From c6a154d607f9bdd826d9dd442018ddf1a40fb863 Mon Sep 17 00:00:00 2001 From: withlin Date: Tue, 3 Dec 2024 00:48:49 +0800 Subject: [PATCH 1/4] feat: support rdkafka2 options Signed-off-by: withlin --- ...logging.banzaicloud.io_clusteroutputs.yaml | 374 ++++++++++++++ .../logging.banzaicloud.io_outputs.yaml | 374 ++++++++++++++ ...logging.banzaicloud.io_clusteroutputs.yaml | 374 ++++++++++++++ .../crds/logging.banzaicloud.io_outputs.yaml | 374 ++++++++++++++ ...logging.banzaicloud.io_clusteroutputs.yaml | 374 ++++++++++++++ .../bases/logging.banzaicloud.io_outputs.yaml | 374 ++++++++++++++ docs/configuration/plugins/outputs/kafka.md | 468 ++++++++++++++++++ pkg/sdk/logging/model/output/kafka.go | 191 ++++++- pkg/sdk/logging/model/output/kafka_test.go | 8 + .../model/output/zz_generated.deepcopy.go | 1 + 10 files changed, 2911 insertions(+), 1 deletion(-) diff --git a/charts/logging-operator/charts/logging-operator-crds/templates/logging.banzaicloud.io_clusteroutputs.yaml b/charts/logging-operator/charts/logging-operator-crds/templates/logging.banzaicloud.io_clusteroutputs.yaml index 2ba82ea6d..ce80e0d47 100644 --- a/charts/logging-operator/charts/logging-operator-crds/templates/logging.banzaicloud.io_clusteroutputs.yaml +++ b/charts/logging-operator/charts/logging-operator-crds/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -3267,6 +3267,193 @@ spec: type: object principal: type: string + rdkafka_options: + properties: + allow.auto.create.topics: + type: boolean + api.version.fallback.ms: + type: integer + api.version.request: + type: boolean + api.version.request.timeout.ms: + type: integer + background_event_cb: + type: string + bootstrap.servers: + type: string + broker.address.family: + type: string + broker.address.ttl: + type: integer + broker.version.fallback: + type: string + builtin.features: + type: string + client.id: + type: string + closesocket_cb: + type: string + connect_cb: + type: string + connections.max.idle.ms: + type: integer + debug: + type: string + default_topic_conf: + type: string + enable.random.seed: + type: boolean + enable.sasl.oauthbearer.unsecure.jwt: + type: boolean + enable.ssl.certificate.verification: + type: boolean + enabled_events: + type: integer + error_cb: + type: string + interceptors: + type: string + internal.termination.signal: + type: integer + log.connection.close: + type: boolean + log.queue: + type: boolean + log.thread.name: + type: boolean + log_cb: + type: string + log_level: + type: integer + max.in.flight: + type: integer + max.in.flight.requests.per.connection: + type: integer + message.copy.max.bytes: + type: integer + message.max.bytes: + type: integer + metadata.broker.list: + type: string + metadata.max.age.ms: + type: integer + oauthbearer_token_refresh_cb: + type: string + opaque: + type: string + open_cb: + type: string + plugin.library.paths: + type: string + receive.message.max.bytes: + type: integer + reconnect.backoff.max.ms: + type: integer + reconnect.backoff.ms: + type: integer + resolve_cb: + type: string + sasl.kerberos.keytab: + type: string + sasl.kerberos.kinit.cmd: + type: string + sasl.kerberos.min.time.before.relogin: + type: integer + sasl.kerberos.principal: + type: string + sasl.kerberos.service.name: + type: string + sasl.mechanisms: + type: string + sasl.oauthbearer.client.id: + type: string + sasl.oauthbearer.client.secret: + type: string + sasl.oauthbearer.config: + type: string + sasl.oauthbearer.extensions: + type: string + sasl.oauthbearer.method: + type: string + sasl.oauthbearer.scope: + type: string + sasl.oauthbearer.token.endpoint.url: + type: string + sasl.password: + type: string + sasl.username: + type: string + security.protocol: + type: string + socket.blocking.max.ms: + type: integer + socket.connection.setup.timeout.ms: + type: integer + socket.keepalive.enable: + type: boolean + socket.max.fails: + type: integer + socket.nagle.disable: + type: boolean + socket.receive.buffer.bytes: + type: integer + socket.send.buffer.bytes: + type: integer + socket.timeout.ms: + type: integer + socket_cb: + type: string + ssl.ca.location: + type: string + ssl.ca.pem: + type: string + ssl.certificate.location: + type: string + ssl.certificate.pem: + type: string + ssl.cipher.suites: + type: string + ssl.crl.location: + type: string + ssl.curves.list: + type: string + ssl.endpoint.identification.algorithm: + type: string + ssl.engine.id: + type: string + ssl.engine.location: + type: string + ssl.key.location: + type: string + ssl.key.password: + type: string + ssl.key.pem: + type: string + ssl.keystore.location: + type: string + ssl.keystore.password: + type: string + ssl.providers: + type: string + ssl.sigalgs.list: + type: string + statistics.interval.ms: + type: integer + stats_cb: + type: string + throttle_cb: + type: string + topic.blacklist: + type: string + topic.metadata.propagation.max.ms: + type: integer + topic.metadata.refresh.fast.interval.ms: + type: integer + topic.metadata.refresh.interval.ms: + type: integer + topic.metadata.refresh.sparse: + type: boolean + type: object required_acks: type: integer sasl_over_ssl: @@ -10519,6 +10706,193 @@ spec: type: object principal: type: string + rdkafka_options: + properties: + allow.auto.create.topics: + type: boolean + api.version.fallback.ms: + type: integer + api.version.request: + type: boolean + api.version.request.timeout.ms: + type: integer + background_event_cb: + type: string + bootstrap.servers: + type: string + broker.address.family: + type: string + broker.address.ttl: + type: integer + broker.version.fallback: + type: string + builtin.features: + type: string + client.id: + type: string + closesocket_cb: + type: string + connect_cb: + type: string + connections.max.idle.ms: + type: integer + debug: + type: string + default_topic_conf: + type: string + enable.random.seed: + type: boolean + enable.sasl.oauthbearer.unsecure.jwt: + type: boolean + enable.ssl.certificate.verification: + type: boolean + enabled_events: + type: integer + error_cb: + type: string + interceptors: + type: string + internal.termination.signal: + type: integer + log.connection.close: + type: boolean + log.queue: + type: boolean + log.thread.name: + type: boolean + log_cb: + type: string + log_level: + type: integer + max.in.flight: + type: integer + max.in.flight.requests.per.connection: + type: integer + message.copy.max.bytes: + type: integer + message.max.bytes: + type: integer + metadata.broker.list: + type: string + metadata.max.age.ms: + type: integer + oauthbearer_token_refresh_cb: + type: string + opaque: + type: string + open_cb: + type: string + plugin.library.paths: + type: string + receive.message.max.bytes: + type: integer + reconnect.backoff.max.ms: + type: integer + reconnect.backoff.ms: + type: integer + resolve_cb: + type: string + sasl.kerberos.keytab: + type: string + sasl.kerberos.kinit.cmd: + type: string + sasl.kerberos.min.time.before.relogin: + type: integer + sasl.kerberos.principal: + type: string + sasl.kerberos.service.name: + type: string + sasl.mechanisms: + type: string + sasl.oauthbearer.client.id: + type: string + sasl.oauthbearer.client.secret: + type: string + sasl.oauthbearer.config: + type: string + sasl.oauthbearer.extensions: + type: string + sasl.oauthbearer.method: + type: string + sasl.oauthbearer.scope: + type: string + sasl.oauthbearer.token.endpoint.url: + type: string + sasl.password: + type: string + sasl.username: + type: string + security.protocol: + type: string + socket.blocking.max.ms: + type: integer + socket.connection.setup.timeout.ms: + type: integer + socket.keepalive.enable: + type: boolean + socket.max.fails: + type: integer + socket.nagle.disable: + type: boolean + socket.receive.buffer.bytes: + type: integer + socket.send.buffer.bytes: + type: integer + socket.timeout.ms: + type: integer + socket_cb: + type: string + ssl.ca.location: + type: string + ssl.ca.pem: + type: string + ssl.certificate.location: + type: string + ssl.certificate.pem: + type: string + ssl.cipher.suites: + type: string + ssl.crl.location: + type: string + ssl.curves.list: + type: string + ssl.endpoint.identification.algorithm: + type: string + ssl.engine.id: + type: string + ssl.engine.location: + type: string + ssl.key.location: + type: string + ssl.key.password: + type: string + ssl.key.pem: + type: string + ssl.keystore.location: + type: string + ssl.keystore.password: + type: string + ssl.providers: + type: string + ssl.sigalgs.list: + type: string + statistics.interval.ms: + type: integer + stats_cb: + type: string + throttle_cb: + type: string + topic.blacklist: + type: string + topic.metadata.propagation.max.ms: + type: integer + topic.metadata.refresh.fast.interval.ms: + type: integer + topic.metadata.refresh.interval.ms: + type: integer + topic.metadata.refresh.sparse: + type: boolean + type: object required_acks: type: integer sasl_over_ssl: diff --git a/charts/logging-operator/charts/logging-operator-crds/templates/logging.banzaicloud.io_outputs.yaml b/charts/logging-operator/charts/logging-operator-crds/templates/logging.banzaicloud.io_outputs.yaml index a384445bf..6fbaebfff 100644 --- a/charts/logging-operator/charts/logging-operator-crds/templates/logging.banzaicloud.io_outputs.yaml +++ b/charts/logging-operator/charts/logging-operator-crds/templates/logging.banzaicloud.io_outputs.yaml @@ -3263,6 +3263,193 @@ spec: type: object principal: type: string + rdkafka_options: + properties: + allow.auto.create.topics: + type: boolean + api.version.fallback.ms: + type: integer + api.version.request: + type: boolean + api.version.request.timeout.ms: + type: integer + background_event_cb: + type: string + bootstrap.servers: + type: string + broker.address.family: + type: string + broker.address.ttl: + type: integer + broker.version.fallback: + type: string + builtin.features: + type: string + client.id: + type: string + closesocket_cb: + type: string + connect_cb: + type: string + connections.max.idle.ms: + type: integer + debug: + type: string + default_topic_conf: + type: string + enable.random.seed: + type: boolean + enable.sasl.oauthbearer.unsecure.jwt: + type: boolean + enable.ssl.certificate.verification: + type: boolean + enabled_events: + type: integer + error_cb: + type: string + interceptors: + type: string + internal.termination.signal: + type: integer + log.connection.close: + type: boolean + log.queue: + type: boolean + log.thread.name: + type: boolean + log_cb: + type: string + log_level: + type: integer + max.in.flight: + type: integer + max.in.flight.requests.per.connection: + type: integer + message.copy.max.bytes: + type: integer + message.max.bytes: + type: integer + metadata.broker.list: + type: string + metadata.max.age.ms: + type: integer + oauthbearer_token_refresh_cb: + type: string + opaque: + type: string + open_cb: + type: string + plugin.library.paths: + type: string + receive.message.max.bytes: + type: integer + reconnect.backoff.max.ms: + type: integer + reconnect.backoff.ms: + type: integer + resolve_cb: + type: string + sasl.kerberos.keytab: + type: string + sasl.kerberos.kinit.cmd: + type: string + sasl.kerberos.min.time.before.relogin: + type: integer + sasl.kerberos.principal: + type: string + sasl.kerberos.service.name: + type: string + sasl.mechanisms: + type: string + sasl.oauthbearer.client.id: + type: string + sasl.oauthbearer.client.secret: + type: string + sasl.oauthbearer.config: + type: string + sasl.oauthbearer.extensions: + type: string + sasl.oauthbearer.method: + type: string + sasl.oauthbearer.scope: + type: string + sasl.oauthbearer.token.endpoint.url: + type: string + sasl.password: + type: string + sasl.username: + type: string + security.protocol: + type: string + socket.blocking.max.ms: + type: integer + socket.connection.setup.timeout.ms: + type: integer + socket.keepalive.enable: + type: boolean + socket.max.fails: + type: integer + socket.nagle.disable: + type: boolean + socket.receive.buffer.bytes: + type: integer + socket.send.buffer.bytes: + type: integer + socket.timeout.ms: + type: integer + socket_cb: + type: string + ssl.ca.location: + type: string + ssl.ca.pem: + type: string + ssl.certificate.location: + type: string + ssl.certificate.pem: + type: string + ssl.cipher.suites: + type: string + ssl.crl.location: + type: string + ssl.curves.list: + type: string + ssl.endpoint.identification.algorithm: + type: string + ssl.engine.id: + type: string + ssl.engine.location: + type: string + ssl.key.location: + type: string + ssl.key.password: + type: string + ssl.key.pem: + type: string + ssl.keystore.location: + type: string + ssl.keystore.password: + type: string + ssl.providers: + type: string + ssl.sigalgs.list: + type: string + statistics.interval.ms: + type: integer + stats_cb: + type: string + throttle_cb: + type: string + topic.blacklist: + type: string + topic.metadata.propagation.max.ms: + type: integer + topic.metadata.refresh.fast.interval.ms: + type: integer + topic.metadata.refresh.interval.ms: + type: integer + topic.metadata.refresh.sparse: + type: boolean + type: object required_acks: type: integer sasl_over_ssl: @@ -9789,6 +9976,193 @@ spec: type: object principal: type: string + rdkafka_options: + properties: + allow.auto.create.topics: + type: boolean + api.version.fallback.ms: + type: integer + api.version.request: + type: boolean + api.version.request.timeout.ms: + type: integer + background_event_cb: + type: string + bootstrap.servers: + type: string + broker.address.family: + type: string + broker.address.ttl: + type: integer + broker.version.fallback: + type: string + builtin.features: + type: string + client.id: + type: string + closesocket_cb: + type: string + connect_cb: + type: string + connections.max.idle.ms: + type: integer + debug: + type: string + default_topic_conf: + type: string + enable.random.seed: + type: boolean + enable.sasl.oauthbearer.unsecure.jwt: + type: boolean + enable.ssl.certificate.verification: + type: boolean + enabled_events: + type: integer + error_cb: + type: string + interceptors: + type: string + internal.termination.signal: + type: integer + log.connection.close: + type: boolean + log.queue: + type: boolean + log.thread.name: + type: boolean + log_cb: + type: string + log_level: + type: integer + max.in.flight: + type: integer + max.in.flight.requests.per.connection: + type: integer + message.copy.max.bytes: + type: integer + message.max.bytes: + type: integer + metadata.broker.list: + type: string + metadata.max.age.ms: + type: integer + oauthbearer_token_refresh_cb: + type: string + opaque: + type: string + open_cb: + type: string + plugin.library.paths: + type: string + receive.message.max.bytes: + type: integer + reconnect.backoff.max.ms: + type: integer + reconnect.backoff.ms: + type: integer + resolve_cb: + type: string + sasl.kerberos.keytab: + type: string + sasl.kerberos.kinit.cmd: + type: string + sasl.kerberos.min.time.before.relogin: + type: integer + sasl.kerberos.principal: + type: string + sasl.kerberos.service.name: + type: string + sasl.mechanisms: + type: string + sasl.oauthbearer.client.id: + type: string + sasl.oauthbearer.client.secret: + type: string + sasl.oauthbearer.config: + type: string + sasl.oauthbearer.extensions: + type: string + sasl.oauthbearer.method: + type: string + sasl.oauthbearer.scope: + type: string + sasl.oauthbearer.token.endpoint.url: + type: string + sasl.password: + type: string + sasl.username: + type: string + security.protocol: + type: string + socket.blocking.max.ms: + type: integer + socket.connection.setup.timeout.ms: + type: integer + socket.keepalive.enable: + type: boolean + socket.max.fails: + type: integer + socket.nagle.disable: + type: boolean + socket.receive.buffer.bytes: + type: integer + socket.send.buffer.bytes: + type: integer + socket.timeout.ms: + type: integer + socket_cb: + type: string + ssl.ca.location: + type: string + ssl.ca.pem: + type: string + ssl.certificate.location: + type: string + ssl.certificate.pem: + type: string + ssl.cipher.suites: + type: string + ssl.crl.location: + type: string + ssl.curves.list: + type: string + ssl.endpoint.identification.algorithm: + type: string + ssl.engine.id: + type: string + ssl.engine.location: + type: string + ssl.key.location: + type: string + ssl.key.password: + type: string + ssl.key.pem: + type: string + ssl.keystore.location: + type: string + ssl.keystore.password: + type: string + ssl.providers: + type: string + ssl.sigalgs.list: + type: string + statistics.interval.ms: + type: integer + stats_cb: + type: string + throttle_cb: + type: string + topic.blacklist: + type: string + topic.metadata.propagation.max.ms: + type: integer + topic.metadata.refresh.fast.interval.ms: + type: integer + topic.metadata.refresh.interval.ms: + type: integer + topic.metadata.refresh.sparse: + type: boolean + type: object required_acks: type: integer sasl_over_ssl: diff --git a/charts/logging-operator/crds/logging.banzaicloud.io_clusteroutputs.yaml b/charts/logging-operator/crds/logging.banzaicloud.io_clusteroutputs.yaml index e579f2b27..0293ff064 100644 --- a/charts/logging-operator/crds/logging.banzaicloud.io_clusteroutputs.yaml +++ b/charts/logging-operator/crds/logging.banzaicloud.io_clusteroutputs.yaml @@ -3264,6 +3264,193 @@ spec: type: object principal: type: string + rdkafka_options: + properties: + allow.auto.create.topics: + type: boolean + api.version.fallback.ms: + type: integer + api.version.request: + type: boolean + api.version.request.timeout.ms: + type: integer + background_event_cb: + type: string + bootstrap.servers: + type: string + broker.address.family: + type: string + broker.address.ttl: + type: integer + broker.version.fallback: + type: string + builtin.features: + type: string + client.id: + type: string + closesocket_cb: + type: string + connect_cb: + type: string + connections.max.idle.ms: + type: integer + debug: + type: string + default_topic_conf: + type: string + enable.random.seed: + type: boolean + enable.sasl.oauthbearer.unsecure.jwt: + type: boolean + enable.ssl.certificate.verification: + type: boolean + enabled_events: + type: integer + error_cb: + type: string + interceptors: + type: string + internal.termination.signal: + type: integer + log.connection.close: + type: boolean + log.queue: + type: boolean + log.thread.name: + type: boolean + log_cb: + type: string + log_level: + type: integer + max.in.flight: + type: integer + max.in.flight.requests.per.connection: + type: integer + message.copy.max.bytes: + type: integer + message.max.bytes: + type: integer + metadata.broker.list: + type: string + metadata.max.age.ms: + type: integer + oauthbearer_token_refresh_cb: + type: string + opaque: + type: string + open_cb: + type: string + plugin.library.paths: + type: string + receive.message.max.bytes: + type: integer + reconnect.backoff.max.ms: + type: integer + reconnect.backoff.ms: + type: integer + resolve_cb: + type: string + sasl.kerberos.keytab: + type: string + sasl.kerberos.kinit.cmd: + type: string + sasl.kerberos.min.time.before.relogin: + type: integer + sasl.kerberos.principal: + type: string + sasl.kerberos.service.name: + type: string + sasl.mechanisms: + type: string + sasl.oauthbearer.client.id: + type: string + sasl.oauthbearer.client.secret: + type: string + sasl.oauthbearer.config: + type: string + sasl.oauthbearer.extensions: + type: string + sasl.oauthbearer.method: + type: string + sasl.oauthbearer.scope: + type: string + sasl.oauthbearer.token.endpoint.url: + type: string + sasl.password: + type: string + sasl.username: + type: string + security.protocol: + type: string + socket.blocking.max.ms: + type: integer + socket.connection.setup.timeout.ms: + type: integer + socket.keepalive.enable: + type: boolean + socket.max.fails: + type: integer + socket.nagle.disable: + type: boolean + socket.receive.buffer.bytes: + type: integer + socket.send.buffer.bytes: + type: integer + socket.timeout.ms: + type: integer + socket_cb: + type: string + ssl.ca.location: + type: string + ssl.ca.pem: + type: string + ssl.certificate.location: + type: string + ssl.certificate.pem: + type: string + ssl.cipher.suites: + type: string + ssl.crl.location: + type: string + ssl.curves.list: + type: string + ssl.endpoint.identification.algorithm: + type: string + ssl.engine.id: + type: string + ssl.engine.location: + type: string + ssl.key.location: + type: string + ssl.key.password: + type: string + ssl.key.pem: + type: string + ssl.keystore.location: + type: string + ssl.keystore.password: + type: string + ssl.providers: + type: string + ssl.sigalgs.list: + type: string + statistics.interval.ms: + type: integer + stats_cb: + type: string + throttle_cb: + type: string + topic.blacklist: + type: string + topic.metadata.propagation.max.ms: + type: integer + topic.metadata.refresh.fast.interval.ms: + type: integer + topic.metadata.refresh.interval.ms: + type: integer + topic.metadata.refresh.sparse: + type: boolean + type: object required_acks: type: integer sasl_over_ssl: @@ -10516,6 +10703,193 @@ spec: type: object principal: type: string + rdkafka_options: + properties: + allow.auto.create.topics: + type: boolean + api.version.fallback.ms: + type: integer + api.version.request: + type: boolean + api.version.request.timeout.ms: + type: integer + background_event_cb: + type: string + bootstrap.servers: + type: string + broker.address.family: + type: string + broker.address.ttl: + type: integer + broker.version.fallback: + type: string + builtin.features: + type: string + client.id: + type: string + closesocket_cb: + type: string + connect_cb: + type: string + connections.max.idle.ms: + type: integer + debug: + type: string + default_topic_conf: + type: string + enable.random.seed: + type: boolean + enable.sasl.oauthbearer.unsecure.jwt: + type: boolean + enable.ssl.certificate.verification: + type: boolean + enabled_events: + type: integer + error_cb: + type: string + interceptors: + type: string + internal.termination.signal: + type: integer + log.connection.close: + type: boolean + log.queue: + type: boolean + log.thread.name: + type: boolean + log_cb: + type: string + log_level: + type: integer + max.in.flight: + type: integer + max.in.flight.requests.per.connection: + type: integer + message.copy.max.bytes: + type: integer + message.max.bytes: + type: integer + metadata.broker.list: + type: string + metadata.max.age.ms: + type: integer + oauthbearer_token_refresh_cb: + type: string + opaque: + type: string + open_cb: + type: string + plugin.library.paths: + type: string + receive.message.max.bytes: + type: integer + reconnect.backoff.max.ms: + type: integer + reconnect.backoff.ms: + type: integer + resolve_cb: + type: string + sasl.kerberos.keytab: + type: string + sasl.kerberos.kinit.cmd: + type: string + sasl.kerberos.min.time.before.relogin: + type: integer + sasl.kerberos.principal: + type: string + sasl.kerberos.service.name: + type: string + sasl.mechanisms: + type: string + sasl.oauthbearer.client.id: + type: string + sasl.oauthbearer.client.secret: + type: string + sasl.oauthbearer.config: + type: string + sasl.oauthbearer.extensions: + type: string + sasl.oauthbearer.method: + type: string + sasl.oauthbearer.scope: + type: string + sasl.oauthbearer.token.endpoint.url: + type: string + sasl.password: + type: string + sasl.username: + type: string + security.protocol: + type: string + socket.blocking.max.ms: + type: integer + socket.connection.setup.timeout.ms: + type: integer + socket.keepalive.enable: + type: boolean + socket.max.fails: + type: integer + socket.nagle.disable: + type: boolean + socket.receive.buffer.bytes: + type: integer + socket.send.buffer.bytes: + type: integer + socket.timeout.ms: + type: integer + socket_cb: + type: string + ssl.ca.location: + type: string + ssl.ca.pem: + type: string + ssl.certificate.location: + type: string + ssl.certificate.pem: + type: string + ssl.cipher.suites: + type: string + ssl.crl.location: + type: string + ssl.curves.list: + type: string + ssl.endpoint.identification.algorithm: + type: string + ssl.engine.id: + type: string + ssl.engine.location: + type: string + ssl.key.location: + type: string + ssl.key.password: + type: string + ssl.key.pem: + type: string + ssl.keystore.location: + type: string + ssl.keystore.password: + type: string + ssl.providers: + type: string + ssl.sigalgs.list: + type: string + statistics.interval.ms: + type: integer + stats_cb: + type: string + throttle_cb: + type: string + topic.blacklist: + type: string + topic.metadata.propagation.max.ms: + type: integer + topic.metadata.refresh.fast.interval.ms: + type: integer + topic.metadata.refresh.interval.ms: + type: integer + topic.metadata.refresh.sparse: + type: boolean + type: object required_acks: type: integer sasl_over_ssl: diff --git a/charts/logging-operator/crds/logging.banzaicloud.io_outputs.yaml b/charts/logging-operator/crds/logging.banzaicloud.io_outputs.yaml index dff193ee1..5a845c924 100644 --- a/charts/logging-operator/crds/logging.banzaicloud.io_outputs.yaml +++ b/charts/logging-operator/crds/logging.banzaicloud.io_outputs.yaml @@ -3260,6 +3260,193 @@ spec: type: object principal: type: string + rdkafka_options: + properties: + allow.auto.create.topics: + type: boolean + api.version.fallback.ms: + type: integer + api.version.request: + type: boolean + api.version.request.timeout.ms: + type: integer + background_event_cb: + type: string + bootstrap.servers: + type: string + broker.address.family: + type: string + broker.address.ttl: + type: integer + broker.version.fallback: + type: string + builtin.features: + type: string + client.id: + type: string + closesocket_cb: + type: string + connect_cb: + type: string + connections.max.idle.ms: + type: integer + debug: + type: string + default_topic_conf: + type: string + enable.random.seed: + type: boolean + enable.sasl.oauthbearer.unsecure.jwt: + type: boolean + enable.ssl.certificate.verification: + type: boolean + enabled_events: + type: integer + error_cb: + type: string + interceptors: + type: string + internal.termination.signal: + type: integer + log.connection.close: + type: boolean + log.queue: + type: boolean + log.thread.name: + type: boolean + log_cb: + type: string + log_level: + type: integer + max.in.flight: + type: integer + max.in.flight.requests.per.connection: + type: integer + message.copy.max.bytes: + type: integer + message.max.bytes: + type: integer + metadata.broker.list: + type: string + metadata.max.age.ms: + type: integer + oauthbearer_token_refresh_cb: + type: string + opaque: + type: string + open_cb: + type: string + plugin.library.paths: + type: string + receive.message.max.bytes: + type: integer + reconnect.backoff.max.ms: + type: integer + reconnect.backoff.ms: + type: integer + resolve_cb: + type: string + sasl.kerberos.keytab: + type: string + sasl.kerberos.kinit.cmd: + type: string + sasl.kerberos.min.time.before.relogin: + type: integer + sasl.kerberos.principal: + type: string + sasl.kerberos.service.name: + type: string + sasl.mechanisms: + type: string + sasl.oauthbearer.client.id: + type: string + sasl.oauthbearer.client.secret: + type: string + sasl.oauthbearer.config: + type: string + sasl.oauthbearer.extensions: + type: string + sasl.oauthbearer.method: + type: string + sasl.oauthbearer.scope: + type: string + sasl.oauthbearer.token.endpoint.url: + type: string + sasl.password: + type: string + sasl.username: + type: string + security.protocol: + type: string + socket.blocking.max.ms: + type: integer + socket.connection.setup.timeout.ms: + type: integer + socket.keepalive.enable: + type: boolean + socket.max.fails: + type: integer + socket.nagle.disable: + type: boolean + socket.receive.buffer.bytes: + type: integer + socket.send.buffer.bytes: + type: integer + socket.timeout.ms: + type: integer + socket_cb: + type: string + ssl.ca.location: + type: string + ssl.ca.pem: + type: string + ssl.certificate.location: + type: string + ssl.certificate.pem: + type: string + ssl.cipher.suites: + type: string + ssl.crl.location: + type: string + ssl.curves.list: + type: string + ssl.endpoint.identification.algorithm: + type: string + ssl.engine.id: + type: string + ssl.engine.location: + type: string + ssl.key.location: + type: string + ssl.key.password: + type: string + ssl.key.pem: + type: string + ssl.keystore.location: + type: string + ssl.keystore.password: + type: string + ssl.providers: + type: string + ssl.sigalgs.list: + type: string + statistics.interval.ms: + type: integer + stats_cb: + type: string + throttle_cb: + type: string + topic.blacklist: + type: string + topic.metadata.propagation.max.ms: + type: integer + topic.metadata.refresh.fast.interval.ms: + type: integer + topic.metadata.refresh.interval.ms: + type: integer + topic.metadata.refresh.sparse: + type: boolean + type: object required_acks: type: integer sasl_over_ssl: @@ -9786,6 +9973,193 @@ spec: type: object principal: type: string + rdkafka_options: + properties: + allow.auto.create.topics: + type: boolean + api.version.fallback.ms: + type: integer + api.version.request: + type: boolean + api.version.request.timeout.ms: + type: integer + background_event_cb: + type: string + bootstrap.servers: + type: string + broker.address.family: + type: string + broker.address.ttl: + type: integer + broker.version.fallback: + type: string + builtin.features: + type: string + client.id: + type: string + closesocket_cb: + type: string + connect_cb: + type: string + connections.max.idle.ms: + type: integer + debug: + type: string + default_topic_conf: + type: string + enable.random.seed: + type: boolean + enable.sasl.oauthbearer.unsecure.jwt: + type: boolean + enable.ssl.certificate.verification: + type: boolean + enabled_events: + type: integer + error_cb: + type: string + interceptors: + type: string + internal.termination.signal: + type: integer + log.connection.close: + type: boolean + log.queue: + type: boolean + log.thread.name: + type: boolean + log_cb: + type: string + log_level: + type: integer + max.in.flight: + type: integer + max.in.flight.requests.per.connection: + type: integer + message.copy.max.bytes: + type: integer + message.max.bytes: + type: integer + metadata.broker.list: + type: string + metadata.max.age.ms: + type: integer + oauthbearer_token_refresh_cb: + type: string + opaque: + type: string + open_cb: + type: string + plugin.library.paths: + type: string + receive.message.max.bytes: + type: integer + reconnect.backoff.max.ms: + type: integer + reconnect.backoff.ms: + type: integer + resolve_cb: + type: string + sasl.kerberos.keytab: + type: string + sasl.kerberos.kinit.cmd: + type: string + sasl.kerberos.min.time.before.relogin: + type: integer + sasl.kerberos.principal: + type: string + sasl.kerberos.service.name: + type: string + sasl.mechanisms: + type: string + sasl.oauthbearer.client.id: + type: string + sasl.oauthbearer.client.secret: + type: string + sasl.oauthbearer.config: + type: string + sasl.oauthbearer.extensions: + type: string + sasl.oauthbearer.method: + type: string + sasl.oauthbearer.scope: + type: string + sasl.oauthbearer.token.endpoint.url: + type: string + sasl.password: + type: string + sasl.username: + type: string + security.protocol: + type: string + socket.blocking.max.ms: + type: integer + socket.connection.setup.timeout.ms: + type: integer + socket.keepalive.enable: + type: boolean + socket.max.fails: + type: integer + socket.nagle.disable: + type: boolean + socket.receive.buffer.bytes: + type: integer + socket.send.buffer.bytes: + type: integer + socket.timeout.ms: + type: integer + socket_cb: + type: string + ssl.ca.location: + type: string + ssl.ca.pem: + type: string + ssl.certificate.location: + type: string + ssl.certificate.pem: + type: string + ssl.cipher.suites: + type: string + ssl.crl.location: + type: string + ssl.curves.list: + type: string + ssl.endpoint.identification.algorithm: + type: string + ssl.engine.id: + type: string + ssl.engine.location: + type: string + ssl.key.location: + type: string + ssl.key.password: + type: string + ssl.key.pem: + type: string + ssl.keystore.location: + type: string + ssl.keystore.password: + type: string + ssl.providers: + type: string + ssl.sigalgs.list: + type: string + statistics.interval.ms: + type: integer + stats_cb: + type: string + throttle_cb: + type: string + topic.blacklist: + type: string + topic.metadata.propagation.max.ms: + type: integer + topic.metadata.refresh.fast.interval.ms: + type: integer + topic.metadata.refresh.interval.ms: + type: integer + topic.metadata.refresh.sparse: + type: boolean + type: object required_acks: type: integer sasl_over_ssl: diff --git a/config/crd/bases/logging.banzaicloud.io_clusteroutputs.yaml b/config/crd/bases/logging.banzaicloud.io_clusteroutputs.yaml index e579f2b27..0293ff064 100644 --- a/config/crd/bases/logging.banzaicloud.io_clusteroutputs.yaml +++ b/config/crd/bases/logging.banzaicloud.io_clusteroutputs.yaml @@ -3264,6 +3264,193 @@ spec: type: object principal: type: string + rdkafka_options: + properties: + allow.auto.create.topics: + type: boolean + api.version.fallback.ms: + type: integer + api.version.request: + type: boolean + api.version.request.timeout.ms: + type: integer + background_event_cb: + type: string + bootstrap.servers: + type: string + broker.address.family: + type: string + broker.address.ttl: + type: integer + broker.version.fallback: + type: string + builtin.features: + type: string + client.id: + type: string + closesocket_cb: + type: string + connect_cb: + type: string + connections.max.idle.ms: + type: integer + debug: + type: string + default_topic_conf: + type: string + enable.random.seed: + type: boolean + enable.sasl.oauthbearer.unsecure.jwt: + type: boolean + enable.ssl.certificate.verification: + type: boolean + enabled_events: + type: integer + error_cb: + type: string + interceptors: + type: string + internal.termination.signal: + type: integer + log.connection.close: + type: boolean + log.queue: + type: boolean + log.thread.name: + type: boolean + log_cb: + type: string + log_level: + type: integer + max.in.flight: + type: integer + max.in.flight.requests.per.connection: + type: integer + message.copy.max.bytes: + type: integer + message.max.bytes: + type: integer + metadata.broker.list: + type: string + metadata.max.age.ms: + type: integer + oauthbearer_token_refresh_cb: + type: string + opaque: + type: string + open_cb: + type: string + plugin.library.paths: + type: string + receive.message.max.bytes: + type: integer + reconnect.backoff.max.ms: + type: integer + reconnect.backoff.ms: + type: integer + resolve_cb: + type: string + sasl.kerberos.keytab: + type: string + sasl.kerberos.kinit.cmd: + type: string + sasl.kerberos.min.time.before.relogin: + type: integer + sasl.kerberos.principal: + type: string + sasl.kerberos.service.name: + type: string + sasl.mechanisms: + type: string + sasl.oauthbearer.client.id: + type: string + sasl.oauthbearer.client.secret: + type: string + sasl.oauthbearer.config: + type: string + sasl.oauthbearer.extensions: + type: string + sasl.oauthbearer.method: + type: string + sasl.oauthbearer.scope: + type: string + sasl.oauthbearer.token.endpoint.url: + type: string + sasl.password: + type: string + sasl.username: + type: string + security.protocol: + type: string + socket.blocking.max.ms: + type: integer + socket.connection.setup.timeout.ms: + type: integer + socket.keepalive.enable: + type: boolean + socket.max.fails: + type: integer + socket.nagle.disable: + type: boolean + socket.receive.buffer.bytes: + type: integer + socket.send.buffer.bytes: + type: integer + socket.timeout.ms: + type: integer + socket_cb: + type: string + ssl.ca.location: + type: string + ssl.ca.pem: + type: string + ssl.certificate.location: + type: string + ssl.certificate.pem: + type: string + ssl.cipher.suites: + type: string + ssl.crl.location: + type: string + ssl.curves.list: + type: string + ssl.endpoint.identification.algorithm: + type: string + ssl.engine.id: + type: string + ssl.engine.location: + type: string + ssl.key.location: + type: string + ssl.key.password: + type: string + ssl.key.pem: + type: string + ssl.keystore.location: + type: string + ssl.keystore.password: + type: string + ssl.providers: + type: string + ssl.sigalgs.list: + type: string + statistics.interval.ms: + type: integer + stats_cb: + type: string + throttle_cb: + type: string + topic.blacklist: + type: string + topic.metadata.propagation.max.ms: + type: integer + topic.metadata.refresh.fast.interval.ms: + type: integer + topic.metadata.refresh.interval.ms: + type: integer + topic.metadata.refresh.sparse: + type: boolean + type: object required_acks: type: integer sasl_over_ssl: @@ -10516,6 +10703,193 @@ spec: type: object principal: type: string + rdkafka_options: + properties: + allow.auto.create.topics: + type: boolean + api.version.fallback.ms: + type: integer + api.version.request: + type: boolean + api.version.request.timeout.ms: + type: integer + background_event_cb: + type: string + bootstrap.servers: + type: string + broker.address.family: + type: string + broker.address.ttl: + type: integer + broker.version.fallback: + type: string + builtin.features: + type: string + client.id: + type: string + closesocket_cb: + type: string + connect_cb: + type: string + connections.max.idle.ms: + type: integer + debug: + type: string + default_topic_conf: + type: string + enable.random.seed: + type: boolean + enable.sasl.oauthbearer.unsecure.jwt: + type: boolean + enable.ssl.certificate.verification: + type: boolean + enabled_events: + type: integer + error_cb: + type: string + interceptors: + type: string + internal.termination.signal: + type: integer + log.connection.close: + type: boolean + log.queue: + type: boolean + log.thread.name: + type: boolean + log_cb: + type: string + log_level: + type: integer + max.in.flight: + type: integer + max.in.flight.requests.per.connection: + type: integer + message.copy.max.bytes: + type: integer + message.max.bytes: + type: integer + metadata.broker.list: + type: string + metadata.max.age.ms: + type: integer + oauthbearer_token_refresh_cb: + type: string + opaque: + type: string + open_cb: + type: string + plugin.library.paths: + type: string + receive.message.max.bytes: + type: integer + reconnect.backoff.max.ms: + type: integer + reconnect.backoff.ms: + type: integer + resolve_cb: + type: string + sasl.kerberos.keytab: + type: string + sasl.kerberos.kinit.cmd: + type: string + sasl.kerberos.min.time.before.relogin: + type: integer + sasl.kerberos.principal: + type: string + sasl.kerberos.service.name: + type: string + sasl.mechanisms: + type: string + sasl.oauthbearer.client.id: + type: string + sasl.oauthbearer.client.secret: + type: string + sasl.oauthbearer.config: + type: string + sasl.oauthbearer.extensions: + type: string + sasl.oauthbearer.method: + type: string + sasl.oauthbearer.scope: + type: string + sasl.oauthbearer.token.endpoint.url: + type: string + sasl.password: + type: string + sasl.username: + type: string + security.protocol: + type: string + socket.blocking.max.ms: + type: integer + socket.connection.setup.timeout.ms: + type: integer + socket.keepalive.enable: + type: boolean + socket.max.fails: + type: integer + socket.nagle.disable: + type: boolean + socket.receive.buffer.bytes: + type: integer + socket.send.buffer.bytes: + type: integer + socket.timeout.ms: + type: integer + socket_cb: + type: string + ssl.ca.location: + type: string + ssl.ca.pem: + type: string + ssl.certificate.location: + type: string + ssl.certificate.pem: + type: string + ssl.cipher.suites: + type: string + ssl.crl.location: + type: string + ssl.curves.list: + type: string + ssl.endpoint.identification.algorithm: + type: string + ssl.engine.id: + type: string + ssl.engine.location: + type: string + ssl.key.location: + type: string + ssl.key.password: + type: string + ssl.key.pem: + type: string + ssl.keystore.location: + type: string + ssl.keystore.password: + type: string + ssl.providers: + type: string + ssl.sigalgs.list: + type: string + statistics.interval.ms: + type: integer + stats_cb: + type: string + throttle_cb: + type: string + topic.blacklist: + type: string + topic.metadata.propagation.max.ms: + type: integer + topic.metadata.refresh.fast.interval.ms: + type: integer + topic.metadata.refresh.interval.ms: + type: integer + topic.metadata.refresh.sparse: + type: boolean + type: object required_acks: type: integer sasl_over_ssl: diff --git a/config/crd/bases/logging.banzaicloud.io_outputs.yaml b/config/crd/bases/logging.banzaicloud.io_outputs.yaml index dff193ee1..5a845c924 100644 --- a/config/crd/bases/logging.banzaicloud.io_outputs.yaml +++ b/config/crd/bases/logging.banzaicloud.io_outputs.yaml @@ -3260,6 +3260,193 @@ spec: type: object principal: type: string + rdkafka_options: + properties: + allow.auto.create.topics: + type: boolean + api.version.fallback.ms: + type: integer + api.version.request: + type: boolean + api.version.request.timeout.ms: + type: integer + background_event_cb: + type: string + bootstrap.servers: + type: string + broker.address.family: + type: string + broker.address.ttl: + type: integer + broker.version.fallback: + type: string + builtin.features: + type: string + client.id: + type: string + closesocket_cb: + type: string + connect_cb: + type: string + connections.max.idle.ms: + type: integer + debug: + type: string + default_topic_conf: + type: string + enable.random.seed: + type: boolean + enable.sasl.oauthbearer.unsecure.jwt: + type: boolean + enable.ssl.certificate.verification: + type: boolean + enabled_events: + type: integer + error_cb: + type: string + interceptors: + type: string + internal.termination.signal: + type: integer + log.connection.close: + type: boolean + log.queue: + type: boolean + log.thread.name: + type: boolean + log_cb: + type: string + log_level: + type: integer + max.in.flight: + type: integer + max.in.flight.requests.per.connection: + type: integer + message.copy.max.bytes: + type: integer + message.max.bytes: + type: integer + metadata.broker.list: + type: string + metadata.max.age.ms: + type: integer + oauthbearer_token_refresh_cb: + type: string + opaque: + type: string + open_cb: + type: string + plugin.library.paths: + type: string + receive.message.max.bytes: + type: integer + reconnect.backoff.max.ms: + type: integer + reconnect.backoff.ms: + type: integer + resolve_cb: + type: string + sasl.kerberos.keytab: + type: string + sasl.kerberos.kinit.cmd: + type: string + sasl.kerberos.min.time.before.relogin: + type: integer + sasl.kerberos.principal: + type: string + sasl.kerberos.service.name: + type: string + sasl.mechanisms: + type: string + sasl.oauthbearer.client.id: + type: string + sasl.oauthbearer.client.secret: + type: string + sasl.oauthbearer.config: + type: string + sasl.oauthbearer.extensions: + type: string + sasl.oauthbearer.method: + type: string + sasl.oauthbearer.scope: + type: string + sasl.oauthbearer.token.endpoint.url: + type: string + sasl.password: + type: string + sasl.username: + type: string + security.protocol: + type: string + socket.blocking.max.ms: + type: integer + socket.connection.setup.timeout.ms: + type: integer + socket.keepalive.enable: + type: boolean + socket.max.fails: + type: integer + socket.nagle.disable: + type: boolean + socket.receive.buffer.bytes: + type: integer + socket.send.buffer.bytes: + type: integer + socket.timeout.ms: + type: integer + socket_cb: + type: string + ssl.ca.location: + type: string + ssl.ca.pem: + type: string + ssl.certificate.location: + type: string + ssl.certificate.pem: + type: string + ssl.cipher.suites: + type: string + ssl.crl.location: + type: string + ssl.curves.list: + type: string + ssl.endpoint.identification.algorithm: + type: string + ssl.engine.id: + type: string + ssl.engine.location: + type: string + ssl.key.location: + type: string + ssl.key.password: + type: string + ssl.key.pem: + type: string + ssl.keystore.location: + type: string + ssl.keystore.password: + type: string + ssl.providers: + type: string + ssl.sigalgs.list: + type: string + statistics.interval.ms: + type: integer + stats_cb: + type: string + throttle_cb: + type: string + topic.blacklist: + type: string + topic.metadata.propagation.max.ms: + type: integer + topic.metadata.refresh.fast.interval.ms: + type: integer + topic.metadata.refresh.interval.ms: + type: integer + topic.metadata.refresh.sparse: + type: boolean + type: object required_acks: type: integer sasl_over_ssl: @@ -9786,6 +9973,193 @@ spec: type: object principal: type: string + rdkafka_options: + properties: + allow.auto.create.topics: + type: boolean + api.version.fallback.ms: + type: integer + api.version.request: + type: boolean + api.version.request.timeout.ms: + type: integer + background_event_cb: + type: string + bootstrap.servers: + type: string + broker.address.family: + type: string + broker.address.ttl: + type: integer + broker.version.fallback: + type: string + builtin.features: + type: string + client.id: + type: string + closesocket_cb: + type: string + connect_cb: + type: string + connections.max.idle.ms: + type: integer + debug: + type: string + default_topic_conf: + type: string + enable.random.seed: + type: boolean + enable.sasl.oauthbearer.unsecure.jwt: + type: boolean + enable.ssl.certificate.verification: + type: boolean + enabled_events: + type: integer + error_cb: + type: string + interceptors: + type: string + internal.termination.signal: + type: integer + log.connection.close: + type: boolean + log.queue: + type: boolean + log.thread.name: + type: boolean + log_cb: + type: string + log_level: + type: integer + max.in.flight: + type: integer + max.in.flight.requests.per.connection: + type: integer + message.copy.max.bytes: + type: integer + message.max.bytes: + type: integer + metadata.broker.list: + type: string + metadata.max.age.ms: + type: integer + oauthbearer_token_refresh_cb: + type: string + opaque: + type: string + open_cb: + type: string + plugin.library.paths: + type: string + receive.message.max.bytes: + type: integer + reconnect.backoff.max.ms: + type: integer + reconnect.backoff.ms: + type: integer + resolve_cb: + type: string + sasl.kerberos.keytab: + type: string + sasl.kerberos.kinit.cmd: + type: string + sasl.kerberos.min.time.before.relogin: + type: integer + sasl.kerberos.principal: + type: string + sasl.kerberos.service.name: + type: string + sasl.mechanisms: + type: string + sasl.oauthbearer.client.id: + type: string + sasl.oauthbearer.client.secret: + type: string + sasl.oauthbearer.config: + type: string + sasl.oauthbearer.extensions: + type: string + sasl.oauthbearer.method: + type: string + sasl.oauthbearer.scope: + type: string + sasl.oauthbearer.token.endpoint.url: + type: string + sasl.password: + type: string + sasl.username: + type: string + security.protocol: + type: string + socket.blocking.max.ms: + type: integer + socket.connection.setup.timeout.ms: + type: integer + socket.keepalive.enable: + type: boolean + socket.max.fails: + type: integer + socket.nagle.disable: + type: boolean + socket.receive.buffer.bytes: + type: integer + socket.send.buffer.bytes: + type: integer + socket.timeout.ms: + type: integer + socket_cb: + type: string + ssl.ca.location: + type: string + ssl.ca.pem: + type: string + ssl.certificate.location: + type: string + ssl.certificate.pem: + type: string + ssl.cipher.suites: + type: string + ssl.crl.location: + type: string + ssl.curves.list: + type: string + ssl.endpoint.identification.algorithm: + type: string + ssl.engine.id: + type: string + ssl.engine.location: + type: string + ssl.key.location: + type: string + ssl.key.password: + type: string + ssl.key.pem: + type: string + ssl.keystore.location: + type: string + ssl.keystore.password: + type: string + ssl.providers: + type: string + ssl.sigalgs.list: + type: string + statistics.interval.ms: + type: integer + stats_cb: + type: string + throttle_cb: + type: string + topic.blacklist: + type: string + topic.metadata.propagation.max.ms: + type: integer + topic.metadata.refresh.fast.interval.ms: + type: integer + topic.metadata.refresh.interval.ms: + type: integer + topic.metadata.refresh.sparse: + type: boolean + type: object required_acks: type: integer sasl_over_ssl: diff --git a/docs/configuration/plugins/outputs/kafka.md b/docs/configuration/plugins/outputs/kafka.md index e0f29a642..ad73f79f5 100644 --- a/docs/configuration/plugins/outputs/kafka.md +++ b/docs/configuration/plugins/outputs/kafka.md @@ -184,6 +184,9 @@ Password when using PLAIN/SCRAM SASL authentication ### principal (string, optional) {#kafka-principal} +### rdkafka_options (RdkafkaOptions, optional) {#kafka-rdkafka_options} + + ### required_acks (int, optional) {#kafka-required_acks} The number of acks required per request . @@ -260,3 +263,468 @@ Username when using PLAIN/SCRAM SASL authentication +## RdkafkaOptions + +GlobalConfig represents the global configuration properties for librdkafka. + +### allow.auto.create.topics (bool, optional) {#rdkafkaoptions-allow.auto.create.topics} + +Allow automatic topic creation on the broker when subscribing to or assigning non-existent topics. The broker must also be configured with `auto.create.topics.enable=true` for this configuration to take effect. Note: the default value (true) for the producer is different from the default value (false) for the consumer. Further, the consumer default value is different from the Java consumer (true), and this property is not supported by the Java producer. Requires broker version >= 0.11.0.0, for older broker versions only the broker configuration applies. + + +### api.version.fallback.ms (int, optional) {#rdkafkaoptions-api.version.fallback.ms} + +Dictates how long the `broker.version.fallback` fallback is used in the case the ApiVersionRequest fails. + + +### api.version.request (bool, optional) {#rdkafkaoptions-api.version.request} + +Request broker's supported API versions to adjust functionality to available protocol features. If set to false, or the ApiVersionRequest fails, the fallback version `broker.version.fallback` will be used. **NOTE**: Depends on broker version >=0.10.0. If the request is not supported by (an older) broker the `broker.version.fallback` fallback is used. + + +### api.version.request.timeout.ms (int, optional) {#rdkafkaoptions-api.version.request.timeout.ms} + +Timeout for broker API version requests. + + +### background_event_cb (string, optional) {#rdkafkaoptions-background_event_cb} + +Background queue event callback (set with rd_kafka_conf_set_background_event_cb()) + + +### bootstrap.servers (string, optional) {#rdkafkaoptions-bootstrap.servers} + +Alias for `metadata.broker.list`: Initial list of brokers as a CSV list of broker host or host:port. The application may also use `rd_kafka_brokers_add()` to add brokers during runtime. + + +### broker.address.family (string, optional) {#rdkafkaoptions-broker.address.family} + +Allowed broker IP address families: any, v4, v6 + + +### broker.address.ttl (int, optional) {#rdkafkaoptions-broker.address.ttl} + +How long to cache the broker address resolving results (milliseconds). + + +### broker.version.fallback (string, optional) {#rdkafkaoptions-broker.version.fallback} + +Older broker versions (before 0.10.0) provide no way for a client to query for supported protocol features (ApiVersionRequest, see `api.version.request`) making it impossible for the client to know what features it may use. As a workaround a user may set this property to the expected broker version and the client will automatically adjust its feature set accordingly if the ApiVersionRequest fails (or is disabled). The fallback broker version will be used for `api.version.fallback.ms`. Valid values are: 0.9.0, 0.8.2, 0.8.1, 0.8.0. Any other value >= 0.10, such as 0.10.2.1, enables ApiVersionRequests. + + +### builtin.features (string, optional) {#rdkafkaoptions-builtin.features} + +Indicates the builtin features for this build of librdkafka. An application can either query this value or attempt to set it with its list of required features to check for library support. + + +### client.id (string, optional) {#rdkafkaoptions-client.id} + +Client identifier. + + +### closesocket_cb (string, optional) {#rdkafkaoptions-closesocket_cb} + +Socket close callback + + +### connect_cb (string, optional) {#rdkafkaoptions-connect_cb} + +Socket connect callback + + +### connections.max.idle.ms (int, optional) {#rdkafkaoptions-connections.max.idle.ms} + +Close broker connections after the specified time of inactivity. Disable with 0. If this property is left at its default value some heuristics are performed to determine a suitable default value, this is currently limited to identifying brokers on Azure (see librdkafka issue #3109 for more info). + + +### debug (string, optional) {#rdkafkaoptions-debug} + +A comma-separated list of debug contexts to enable. Detailed Producer debugging: broker,topic,msg. Consumer: consumer,cgrp,topic,fetch + + +### default_topic_conf (string, optional) {#rdkafkaoptions-default_topic_conf} + +Default topic configuration for automatically subscribed topics + + +### enable.random.seed (bool, optional) {#rdkafkaoptions-enable.random.seed} + +If enabled librdkafka will initialize the PRNG with srand(current_time.milliseconds) on the first invocation of rd_kafka_new() (required only if rand_r() is not available on your platform). If disabled the application must call srand() prior to calling rd_kafka_new(). + + +### enable.sasl.oauthbearer.unsecure.jwt (bool, optional) {#rdkafkaoptions-enable.sasl.oauthbearer.unsecure.jwt} + +Enable the builtin unsecure JWT OAUTHBEARER token handler if no oauthbearer_refresh_cb has been set. This builtin handler should only be used for development or testing, and not in production. + + +### enable.ssl.certificate.verification (bool, optional) {#rdkafkaoptions-enable.ssl.certificate.verification} + +Enable OpenSSL's builtin broker (server) certificate verification. This verification can be extended by the application by implementing a certificate_verify_cb. + + +### enabled_events (int, optional) {#rdkafkaoptions-enabled_events} + +See `rd_kafka_conf_set_events()` + + +### error_cb (string, optional) {#rdkafkaoptions-error_cb} + +Error callback (set with rd_kafka_conf_set_error_cb()) + + +### interceptors (string, optional) {#rdkafkaoptions-interceptors} + +Interceptors added through rd_kafka_conf_interceptor_add_..() and any configuration handled by interceptors. + + +### internal.termination.signal (int, optional) {#rdkafkaoptions-internal.termination.signal} + +Signal that librdkafka will use to quickly terminate on rd_kafka_destroy(). If this signal is not set then there will be a delay before rd_kafka_wait_destroyed() returns true as internal threads are timing out their system calls. If this signal is set however the delay will be minimal. The application should mask this signal as an internal signal handler is installed. + + +### log_cb (string, optional) {#rdkafkaoptions-log_cb} + +Log callback (set with rd_kafka_conf_set_log_cb()) + + +### log.connection.close (bool, optional) {#rdkafkaoptions-log.connection.close} + +Log broker disconnects. It might be useful to turn this off when interacting with 0.9 brokers with an aggressive `connections.max.idle.ms` value. + + +### log_level (int, optional) {#rdkafkaoptions-log_level} + +Logging level (syslog(3) levels) + + +### log.queue (bool, optional) {#rdkafkaoptions-log.queue} + +Disable spontaneous log_cb from internal librdkafka threads, instead enqueue log messages on queue set with `rd_kafka_set_log_queue()` and serve log callbacks or events through the standard poll APIs. **NOTE**: Log messages will linger in a temporary queue until the log queue has been set. + + +### log.thread.name (bool, optional) {#rdkafkaoptions-log.thread.name} + +Print internal thread name in log messages (useful for debugging librdkafka internals) + + +### max.in.flight (int, optional) {#rdkafkaoptions-max.in.flight} + +Alias for `max.in.flight.requests.per.connection`: Maximum number of in-flight requests per broker connection. This is a generic property applied to all broker communication, however it is primarily relevant to produce requests. In particular, note that other mechanisms limit the number of outstanding consumer fetch request per broker to one. + + +### max.in.flight.requests.per.connection (int, optional) {#rdkafkaoptions-max.in.flight.requests.per.connection} + +Maximum number of in-flight requests per broker connection. This is a generic property applied to all broker communication, however it is primarily relevant to produce requests. In particular, note that other mechanisms limit the number of outstanding consumer fetch request per broker to one. + + +### message.copy.max.bytes (int, optional) {#rdkafkaoptions-message.copy.max.bytes} + +Maximum size for message to be copied to buffer. Messages larger than this will be passed by reference (zero-copy) at the expense of larger iovecs. + + +### message.max.bytes (int, optional) {#rdkafkaoptions-message.max.bytes} + +Maximum Kafka protocol request message size. Due to differing framing overhead between protocol versions the producer is unable to reliably enforce a strict max message limit at produce time and may exceed the maximum size by one message in protocol ProduceRequests, the broker will enforce the the topic's `max.message.bytes` limit (see Apache Kafka documentation). + + +### metadata.broker.list (string, optional) {#rdkafkaoptions-metadata.broker.list} + +Initial list of brokers as a CSV list of broker host or host:port. The application may also use `rd_kafka_brokers_add()` to add brokers during runtime. + + +### metadata.max.age.ms (int, optional) {#rdkafkaoptions-metadata.max.age.ms} + +Metadata cache max age. Defaults to topic.metadata.refresh.interval.ms * 3 + + +### oauthbearer_token_refresh_cb (string, optional) {#rdkafkaoptions-oauthbearer_token_refresh_cb} + +SASL/OAUTHBEARER token refresh callback (set with rd_kafka_conf_set_oauthbearer_token_refresh_cb(), triggered by rd_kafka_poll(), et.al. This callback will be triggered when it is time to refresh the client's OAUTHBEARER token. Also see