IDs or internal topics. Simply changing a group.id will not create a new worker separate from an existing Connect cluster. The new group.id must also have unique internal topics associated with it. This requires setting unique config.storage.topic, offset.storage.topic, and status.storage.topic configuration properties for the new group.id.

You also must use different connector names than those used in the existing Connect cluster since a consumer group is created based on the connector name. Each connector in a Connect cluster shares the same consumer group.

Use Kafka broker default topic settings

The Connect worker can create internal topics using Kafka broker defaults for the replication factor and number of partitions. To use the Kafka broker defaults for the replication factor and number of partitions, use -1 in the worker configuration properties for the internal topics. The following is an example snippet:

# Use the broker default properties
config.storage.replication.factor=-1
offset.storage.replication.factor=-1
status.storage.replication.factor=-1
offset.storage.partitions=-1
status.storage.partitions=-1

The config.storage internal topic must always have exactly one partition. This is why there is no option to use the Kafka broker default for config.storage.

Override topic-specific properties

You can override topic properties that are valid for the version of the Kafka broker where the internal topics will be created. The following example shows how you should enter these properties in the worker configuration:

config.storage.<topic-specific-property>
offset.storage.<topic-specific-property>
status.storage.<topic-specific-property>

The following example shows using the Kafka broker default property for replication factor and overriding the default minimum In-Sync Replicas (min.insync.replicas) property (1 is the Kafka broker default):

# Use the broker default properties
config.storage.replication.factor=-1
offset.storage.replication.factor=-1
status.storage.replication.factor=-1
# Override the broker default properties
config.storage.min.insync.replicas=3
offset.storage.min.insync.replicas=3
status.storage.min.insync.replicas=3

If the topic property is not valid for the Kafka broker version, the Connect worker will fail upon startup.

Manually create internal topics

Allowing Kafka Connect to create these internal topics is recommended. However, you may want to manually create the topics. The following examples illustrate when you would manually create these topics:

  • For security purposes, the broker may be configured to not allow clients like Connect to create Kafka topics.
  • You may require other advanced topic-specific settings that are not set by Connect or that are different than the auto-created settings.

The following example commands show how to manually create compacted and replicated Kafka topics before starting Connect. Ensure you adhere to the distributed worker guidelines when entering parameters.

# config.storage.topic=connect-configs
bin/kafka-topics --create --bootstrap-server localhost:9092 --topic connect-configs --replication-factor 3 --partitions 1 --config cleanup.policy=compact
# offset.storage.topic=connect-offsets
bin/kafka-topics --create --bootstrap-server localhost:9092 --topic connect-offsets --replication-factor 3 --partitions 50 --config cleanup.policy=compact
# status.storage.topic=connect-status
bin/kafka-topics --create --bootstrap-server localhost:9092 --topic connect-status --replication-factor 3 --partitions 10 --config cleanup.policy=compact

All workers in a Connect cluster use the same internal topics. Workers in a different cluster must use different internal topics. For more details, see Distributed Worker Configuration.

Worker configuration properties file

Regardless of the mode used, Kafka Connect workers are configured by passing a worker configuration properties file as the first parameter. For example:

bin/connect-distributed worker.properties

Sample worker configuration properties files are included with Confluent Platform to help you get started. The following list shows the location for Avro sample files:

  • etc/schema-registry/connect-avro-distributed.properties
  • etc/schema-registry/connect-avro-standalone.properties

Use one of these files as a starting point. These files contain the necessary configuration properties to use the Avro converters that integrate with Schema Registry. They are configured to work well with Kafka and Schema Registry services running locally. They do not require running more than a single broker, making it easy for you to test Kafka Connect locally.

The example configuration files can also be modified for production deployments by using the correct hostnames for Kafka and Schema Registry and acceptable (or default) values for the internal topic replication factor.

For a list of worker configuration properties, see Kafka Connect Worker Configuration Properties.

Configuring key and value converters

The following list shows the converters packaged with the Confluent Platform:

  • AvroConverter io.confluent.connect.avro.AvroConverter: use with Schema Registry
  • ProtobufConverter io.confluent.connect.protobuf.ProtobufConverter: use with Schema Registry
  • JsonSchemaConverter io.confluent.connect.json.JsonSchemaConverter: use with Schema Registry
  • JsonConverter org.apache.kafka.connect.json.JsonConverter (without Schema Registry): use with structured data
  • StringConverter org.apache.kafka.connect.storage.StringConverter: simple string format
  • ByteArrayConverter org.apache.kafka.connect.converters.ByteArrayConverter: provides a “pass-through” option that does no conversion

The Kafka Connect 101 course explains converters in detail.

The key.converter and value.converter properties are where you specify the type of converter to use. Default converters for all connectors are specified in the worker configuration. However, any connector can override the default converters by completely defining a key, value, and header converter. Confluent recommends you define the default key, value, and header converters that most connectors can use in the worker, and then define them in a connector’s configuration if that connector requires different converters. The default header.converter defined in the worker serializes header values as strings using the StringConverter and deserializes header values to the most appropriate numeric, boolean, array, or map representation. Schemas are not serialized but are inferred upon deserialization when possible.

It is important to note that converter configuration properties in the worker configuration are used by all connectors running on the worker, unless a converter is added to a connector configuration.

If a converter is added to a connector configuration, all converter properties in the worker configuration prefixed with the converter type added (key.converter.* and/or value.converter.*) are not used. Be careful when adding converters to a connector configuration. For example, if the following value converter properties are present in the worker configuration:

value.converter=io.confluent.connect.avro.AvroConverter
value.converter.schema.registry.url=http://localhost:8081

And, you add the following properties to your connector configuration:

{
 "value.converter": "AvroConverter",
 "value.converter.basic.auth.credentials.source": "USER_INFO",
 "value.converter.basic.auth.user.info": "<username>:<password>"
}

An error will occur when the connector is started because the required Schema Registry URL property value.converter.schema.registry.url=http://localhost:8081 is not provided to the converter.

The following sections provide converter descriptions and examples. For details about how these converters work in Schema Registry, see Using Kafka Connect with Schema Registry.

Avro

To use the AvroConverter with Schema Registry, you specify the key.converter and value.converter properties in the worker configuration. You must also add a converter property that provides the Schema Registry URL. The following example shows the AvroConverter key and value properties that are added to the configuration:

key.converter=io.confluent.connect.avro.AvroConverter
key.converter.schema.registry.url=http://localhost:8081
value.converter=io.confluent.connect.avro.AvroConverter
value.converter.schema.registry.url=http://localhost:8081

The Avro key and value converters can be used independently from each other. For example, you may want to use a StringConverter for keys and the AvroConverter or JsonConverter for values. Independent key and value properties are shown in the following example:

key.converter=org.apache.kafka.connect.storage.StringConverter
value.converter=io.confluent.connect.avro.AvroConverter
value.converter.schema.registry.url=http://localhost:8081

JSON Schema and Protobuf

Both JSON Schema and Protobuf converters are implemented in the same way as the Avro converter. The following examples show a couple of configuration examples using the ProtobufConverter or JsonSchemaConverter for the value converter and using StringConverter for the key:

key.converter=org.apache.kafka.connect.storage.StringConverter
value.converter=io.confluent.connect.protobuf.ProtobufConverter
value.converter.schema.registry.url=http://localhost:8081
key.converter=org.apache.kafka.connect.storage.StringConverter
value.converter=io.confluent.connect.json.JsonSchemaConverter
value.converter.schema.registry.url=http://localhost:8081

Both Avro and JSON Schema express their schemas as JSON and are lenient if unrecognized properties are encountered. This allows the converter to use custom JSON properties to capture any Kafka Connect schema objects with no equivalent in Avro or JSON Schema.

However, Protobuf has its own Interface Definition Language (IDL) which differs from JSON and does not allow for custom ad-hoc properties. For this reason, the conversion from the Kafka Connect schema to Protobuf may cause data loss or inconsistencies if there is no direct equivalent in Protobuf.

For example, the Kafka Connect schema supports int8, int16, and int32 data types. Protobuf supports int32 and int64. When Connect data is converted to Protobuf, int8 and int16 fields are mapped to int32 or int64 with no indication that the source was int8 or int16.