rd_kafka_conf_enable_sasl_queue(). + + +### opaque (string, optional) {#rdkafkaoptions-opaque} + +Application opaque (set with rd_kafka_conf_set_opaque()) + + +### open_cb (string, optional) {#rdkafkaoptions-open_cb} + +File open callback to provide race-free CLOEXEC + + +### plugin.library.paths (string, optional) {#rdkafkaoptions-plugin.library.paths} + +List of plugin libraries to load (; separated). The library search path is platform dependent (see dlopen(3) for Unix and LoadLibrary() for Windows). If no filename extension is specified the platform-specific extension (such as .dll or .so) will be appended automatically. + + +### receive.message.max.bytes (int, optional) {#rdkafkaoptions-receive.message.max.bytes} + +Maximum Kafka protocol response message size. This serves as a safety precaution to avoid memory exhaustion in case of protocol hickups. This value must be at least `fetch.max.bytes` + 512 to allow for protocol overhead; the value is adjusted automatically unless the configuration property is explicitly set. + + +### reconnect.backoff.max.ms (int, optional) {#rdkafkaoptions-reconnect.backoff.max.ms} + +The maximum time to wait before reconnecting to a broker after the connection has been closed. + + +### reconnect.backoff.ms (int, optional) {#rdkafkaoptions-reconnect.backoff.ms} + +The initial time to wait before reconnecting to a broker after the connection has been closed. The time is increased exponentially until `reconnect.backoff.max.ms` is reached. -25% to +50% jitter is applied to each reconnect backoff. A value of 0 disables the backoff and reconnects immediately. + + +### resolve_cb (string, optional) {#rdkafkaoptions-resolve_cb} + +Address resolution callback (set with rd_kafka_conf_set_resolve_cb()) + + +### sasl.kerberos.keytab (string, optional) {#rdkafkaoptions-sasl.kerberos.keytab} + +Path to Kerberos keytab file. This configuration property is only used as a variable in sasl.kerberos.kinit.cmd as ... -t "%{sasl.kerberos.keytab}". + + +### sasl.kerberos.kinit.cmd (string, optional) {#rdkafkaoptions-sasl.kerberos.kinit.cmd} + +Shell command to refresh or acquire the client's Kerberos ticket. This command is executed on client creation and every sasl.kerberos.min.time.before.relogin (0=disable). + + +### sasl.kerberos.min.time.before.relogin (int, optional) {#rdkafkaoptions-sasl.kerberos.min.time.before.relogin} + +Minimum time in milliseconds between key refresh attempts. Disable automatic key refresh by setting this property to 0. + + +### sasl.kerberos.principal (string, optional) {#rdkafkaoptions-sasl.kerberos.principal} + +This client's Kerberos principal name. (Not supported on Windows, will use the logon user's principal). + + +### sasl.kerberos.service.name (string, optional) {#rdkafkaoptions-sasl.kerberos.service.name} + +Kerberos principal name that Kafka runs as, not including /hostname@REALM. + + +### sasl.mechanisms (string, optional) {#rdkafkaoptions-sasl.mechanisms} + +SASL mechanism to use for authentication. Supported: GSSAPI, PLAIN, SCRAM-SHA-256, SCRAM-SHA-512, OAUTHBEARER. NOTE: Despite the name only one mechanism must be configured. + + +### sasl.oauthbearer.client.id (string, optional) {#rdkafkaoptions-sasl.oauthbearer.client.id} + +Public identifier for the application. Must be unique across all clients that the authorization server handles. Only used when sasl.oauthbearer.method is set to "oidc". + + +### sasl.oauthbearer.client.secret (string, optional) {#rdkafkaoptions-sasl.oauthbearer.client.secret} + +Client secret only known to the application and the authorization server. This should be a sufficiently random string that is not guessable. Only used when sasl.oauthbearer.method is set to "oidc". + + +### sasl.oauthbearer.config (string, optional) {#rdkafkaoptions-sasl.oauthbearer.config} + +SASL/OAUTHBEARER configuration. The format is implementation-dependent and must be parsed accordingly. The default unsecured token implementation (see https://tools.ietf.org/html/rfc7515#appendix-A.5) recognizes space-separated name=value pairs with valid names including principalClaimName, principal, scopeClaimName, scope, and lifeSeconds. The default value for principalClaimName is "sub", the default value for scopeClaimName is "scope", and the default value for lifeSeconds is 3600. The scope value is CSV format with the default value being no/empty scope. For example: principalClaimName=azp principal=admin scopeClaimName=roles scope=role1,role2 lifeSeconds=600. In addition, SASL extensions can be communicated to the broker via extension_NAME=value. For example: principal=admin extension_traceId=123. + + +### sasl.oauthbearer.extensions (string, optional) {#rdkafkaoptions-sasl.oauthbearer.extensions} + +Allow additional information to be provided to the broker. Comma-separated list of key=value pairs. E.g., "supportFeatureX=true,organizationId=sales-emea".Only used when sasl.oauthbearer.method is set to "oidc". + + +### sasl.oauthbearer.method (string, optional) {#rdkafkaoptions-sasl.oauthbearer.method} + +Set to "default" or "oidc" to control which login method to be used. If set to "oidc", the following properties must also be specified: sasl.oauthbearer.client.id, sasl.oauthbearer.client.secret, and sasl.oauthbearer.token.endpoint.url. + + +### sasl.oauthbearer.scope (string, optional) {#rdkafkaoptions-sasl.oauthbearer.scope} + +Client use this to specify the scope of the access request to the broker. Only used when sasl.oauthbearer.method is set to "oidc". + + +### sasl.oauthbearer.token.endpoint.url (string, optional) {#rdkafkaoptions-sasl.oauthbearer.token.endpoint.url} + +OAuth/OIDC issuer token endpoint HTTP(S) URI used to retrieve token. Only used when sasl.oauthbearer.method is set to "oidc". + + +### sasl.password (string, optional) {#rdkafkaoptions-sasl.password} + +SASL password for use with the PLAIN and SASL-SCRAM-.. mechanism. + + +### sasl.username (string, optional) {#rdkafkaoptions-sasl.username} + +SASL username for use with the PLAIN and SASL-SCRAM-.. mechanisms. + + +### security.protocol (string, optional) {#rdkafkaoptions-security.protocol} + +Protocol used to communicate with brokers. + + +### socket.blocking.max.ms (int, optional) {#rdkafkaoptions-socket.blocking.max.ms} + +DEPRECATED No longer used. + + +### socket_cb (string, optional) {#rdkafkaoptions-socket_cb} + +Socket creation callback to provide race-free CLOEXEC + + +### socket.connection.setup.timeout.ms (int, optional) {#rdkafkaoptions-socket.connection.setup.timeout.ms} + +Maximum time allowed for broker connection setup (TCP connection setup as well SSL and SASL handshake). If the connection to the broker is not fully functional after this the connection will be closed and retried. + + +### socket.keepalive.enable (bool, optional) {#rdkafkaoptions-socket.keepalive.enable} + +Enable TCP keep-alives (SO_KEEPALIVE) on broker sockets + + +### socket.max.fails (int, optional) {#rdkafkaoptions-socket.max.fails} + +Disconnect from broker when this number of send failures (e.g., timed out requests) is reached. Disable with 0. WARNING: It is highly recommended to leave this setting at its default value of 1 to avoid the client and broker to become desynchronized in case of request timeouts. NOTE: The connection is automatically re-established. + + +### socket.nagle.disable (bool, optional) {#rdkafkaoptions-socket.nagle.disable} + +Disable the Nagle algorithm (TCP_NODELAY) on broker sockets. + + +### socket.receive.buffer.bytes (int, optional) {#rdkafkaoptions-socket.receive.buffer.bytes} + +Broker socket receive buffer size. System default is used if 0. + + +### socket.send.buffer.bytes (int, optional) {#rdkafkaoptions-socket.send.buffer.bytes} + +Broker socket send buffer size. System default is used if 0. + + +### socket.timeout.ms (int, optional) {#rdkafkaoptions-socket.timeout.ms} + +Default timeout for network requests. Producer: ProduceRequests will use the lesser value of `socket.timeout.ms` and remaining `message.timeout.ms` for the first message in the batch. Consumer: FetchRequests will use `fetch.wait.max.ms` + `socket.timeout.ms`. Admin: Admin requests will use `socket.timeout.ms` or explicitly set `rd_kafka_AdminOptions_set_operation_timeout()` value. + + +### ssl.ca.location (string, optional) {#rdkafkaoptions-ssl.ca.location} + +File or directory path to CA certificate(s) for verifying the broker's key. Defaults: On Windows the system's CA certificates are automatically looked up in the Windows Root certificate store. On Mac OSX this configuration defaults to `probe`. It is recommended to install openssl using Homebrew, to provide CA certificates. On Linux install the distribution's ca-certificates package. If OpenSSL is statically linked or `ssl.ca.location` is set to `probe` a list of standard paths will be probed and the first one found will be used as the default CA certificate location path. If OpenSSL is dynamically linked the OpenSSL library's default path will be used (see `OPENSSLDIR` in `openssl version -a`). + + +### ssl.ca.pem (string, optional) {#rdkafkaoptions-ssl.ca.pem} + +CA certificate string (PEM format) for verifying the broker's key. + + +### ssl.certificate.location (string, optional) {#rdkafkaoptions-ssl.certificate.location} + +Path to client's public key (PEM) used for authentication. + + +### ssl.certificate.pem (string, optional) {#rdkafkaoptions-ssl.certificate.pem} + +Client's public key string (PEM format) used for authentication. + + +### ssl.cipher.suites (string, optional) {#rdkafkaoptions-ssl.cipher.suites} + +A cipher suite is a named combination of authentication, encryption, MAC and key exchange algorithm used to negotiate the security settings for a network connection using TLS or SSL network protocol. See manual page for `ciphers(1)` and `SSL_CTX_set_cipher_list(3). + + +### ssl.crl.location (string, optional) {#rdkafkaoptions-ssl.crl.location} + +Path to CRL for verifying broker's certificate validity. + + +### ssl.curves.list (string, optional) {#rdkafkaoptions-ssl.curves.list} + +The supported-curves extension in the TLS ClientHello message specifies the curves (standard/named, or 'explicit' GF(2^k) or GF(p)) the client is willing to have the server use. See manual page for `SSL_CTX_set1_curves_list(3)`. OpenSSL >= 1.0.2 required. + + +### ssl.endpoint.identification.algorithm (string, optional) {#rdkafkaoptions-ssl.endpoint.identification.algorithm} + +Endpoint identification algorithm to validate broker hostname using broker certificate. https - Server (broker) hostname verification as specified in RFC2818. none - No endpoint verification. OpenSSL >= 1.0.2 required. + + +### ssl.engine.id (string, optional) {#rdkafkaoptions-ssl.engine.id} + +OpenSSL engine id is the name used for loading engine. + + +### ssl.engine.location (string, optional) {#rdkafkaoptions-ssl.engine.location} + +**DEPRECATED** Path to OpenSSL engine library. OpenSSL >= 1.1.x required. DEPRECATED: OpenSSL engine support is deprecated and should be replaced by OpenSSL 3 providers. + + +### ssl.key.location (string, optional) {#rdkafkaoptions-ssl.key.location} + +Path to client's private key (PEM) used for authentication. + + +### ssl.key.password (string, optional) {#rdkafkaoptions-ssl.key.password} + +Private key passphrase (for use with `ssl.key.location` and `set_ssl_cert()`). + + +### ssl.key.pem (string, optional) {#rdkafkaoptions-ssl.key.pem} + +Client's private key string (PEM format) used for authentication. + + +### ssl.keystore.location (string, optional) {#rdkafkaoptions-ssl.keystore.location} + +Path to client's keystore (PKCS#12) used for authentication. + + +### ssl.keystore.password (string, optional) {#rdkafkaoptions-ssl.keystore.password} + +Client's keystore (PKCS#12) password. + + +### ssl.providers (string, optional) {#rdkafkaoptions-ssl.providers} + +Comma-separated list of OpenSSL 3.0.x implementation providers. E.g., "default,legacy". + + +### ssl.sigalgs.list (string, optional) {#rdkafkaoptions-ssl.sigalgs.list} + +The client uses the TLS ClientHello signature_algorithms extension to indicate to the server which signature/hash algorithm pairs may be used in digital signatures. See manual page for `SSL_CTX_set1_sigalgs_list(3)`. OpenSSL >= 1.0.2 required. + + +### statistics.interval.ms (int, optional) {#rdkafkaoptions-statistics.interval.ms} + +librdkafka statistics emit interval. The application also needs to register a stats callback using `rd_kafka_conf_set_stats_cb()`. The granularity is 1000ms. A value of 0 disables statistics. + + +### stats_cb (string, optional) {#rdkafkaoptions-stats_cb} + +Statistics callback (set with rd_kafka_conf_set_stats_cb()) + + +### throttle_cb (string, optional) {#rdkafkaoptions-throttle_cb} + +Throttle callback (set with rd_kafka_conf_set_throttle_cb()) + + +### topic.blacklist (string, optional) {#rdkafkaoptions-topic.blacklist} + +Topic blacklist, a comma-separated list of regular expressions for matching topic names that should be ignored in broker metadata information as if the topics did not exist. + + +### topic.metadata.propagation.max.ms (int, optional) {#rdkafkaoptions-topic.metadata.propagation.max.ms} + +Apache Kafka topic creation is asynchronous and it takes some time for a new topic to propagate throughout the cluster to all brokers. If a client requests topic metadata after manual topic creation but before the topic has been fully propagated to the broker the client is requesting metadata from, the topic will seem to be non-existent and the client will mark the topic as such, failing queued produced messages with `ERR__UNKNOWN_TOPIC`. This setting delays marking a topic as non-existent until the configured propagation max time has passed. The maximum propagation time is calculated from the time the topic is first referenced in the client, e.g., on produce(). + + +### topic.metadata.refresh.fast.interval.ms (int, optional) {#rdkafkaoptions-topic.metadata.refresh.fast.interval.ms} + +When a topic loses its leader a new metadata request will be enqueued immediately and then with this initial interval, exponentially increasing upto `retry.backoff.max.ms`, until the topic metadata has been refreshed. If not set explicitly, it will be defaulted to `retry.backoff.ms`. This is used to recover quickly from transitioning leader brokers. + + +### topic.metadata.refresh.interval.ms (int, optional) {#rdkafkaoptions-topic.metadata.refresh.interval.ms} + +Period of time in milliseconds at which topic and broker metadata is refreshed in order to proactively discover any new brokers, topics, partitions or partition leader changes. Use -1 to disable the intervalled refresh (not recommended). If there are no locally referenced topics (no topic objects created, no messages produced, no subscription or no assignment) then only the broker list will be refreshed every interval but no more often than every 10s. + + +### topic.metadata.refresh.sparse (bool, optional) {#rdkafkaoptions-topic.metadata.refresh.sparse} + +Sparse metadata requests (consumes less network bandwidth) + + + diff --git a/pkg/sdk/logging/model/output/kafka.go b/pkg/sdk/logging/model/output/kafka.go index fcbb06aef..ed43f4f43 100644 --- a/pkg/sdk/logging/model/output/kafka.go +++ b/pkg/sdk/logging/model/output/kafka.go @@ -65,7 +65,8 @@ type _metaKafka interface{} //nolint:deadcode,unused // -[more info](https://github.com/fluent/fluent-plugin-kafka#output-plugin) type KafkaOutputConfig struct { // Use rdkafka2 instead of the legacy kafka2 output plugin. This plugin requires fluentd image version v1.16-4.9-full or higher. - UseRdkafka bool `json:"use_rdkafka,omitempty"` + UseRdkafka bool `json:"use_rdkafka,omitempty"` + RdkafkaOptions RdkafkaOptions `json:"rdkafka_options,omitempty"` // The list of all seed brokers, with their host and port information. Brokers string `json:"brokers"` // Topic Key (default: "topic") @@ -147,6 +148,194 @@ type KafkaOutputConfig struct { SlowFlushLogThreshold string `json:"slow_flush_log_threshold,omitempty"` } +// GlobalConfig represents the global configuration properties for librdkafka. +type RdkafkaOptions struct { + // Indicates the builtin features for this build of librdkafka. An application can either query this value or attempt to set it with its list of required features to check for library support. + BuiltinFeatures string `json:"builtin.features,omitempty"` + // Client identifier. + ClientID string `json:"client.id,omitempty"` + // Initial list of brokers as a CSV list of broker host or host:port. The application may also use `rd_kafka_brokers_add()` to add brokers during runtime. + MetadataBrokerList string `json:"metadata.broker.list,omitempty"` + // Alias for `metadata.broker.list`: Initial list of brokers as a CSV list of broker host or host:port. The application may also use `rd_kafka_brokers_add()` to add brokers during runtime. + BootstrapServers string `json:"bootstrap.servers,omitempty"` + // Maximum Kafka protocol request message size. Due to differing framing overhead between protocol versions the producer is unable to reliably enforce a strict max message limit at produce time and may exceed the maximum size by one message in protocol ProduceRequests, the broker will enforce the the topic's `max.message.bytes` limit (see Apache Kafka documentation). + MessageMaxBytes int `json:"message.max.bytes,omitempty"` + // Maximum size for message to be copied to buffer. Messages larger than this will be passed by reference (zero-copy) at the expense of larger iovecs. + MessageCopyMaxBytes int `json:"message.copy.max.bytes,omitempty"` + // Maximum Kafka protocol response message size. This serves as a safety precaution to avoid memory exhaustion in case of protocol hickups. This value must be at least `fetch.max.bytes` + 512 to allow for protocol overhead; the value is adjusted automatically unless the configuration property is explicitly set. + ReceiveMessageMaxBytes int `json:"receive.message.max.bytes,omitempty"` + // Maximum number of in-flight requests per broker connection. This is a generic property applied to all broker communication, however it is primarily relevant to produce requests. In particular, note that other mechanisms limit the number of outstanding consumer fetch request per broker to one. + MaxInFlightRequestsPerConnection int `json:"max.in.flight.requests.per.connection,omitempty"` + // Alias for `max.in.flight.requests.per.connection`: Maximum number of in-flight requests per broker connection. This is a generic property applied to all broker communication, however it is primarily relevant to produce requests. In particular, note that other mechanisms limit the number of outstanding consumer fetch request per broker to one. + MaxInFlight int `json:"max.in.flight,omitempty"` + // Period of time in milliseconds at which topic and broker metadata is refreshed in order to proactively discover any new brokers, topics, partitions or partition leader changes. Use -1 to disable the intervalled refresh (not recommended). If there are no locally referenced topics (no topic objects created, no messages produced, no subscription or no assignment) then only the broker list will be refreshed every interval but no more often than every 10s. + TopicMetadataRefreshIntervalMs int `json:"topic.metadata.refresh.interval.ms,omitempty"` + // Metadata cache max age. Defaults to topic.metadata.refresh.interval.ms * 3 + MetadataMaxAgeMs int `json:"metadata.max.age.ms,omitempty"` + // When a topic loses its leader a new metadata request will be enqueued immediately and then with this initial interval, exponentially increasing upto `retry.backoff.max.ms`, until the topic metadata has been refreshed. If not set explicitly, it will be defaulted to `retry.backoff.ms`. This is used to recover quickly from transitioning leader brokers. + TopicMetadataRefreshFastIntervalMs int `json:"topic.metadata.refresh.fast.interval.ms,omitempty"` + // Sparse metadata requests (consumes less network bandwidth) + TopicMetadataRefreshSparse bool `json:"topic.metadata.refresh.sparse,omitempty"` + // Apache Kafka topic creation is asynchronous and it takes some time for a new topic to propagate throughout the cluster to all brokers. If a client requests topic metadata after manual topic creation but before the topic has been fully propagated to the broker the client is requesting metadata from, the topic will seem to be non-existent and the client will mark the topic as such, failing queued produced messages with `ERR__UNKNOWN_TOPIC`. This setting delays marking a topic as non-existent until the configured propagation max time has passed. The maximum propagation time is calculated from the time the topic is first referenced in the client, e.g., on produce(). + TopicMetadataPropagationMaxMs int `json:"topic.metadata.propagation.max.ms,omitempty"` + // Topic blacklist, a comma-separated list of regular expressions for matching topic names that should be ignored in broker metadata information as if the topics did not exist. + TopicBlacklist string `json:"topic.blacklist,omitempty"` + // A comma-separated list of debug contexts to enable. Detailed Producer debugging: broker,topic,msg. Consumer: consumer,cgrp,topic,fetch + Debug string `json:"debug,omitempty"` + // Default timeout for network requests. Producer: ProduceRequests will use the lesser value of `socket.timeout.ms` and remaining `message.timeout.ms` for the first message in the batch. Consumer: FetchRequests will use `fetch.wait.max.ms` + `socket.timeout.ms`. Admin: Admin requests will use `socket.timeout.ms` or explicitly set `rd_kafka_AdminOptions_set_operation_timeout()` value. + SocketTimeoutMs int `json:"socket.timeout.ms,omitempty"` + // DEPRECATED No longer used. + SocketBlockingMaxMs int `json:"socket.blocking.max.ms,omitempty"` + // Broker socket send buffer size. System default is used if 0. + SocketSendBufferBytes int `json:"socket.send.buffer.bytes,omitempty"` + // Broker socket receive buffer size. System default is used if 0. + SocketReceiveBufferBytes int `json:"socket.receive.buffer.bytes,omitempty"` + // Enable TCP keep-alives (SO_KEEPALIVE) on broker sockets + SocketKeepaliveEnable bool `json:"socket.keepalive.enable,omitempty"` + // Disable the Nagle algorithm (TCP_NODELAY) on broker sockets. + SocketNagleDisable bool `json:"socket.nagle.disable,omitempty"` + // Disconnect from broker when this number of send failures (e.g., timed out requests) is reached. Disable with 0. WARNING: It is highly recommended to leave this setting at its default value of 1 to avoid the client and broker to become desynchronized in case of request timeouts. NOTE: The connection is automatically re-established. + SocketMaxFails int `json:"socket.max.fails,omitempty"` + // How long to cache the broker address resolving results (milliseconds). + BrokerAddressTtl int `json:"broker.address.ttl,omitempty"` + // Allowed broker IP address families: any, v4, v6 + BrokerAddressFamily string `json:"broker.address.family,omitempty"` + // Maximum time allowed for broker connection setup (TCP connection setup as well SSL and SASL handshake). If the connection to the broker is not fully functional after this the connection will be closed and retried. + SocketConnectionSetupTimeoutMs int `json:"socket.connection.setup.timeout.ms,omitempty"` + // Close