With JSON Schema, only number and integer type fields are supported. However, the JSON Schema converter (JsonSchemaConverter) will store data with no JSON Schema equivalent in a property named connect.type. This property is ignored by the JSON Schema parser, so fields can be restored to the proper type by downstream components.

For full encoding details, see JSON encoding for Avro and JSON encoding for Protobuf. Additionally, JSON Schema supports three means of combining schemas: allOf, anyOf, and oneOf. However, the JSON Schema converter only supports oneOf, treating it similarly to how the Avro converter handles unions and how the Protobuf converter handles oneOf.

Note that if you’re configuring Avro, Protobuf, or JSON Schema converters in an environment configured for Role-Based Access Control (RBAC), see key and value converters with RBAC. For details about how converters work with Schema Registry, see Using Kafka Connect with Schema Registry.

The following converters are not used with Schema Registry.

JSON (without Schema Registry)

If you need to use JSON without Schema Registry for Connect data, you can use the JsonConverter supported with Kafka. The following example shows the JsonConverter key and value properties that are added to the configuration:

key.converter=org.apache.kafka.connect.json.JsonConverter
value.converter=org.apache.kafka.connect.json.JsonConverter
key.converter.schemas.enable=false
value.converter.schemas.enable=false

When the properties key.converter.schemas.enable and value.converter.schemas.enable are set to true, the key or value is not treated as plain JSON, but rather as a composite JSON object containing both an internal schema and the data. When these are enabled for a source connector, both the schema and data are in the composite JSON object. When these are enabled for a sink connector, the schema and data are extracted from the composite JSON object. Note that this implementation never uses Schema Registry.

When the properties key.converter.schemas.enable and value.converter.schemas.enable are set to false (the default), only the data is passed along, without the schema. This reduces the payload overhead for applications that do not need a schema.

String format and raw bytes

org.apache.kafka.connect.storage.StringConverter is used to convert the internal Connect format to simple string format. When converting Connect data to bytes, the schema is ignored and data is converted to a simple string. When converting from bytes to Connect data format, the converter returns an optional string schema and a string (or null).

org.apache.kafka.connect.converters.ByteArrayConverter does not convert data. Bytes are passed through the connector directly with no conversion.

For a deep dive into converters, see: Converters and Serialization Explained.

Connect producers and consumers

Internally, Kafka Connect uses standard Java producers and consumers to communicate with Kafka. Connect configures default settings for these producer and consumer instances. These settings include properties that ensure data is delivered to Kafka in order and without any data loss.

Default Connect producer properties

By default, Connect configures the Kafka producers for source connectors with the following properties:

  • Points the producer’s bootstrap servers to the same Kafka cluster used by the Connect cluster.
  • Configures key and value serializers that work with the connector’s key and value converters.
  • Generates a producer client.id based on the connector and task, using the pattern connector-producer-<connectorName>-<taskId>.
  • Sets acks=all to ensure each message produced is properly written to all in-sync replicas (ISRs).
  • For retryable exceptions, Connect configures the producer with the following properties to reduce the potential for data duplication during infinite retries:
    • request.timeout.ms=<max>
    • max.block.ms=<max>
    • max.in.flight.requests.per.connection=1
    • delivery.timeout.ms=<max>

You can override the defaults by using the producer.* properties in the worker configuration, or by using the producer.override.* properties in connector configurations, but changing these default properties may compromise the delivery guarantees of Connect.

Producer and consumer overrides

You may need to override default settings, other than those described in the previous section. The following two examples show when this might be required.

Worker override example

Consider a standalone process that runs a log file connector. For the logs being collected, you might prefer low-latency, best-effort delivery. That is, when there are connectivity issues, minimal data loss may be acceptable for your application in order to avoid data buffering on the client. This keeps log collection as lightweight as possible.

To override producer configuration properties and consumer configuration properties for all connectors controlled by the worker, you prefix worker configuration properties with producer. or consumer. as shown in the following example:

producer.retries=1
consumer.max.partition.fetch.bytes=10485760

The previous example overrides the default producer retries property to retry sending messages only one time. The consumer override increases the default amount of data fetched from a partition per request to 10 MB. These configuration changes are applied to all connectors controlled by the worker. Be careful making any changes to these settings when running distributed mode workers.

Per-connector override example

By default, the producers and consumers used for connectors are created using the same properties that Connect uses for its own internal topics. This means that the same Kafka principal must be able to read and write to all the internal topics and all of the topics used by the connectors.

You may want the producers and consumers used for connectors to use a different Kafka principal. It is possible for connector configurations to override worker properties used to create producers and consumers. These are prefixed with producer.override. and consumer.override.. For more information about per-connector overrides, see Override the Worker Configuration.

For detailed information about producers and consumers, see Kafka Producer and Kafka Consumer. For a list of configuration properties, see producer configuration properties and consumer configuration properties.

Configuring auto topic creation for source connectors

Beginning with Confluent Platform version 6.0, Kafka Connect can create topics for source connectors if the topics do not exist on the Apache Kafka® broker. To use auto topic creation for source connectors, you must set the Connect worker property to true for all workers in the Connect cluster. In addition, you must create supporting properties in each source connector configuration.

Important

  • This feature does not affect sink connectors or their configuration. Any topic creation properties you add to sink connectors will be ignored and will produce a warning in the log.
  • If you do not want the source connector to create topics that are missing, you must disabled the feature by setting topic.creation.enable=false in the Connect worker.

Worker property

The following worker property enables or disables auto topic creation for source connectors.

topic.creation.enable

Defaults to true. This feature is enabled only for source connector configurations that have the supporting Source connector properties.

  • Type: boolean
  • Default: true
  • Importance: low

Source connector properties

Several source connector properties are associated with the worker property topic.creation.enable. These properties set the default replication factor, number of partitions, and other topic-specific settings to be used by Kafka Connect to create a topic if it does not exist. None of the properties have default values.

The following source connector configuration properties are required:

  • topic.creation.$alias.replication.factor
  • topic.creation.$alias.partitions

The auto topic creation feature is enabled for the source connector only when the feature is enabled in the worker configuration and when the source connector configuration specifies the required replication factor and number of partitions for one group. Users may choose to use the default values specified in the Kafka broker by setting topic.creation.$alias.replication.factor or topic.creation.$alias.partitions to -1.

You can define more connector properties using configuration property groups. Configuration property groups are added using the property topic.creation.groups. The hierarchy of groups is built on top of a single foundational group called the default configuration property group. The default group always exists and does not need to be listed in the topic.creation.groups property in the connector configuration. Including default in topic.creation.groups results in a warning.

The following source connector configuration properties are used in association with the topic.creation.enable=true worker property. For example properties, see Configuration examples.

Configuration properties accept regular expressions (regex) that are defined as Java regex.

topic.creation.groups

A list of group aliases that are used to define per-group topic configurations for matching topics. A default group always exists and matches all topics.

  • Type: List of String types
  • Default: empty
  • Possible Values: The values of this property refer to any additional groups. A default group is always defined for topic configurations.
topic.creation.$alias.replication.factor

The replication factor for new topics created by the connector. This value must not be larger than the number of brokers in the Kafka cluster. If this value is larger than the number of Kafka brokers, an error occurs when the connector attempts to create a topic. This is a required property for the default group. This property is optional for any other group defined in topic.creation.groups. Other groups use the Kafka broker default value.

  • Type: int
  • Default: n/a
  • Possible Values: >= 1 for a specific valid value or -1 to use the Kafka broker’s default value.
topic.creation.$alias.partitions

The number of topic partitions created by this connector. This is a required property for the default group. This property is optional for any other group defined in topic.creation.groups. Other groups use the Kafka broker default value.

  • Type: int
  • Default: n/a
  • Possible Values: >= 1 for a specific valid value or -1 to use the Kafka broker’s default value.
topic.creation.$alias.include

A list of strings that represent regular expressions that match topic names. This list is used to include topics with matching values, and apply this group’s specific configuration to the matching topics. $alias applies to any group defined in topic.creation.groups. This property does not apply to the default group.

  • Type: List of String types
  • Default: empty
  • Possible Values: Comma-separated list of exact topic names or regular expressions.
topic.creation.$alias.exclude

A list of strings representing regular expressions that match topic names. This list is used to exclude topics with matching values from getting the group’s specfic configuration. $alias applies to any group defined in topic.creation.groups. This property does not apply to the default group. Note that exclusion rules override any inclusion rules for topics.

  • Type: List of String types
  • Default: empty
  • Possible Values: Comma-separated list of exact topic names or regular expressions.
topic.creation.$alias.${kafkaTopicSpecificConfigName}

Any of the Changing Broker Configurations Dynamically for the version of the Kafka broker where the records will be written. The broker’s topic-level configuration value is used if the configuration is not specified for the rule. $alias applies to the default group as well as any group defined in topic.creation.groups.

  • Type: property values
  • Default: Kafka broker value

Configuration examples

The following example configuration snippets show how the source connector configuration properties are entered when topic.creation.enable is enabled in the Connect worker configuration.

Example 1

All new topics created by Connect have a replication factor of 3 and 5 partitions. default is the only group, so config topic.creation.groups is not used.

...omitted

topic.creation.default.replication.factor=3
topic.creation.default.partitions=5

...omitted

Example 2

New topics created by Connect have replication factor of 3 and 5 partitions. The exception to this configuration setting are topics that match the inclusion list of the inorder group, which have one partition.

...omitted

topic.creation.groups=inorder
topic.creation.default.replication.factor=3
topic.creation.default.partitions=5

topic.creation.inorder.include=status, orders.*
topic.creation.inorder.partitions=1

...omitted

Example 3

New topics created by Connect have replication factor of 3 and 5 partitions. The key_value_topic and another.compacted.topic topics that begin with the prefix configurations are compacted and have a replication factor of 5 and one partition.

...omitted

topic.creation.groups=compacted
topic.creation.default.replication.factor=3
topic.creation.default.partitions=5

topic.creation.compacted.include=key_value_topic, another.compacted.topic, configurations.*
topic.creation.compacted.replication.factor=5
topic.creation.compacted.partitions=1
topic.creation.compacted.cleanup.policy=compact

...omitted

Example 4

New topics created by Connect have replication factor of 3 and 5 partitions. Topics that begin with the prefix configurations are compacted. Topics that match the includes list of highly_parallel and don’t match its exclusion list have a replication factor of 1 and one partition.

...omitted

topic.creation.groups=compacted, highly_parallel
topic.creation.default.replication.factor=3
topic.creation.default.partitions=5

topic.creation.highly_parallel.include=hpc.*,parallel.*
topic.creation.highly_parallel.exclude=.*internal, .*metadata, .*config.*
topic.creation.highly_parallel.replication.factor=1
topic.creation.highly_parallel.partitions=100

topic.creation.compacted.include=configurations.*
topic.creation.compacted.cleanup.policy=compact

...omitted

Security configuration examples

When security is configured, the Connect worker should have a principal configured to DESCRIBE and CREATE topics, which is inherited by all connectors in the worker. If different security settings are required from what the Connect worker configuration provides, you can add producer.override properties to the source connector configuration to provide the security credentials, as shown in the following examples:

...omitted

producer.override.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
    username="alice" \
    password="alice-secret";

...omitted
...omitted

producer.override.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
    username="alice" \
    password="alice-secret";

admin.override.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
    username="bob" \
    password="bob-secret";

...omitted

An error is logged and the task fails if topic.creation.enable=true is configured, and neither the worker properties nor the connector overrides allow for creation of new topics.

Connect reporter

The Kafka Connect Reporter submits the result of a sink operation to a reporter topic. After successfully sinking a record or following an error condition, the Connect Reporter is called to submit the result report. The report is constructed to include details about how the original record was handled along with additional information about the sink event. These records are written to configurable success and error topics for further consumption. The following is an example of the basic Connect Reporter configuration properties added to a sink connector configuration:

reporter.bootstrap.servers=localhost:9092
reporter.result.topic.name=success-responses
reporter.result.topic.replication.factor=1
reporter.error.topic.name=error-responses
reporter.error.topic.replication.factor=1

To completely disable Connect Reporter, see Disabling Connect reporter.

If you have a secure environment, you use configuration blocks for both an Admin Client and Producer. A Producer is constructed to send records to the reporter topic. The Admin Client creates the topic. Credentials need to be added in a secure environment. Example Admin and Producer properties are shown below:

reporter.admin.bootstrap.servers=localhost:9092
reporter.admin.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule \
required username="<username>" password="<password>";
reporter.admin.security.protocol=SASL_SSL
reporter.admin.sasl.mechanism=PLAIN

reporter.producer.bootstrap.servers=localhost:9092
reporter.producer.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule \
required username="<username>" password="<password>";
reporter.producer.security.protocol=SASL_SSL
reporter.producer.sasl.mechanism=PLAIN

Additional Reporter configuration property examples are provided in each applicable Kafka Connect sink connector document. For an example, see the Reporter properties in the HTTP Sink connecter.

Reporter and Kerberos security

The following configuration example shows a sink connector with all the necessary configuration properties for Reporter and Kerberos security. This example shows the Prometheus Metrics Sink Connector for Confluent Platform, but can be modified for any applicable sink connector.

{

  "name" : "prometheus-connector",
  "config" : {
    "topics":"prediction-metrics",
    "connector.class" : "io.confluent.connect.prometheus.PrometheusMetricsSinkConnector",
    "tasks.max" : "1",
    "confluent.topic.bootstrap.servers":"localhost:9092",
    "confluent.topic.ssl.truststore.location":"/etc/pki/hadoop/kafkalab.jks",
    "confluent.topic.ssl.truststore.password":"xxxx",
    "confluent.topic.ssl.keystore.location":"/etc/pki/hadoop/kafkalab.jks",
    "confluent.topic.ssl.keystore.password":"xxxx",
    "confluent.topic.ssl.key.password":"xxxx",
    "confluent.topic.security.protocol":"SASL_SSL",
    "confluent.topic.replication.factor": "3",
    "confluent.topic.sasl.kerberos.service.name":"kafka",
    "confluent.topic.sasl.jaas.config":"com.sun.security.auth.module.Krb5LoginModule required \nuseKeyTab=true \nstoreKey=true \nkeyTab=\"/etc/security/keytabs/svc.kfkconnect.lab.keytab\" \nprincipal=\"svc.kfkconnect.lab@DS.DTVENG.NET\";",
    "prometheus.scrape.url": "http://localhost:8889/metrics",
    "value.converter": "org.apache.kafka.connect.json.JsonConverter",
    "value.converter.schemas.enable": "false",
    "behavior.on.error": "LOG",
    "reporter.result.topic.replication.factor": "3",
    "reporter.error.topic.replication.factor": "3",
    "reporter.bootstrap.servers":"localhost:9092",
    "reporter.producer.ssl.truststore.location":"/etc/pki/hadoop/kafkalab.jks",
    "reporter.producer.ssl.truststore.password":"xxxx",
    "reporter.producer.ssl.keystore.location":"/etc/pki/hadoop/kafkalab.jks",
    "reporter.producer.ssl.keystore.password":"xxxx",
    "reporter.producer.ssl.key.password":"xxxx",
    "reporter.producer.security.protocol":"SASL_SSL",
    "reporter.producer.sasl.kerberos.service.name":"kafka",
    "reporter.producer.sasl.jaas.config":"com.sun.security.auth.module.Krb5LoginModule required \nuseKeyTab=true \nstoreKey=true \nkeyTab=\"/etc/security/keytabs/svc.kfkconnect.lab.keytab\" \nprincipal=\"svc.kfkconnect.lab@DS.DTVENG.NET\";",
    "reporter.admin.ssl.truststore.location":"/etc/pki/hadoop/kafkalab.jks",
    "reporter.admin.ssl.truststore.password":"xxxx",
    "reporter.admin.ssl.keystore.location":"/etc/pki/hadoop/kafkalab.jks",
    "reporter.admin.ssl.keystore.password":"xxxx",
    "reporter.admin.ssl.key.password":"xxxx",
    "reporter.admin.security.protocol":"SASL_SSL",
    "reporter.admin.sasl.kerberos.service.name":"kafka",
    "reporter.admin.sasl.jaas.config":"com.sun.security.auth.module.Krb5LoginModule required \nuseKeyTab=true \nstoreKey=true \nkeyTab=\"/etc/security/keytabs/svc.kfkconnect.lab.keytab\" \nprincipal=\"svc.kfkconnect.lab@DS.DTVENG.NET\";",
    "confluent.license":"eyJ0eXAiOiJK ...omitted"

  }

Disabling Connect reporter

To disable Connect Reporter, set the reporter.error.topic.name and reporter.result.topic.name configuration properties to empty strings.

Metrics reporter metadata

With the release of Confluent Platform 6.0, a configuration prefix is available for Kafka Connect that allows connectors to pass metrics context metadata to embedded metrics client libraries. The Connect worker passes the context configuration to all instantiated connectors. The following provides information on these worker configuration properties:

metrics.context.<key>=<value>

The configured key/value pairs are passed by the connectors in the Connect worker to the configured Confluent Metrics Reporter using the MetricsContext interface. For example, configuring a Connect worker with metrics.context.foo.bar=baz adds the field foo.bar mapped to the value baz in the MetricsContext metadata metrics reporter.

Connect workers can pass the following fields to MetricsContext:

  • connect.kafka.cluster.id to indicate the backing Apache Kafka® cluster.
  • connect.group.id to indicate the group ID used for Connect worker coordination. connect.group.id is only valid for distributed mode. For more information, see Connect internal topics.

ConfigProvider interface

The ConfigProvider class interface allows you to use variables in your worker configuration that are dynamically resolved upon startup. It also allows you to use variables in your connector configurations that are dynamically resolved when the connector is (re)started. You can use variables within configuration property values in place of secrets, or in place of any information that should be resolved dynamically at runtime.

Note

Connector configurations are persisted and shared over the Connect REST API with the variables. Only when the connector starts does it transiently resolve and replace variables in-memory. Secrets are never persisted in connector configs, logs, or in REST API requests and responses.

The Connect worker relies upon the named ConfigProviders defined in the worker configuration to resolve the variables. Each variable specifies the name of the ConfigProvider that should be used, and the information the ConfigProvider uses to resolve the variable into a replacement string.

All ConfigProvider implementations are discovered using the standard Java ServiceLoader mechanism. To create a custom implementation of ConfigProvider, implement the ConfigProvider interface. Package the implementation class(es) and a file named META-INF/services/org.apache.kafka.common.config.provider.ConfigProvider containing the fully qualified name of the ConfigProvider implementation class into a JAR file. Note that the JAR file can use third-party libraries other than those provided by the Connect framework, but they must be installed with the JAR file as described below.

To install the custom implementation, add a new subdirectory containing the JAR files to the directory that is in Connect’s plugin.path and (re)start the Connect workers.

To implement a custom ConfigProvider, add a new subdirectory containing the JAR files under the default CLASSPATH location—for example, /usr/local/share/java—and restart the Connect workers. Note that the JAR files should not be placed under a subdirectory in Connect’s plugin.path. The plugin.path locations are for connectors and their specific dependent JARs and not for config.providers.

When the Connect worker starts, it instantiates all ConfigProvider implementations specified in the worker configuration. All properties prefixed with config.providers.[provider].param.* are passed to the configure() method of the ConfigProvider. When the Connect worker shuts down, it calls the close() method of the ConfigProvider.

Important

Any worker in a Connect cluster must be able to resolve every variable in the worker configuration, and must be able to resolve all variables used in every connector configuration. This requires the following:

  • All of the workers in a Connect cluster must have the same set of named config providers.
  • Each provider on every worker must have access to any resources required to resolve variables used in the worker config or in the connector configs.

The following configuration properties are added to the distributed worker configuration to make this work:

  • config.providers: A comma-separated list of names for providers.
  • config.providers.{name}.class: The Java class name for a provider.
  • config.providers.{name}.param.{param-name}: A parameter (or parameters) to be passed to the above Java class on initialization.

FileConfigProvider

Kafka provides an implementation of ConfigProvider called FileConfigProvider that allows variable references to be replaced with values from local files on each worker. For example, rather than having a secret in a configuration property, you can put the secret in a local file and use a variable in connector configurations. When the connector is started, Connect will use the file config provider to resolve and replace the variable with the actual secret, ensuring that the connector configuration does not include the secret when it is persisted and shared over the Connect REST API.

Important

Every worker in the Connect cluster must have access to the files referenced by all variables referencing the config provider.

Variables that refer by name to a FileConfigProvider should be in the form ${provider:[path:]key}. The path is the fully-qualified path of the property file on each Connect worker; the key is the name of the key within that property file. Note that the FileConfigProvider supports reading any file, where the path (and property key in that file) is specified in each variable. When Connect resolves one of these variables, it will read the properties file, extract the value for the corresponding key, and replace the whole variable with that value.

The following shows a JDBC connector configuration that includes the database URL, username, and password:

connection.url=jdbc:oracle:thin:@myhost:1521:orcl
connection.user=scott
connection.password=<my-secret-password>

Instead of having these details exposed in the connector configuration, you can use FileConfigProvider and store them in a file accessible to each Connect worker and protect them from other OS users. In the following examples, the separate file is named /opt/connect-secrets.properties. The properties added to /opt/connect-secrets.properties are listed below:

productsdb-url=jdbc:oracle:thin:@myhost:1521:orcl
productsdb-username=scott
productsdb-password=my-secret-password
other-connector-url=jdbc:oracle:thin:@myhost:1521:orcl
other-connector-username=customers
other-connector-password=superSecret!

Then, you can configure each Connect worker to use FileConfigProvider. The worker configuration would include the following properties:

# Additional properties added to the worker configuration

config.providers=file
config.providers.file.class=org.apache.kafka.common.config.provider.FileConfigProvider

The JDBC connector configuration can now use variables in place of the secrets:

# Additional properties added to the connector configuration

connection.url=${file:/opt/connect-secrets.properties:productsdb-url}
connection.user=${file:/opt/connect-secrets.properties:productsdb-username}
connection.password=${file:/opt/connect-secrets.properties:productsdb-password}

Another connector configuration could use variables with a different file, or variables that use different properties in the same file:

# Additional properties added to another connector configuration

connection.url=${file:/opt/connect-secrets.properties:other-connector-url}
connection.user=${file:/opt/connect-secrets.properties:other-connector-username}
connection.password=${file:/opt/connect-secrets.properties:other-connector-password}

InternalSecretConfigProvider

Confluent Platform provides another implementation of ConfigProvider named InternalSecretConfigProvider which is used with the Connect Secret Registry. The InternalSecretConfigProvider requires Role-based access control (RBAC) with Secret Registry. The Secret Registry is a secret serving layer that enables Connect to store encrypted Connect credentials in a topic exposed through a REST API. This eliminates any unencrypted credentials being located in the actual connector configuration. The following example shows how InternalSecretConfigProvider is configured in the worker configuration file:

### Secret Provider

config.providers=secret
config.providers.secret.class=io.confluent.connect.secretregistry.rbac.config.provider.InternalSecretConfigProvider

config.providers.secret.param.master.encryption.key=<encryption key>
config.providers.secret.param.kafkastore.bootstrap.servers=SASL_PLAINTEXT://<Kafka broker URLs>
config.providers.secret.param.kafkastore.security.protocol=SASL_PLAINTEXT
config.providers.secret.param.kafkastore.sasl.mechanism=OAUTHBEARER
config.providers.secret.param.kafkastore.sasl.login.callback.handler.class=io.confluent.kafka.clients.plugins.auth.token.TokenUserLoginCallbackHandler
config.providers.secret.param.kafkastore.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required \
  username="<service-principal-username>" \
  password="<service-principal-password>" \
  metadataServerUrls="<metadata server URLs>";

Shut down Kafka Connect

There are a few ways to shut down Kafka Connect. If you are running Connect in Confluent Platform standalone mode, you can use the following local Confluent CLI command:

confluent local services connect stop

If you’re not using the Confluent CLI, or if you’re running Connect in distributed mode, perform following steps to shut down Kafka Connect:

  1. Open a terminal session on one of the Connect nodes.

  2. Search for the running Connect process:

    ps aux | grep ConnectDistributed
    
  3. Identify the PID in the output:

    <node-hostname> <worker-pid>   0.2  2.1  8414400 351944 s003  S    12:42PM   2:52.62 /path/to/your/bin/java ...omitted... org.apache.kafka.connect.cli.ConnectDistributed /path/to/your/connect.properties
    
  4. Stop the process:

    kill <worker-pid>
    
  5. Stop this running process on all remaining Connect nodes.

Important

Do not use kill -9 to stop the process.