broker connections after the specified time of inactivity. Disable with 0. If this property is left at its default value some heuristics are performed to determine a suitable default value, this is currently limited to identifying brokers on Azure (see librdkafka issue #3109 for more info). + ConnectionsMaxIdleMs int `json:"connections.max.idle.ms,omitempty"` + // The initial time to wait before reconnecting to a broker after the connection has been closed. The time is increased exponentially until `reconnect.backoff.max.ms` is reached. -25% to +50% jitter is applied to each reconnect backoff. A value of 0 disables the backoff and reconnects immediately. + ReconnectBackoffMs int `json:"reconnect.backoff.ms,omitempty"` + // The maximum time to wait before reconnecting to a broker after the connection has been closed. + ReconnectBackoffMaxMs int `json:"reconnect.backoff.max.ms,omitempty"` + // librdkafka statistics emit interval. The application also needs to register a stats callback using `rd_kafka_conf_set_stats_cb()`. The granularity is 1000ms. A value of 0 disables statistics. + StatisticsIntervalMs int `json:"statistics.interval.ms,omitempty"` + // See `rd_kafka_conf_set_events()` + EnabledEvents int `json:"enabled_events,omitempty"` + // Error callback (set with rd_kafka_conf_set_error_cb()) + ErrorCb string `json:"error_cb,omitempty"` + // Throttle callback (set with rd_kafka_conf_set_throttle_cb()) + ThrottleCb string `json:"throttle_cb,omitempty"` + // Statistics callback (set with rd_kafka_conf_set_stats_cb()) + StatsCb string `json:"stats_cb,omitempty"` + // Log callback (set with rd_kafka_conf_set_log_cb()) + LogCb string `json:"log_cb,omitempty"` + // Logging level (syslog(3) levels) + LogLevel int `json:"log_level,omitempty"` + // Disable spontaneous log_cb from internal librdkafka threads, instead enqueue log messages on queue set with `rd_kafka_set_log_queue()` and serve log callbacks or events through the standard poll APIs. **NOTE**: Log messages will linger in a temporary queue until the log queue has been set. + LogQueue bool `json:"log.queue,omitempty"` + // Print internal thread name in log messages (useful for debugging librdkafka internals) + LogThreadName bool `json:"log.thread.name,omitempty"` + // If enabled librdkafka will initialize the PRNG with srand(current_time.milliseconds) on the first invocation of rd_kafka_new() (required only if rand_r() is not available on your platform). If disabled the application must call srand() prior to calling rd_kafka_new(). + EnableRandomSeed bool `json:"enable.random.seed,omitempty"` + // Log broker disconnects. It might be useful to turn this off when interacting with 0.9 brokers with an aggressive `connections.max.idle.ms` value. + LogConnectionClose bool `json:"log.connection.close,omitempty"` + // Background queue event callback (set with rd_kafka_conf_set_background_event_cb()) + BackgroundEventCb string `json:"background_event_cb,omitempty"` + // Socket creation callback to provide race-free CLOEXEC + SocketCb string `json:"socket_cb,omitempty"` + // Socket connect callback + ConnectCb string `json:"connect_cb,omitempty"` + // Socket close callback + ClosesocketCb string `json:"closesocket_cb,omitempty"` + // File open callback to provide race-free CLOEXEC + OpenCb string `json:"open_cb,omitempty"` + // Address resolution callback (set with rd_kafka_conf_set_resolve_cb()) + ResolveCb string `json:"resolve_cb,omitempty"` + // Application opaque (set with rd_kafka_conf_set_opaque()) + Opaque string `json:"opaque,omitempty"` + // Default topic configuration for automatically subscribed topics + DefaultTopicConf string `json:"default_topic_conf,omitempty"` + // Signal that librdkafka will use to quickly terminate on rd_kafka_destroy(). If this signal is not set then there will be a delay before rd_kafka_wait_destroyed() returns true as internal threads are timing out their system calls. If this signal is set however the delay will be minimal. The application should mask this signal as an internal signal handler is installed. + InternalTerminationSignal int `json:"internal.termination.signal,omitempty"` + // Request broker's supported API versions to adjust functionality to available protocol features. If set to false, or the ApiVersionRequest fails, the fallback version `broker.version.fallback` will be used. **NOTE**: Depends on broker version >=0.10.0. If the request is not supported by (an older) broker the `broker.version.fallback` fallback is used. + ApiVersionRequest bool `json:"api.version.request,omitempty"` + // Timeout for broker API version requests. + ApiVersionRequestTimeoutMs int `json:"api.version.request.timeout.ms,omitempty"` + // Dictates how long the `broker.version.fallback` fallback is used in the case the ApiVersionRequest fails. + ApiVersionFallbackMs int `json:"api.version.fallback.ms,omitempty"` + // Older broker versions (before 0.10.0) provide no way for a client to query for supported protocol features (ApiVersionRequest, see `api.version.request`) making it impossible for the client to know what features it may use. As a workaround a user may set this property to the expected broker version and the client will automatically adjust its feature set accordingly if the ApiVersionRequest fails (or is disabled). The fallback broker version will be used for `api.version.fallback.ms`. Valid values are: 0.9.0, 0.8.2, 0.8.1, 0.8.0. Any other value >= 0.10, such as 0.10.2.1, enables ApiVersionRequests. + BrokerVersionFallback string `json:"broker.version.fallback,omitempty"` + // Allow automatic topic creation on the broker when subscribing to or assigning non-existent topics. The broker must also be configured with `auto.create.topics.enable=true` for this configuration to take effect. Note: the default value (true) for the producer is different from the default value (false) for the consumer. Further, the consumer default value is different from the Java consumer (true), and this property is not supported by the Java producer. Requires broker version >= 0.11.0.0, for older broker versions only the broker configuration applies. + AllowAutoCreateTopics bool `json:"allow.auto.create.topics,omitempty"` + // Protocol used to communicate with brokers. + SecurityProtocol string `json:"security.protocol,omitempty"` + // A cipher suite is a named combination of authentication, encryption, MAC and key exchange algorithm used to negotiate the security settings for a network connection using TLS or SSL network protocol. See manual page for `ciphers(1)` and `SSL_CTX_set_cipher_list(3). + SslCipherSuites string `json:"ssl.cipher.suites,omitempty"` + // The supported-curves extension in the TLS ClientHello message specifies the curves (standard/named, or 'explicit' GF(2^k) or GF(p)) the client is willing to have the server use. See manual page for `SSL_CTX_set1_curves_list(3)`. OpenSSL >= 1.0.2 required. + SslCurvesList string `json:"ssl.curves.list,omitempty"` + // The client uses the TLS ClientHello signature_algorithms extension to indicate to the server which signature/hash algorithm pairs may be used in digital signatures. See manual page for `SSL_CTX_set1_sigalgs_list(3)`. OpenSSL >= 1.0.2 required. + SslSigalgsList string `json:"ssl.sigalgs.list,omitempty"` + // Path to client's private key (PEM) used for authentication. + SslKeyLocation string `json:"ssl.key.location,omitempty"` + // Private key passphrase (for use with `ssl.key.location` and `set_ssl_cert()`). + SslKeyPassword string `json:"ssl.key.password,omitempty"` + // Client's private key string (PEM format) used for authentication. + SslKeyPem string `json:"ssl.key.pem,omitempty"` + // Path to client's public key (PEM) used for authentication. + SslCertificateLocation string `json:"ssl.certificate.location,omitempty"` + // Client's public key string (PEM format) used for authentication. + SslCertificatePem string `json:"ssl.certificate.pem,omitempty"` + // File or directory path to CA certificate(s) for verifying the broker's key. Defaults: On Windows the system's CA certificates are automatically looked up in the Windows Root certificate store. On Mac OSX this configuration defaults to `probe`. It is recommended to install openssl using Homebrew, to provide CA certificates. On Linux install the distribution's ca-certificates package. If OpenSSL is statically linked or `ssl.ca.location` is set to `probe` a list of standard paths will be probed and the first one found will be used as the default CA certificate location path. If OpenSSL is dynamically linked the OpenSSL library's default path will be used (see `OPENSSLDIR` in `openssl version -a`). + SslCaLocation string `json:"ssl.ca.location,omitempty"` + // CA certificate string (PEM format) for verifying the broker's key. + SslCaPem string `json:"ssl.ca.pem,omitempty"` + // Path to CRL for verifying broker's certificate validity. + SslCrlLocation string `json:"ssl.crl.location,omitempty"` + // Path to client's keystore (PKCS#12) used for authentication. + SslKeystoreLocation string `json:"ssl.keystore.location,omitempty"` + // Client's keystore (PKCS#12) password. + SslKeystorePassword string `json:"ssl.keystore.password,omitempty"` + // Comma-separated list of OpenSSL 3.0.x implementation providers. E.g., "default,legacy". + SslProviders string `json:"ssl.providers,omitempty"` + // **DEPRECATED** Path to OpenSSL engine library. OpenSSL >= 1.1.x required. DEPRECATED: OpenSSL engine support is deprecated and should be replaced by OpenSSL 3 providers. + SslEngineLocation string `json:"ssl.engine.location,omitempty"` + // OpenSSL engine id is the name used for loading engine. + SslEngineId string `json:"ssl.engine.id,omitempty"` + // Enable OpenSSL's builtin broker (server) certificate verification. This verification can be extended by the application by implementing a certificate_verify_cb. + EnableSslCertificateVerification bool `json:"enable.ssl.certificate.verification,omitempty"` + // Endpoint identification algorithm to validate broker hostname using broker certificate. https - Server (broker) hostname verification as specified in RFC2818. none - No endpoint verification. OpenSSL >= 1.0.2 required. + SslEndpointIdentificationAlgorithm string `json:"ssl.endpoint.identification.algorithm,omitempty"` + // SASL mechanism to use for authentication. Supported: GSSAPI, PLAIN, SCRAM-SHA-256, SCRAM-SHA-512, OAUTHBEARER. NOTE: Despite the name only one mechanism must be configured. + SaslMechanisms string `json:"sasl.mechanisms,omitempty" ` + // Kerberos principal name that Kafka runs as, not including /hostname@REALM. + SaslKerberosServiceName string `json:"sasl.kerberos.service.name,omitempty" ` + // This client's Kerberos principal name. (Not supported on Windows, will use the logon user's principal). + SaslKerberosPrincipal string `json:"sasl.kerberos.principal,omitempty" ` + // Shell command to refresh or acquire the client's Kerberos ticket. This command is executed on client creation and every sasl.kerberos.min.time.before.relogin (0=disable). + SaslKerberosKinitCmd string `json:"sasl.kerberos.kinit.cmd,omitempty" ` + // Path to Kerberos keytab file. This configuration property is only used as a variable in sasl.kerberos.kinit.cmd as ... -t "%{sasl.kerberos.keytab}". + SaslKerberosKeytab string `json:"sasl.kerberos.keytab,omitempty" ` + // Minimum time in milliseconds between key refresh attempts. Disable automatic key refresh by setting this property to 0. + SaslKerberosMinTimeBeforeRelogin int `json:"sasl.kerberos.min.time.before.relogin,omitempty" ` + // SASL username for use with the PLAIN and SASL-SCRAM-.. mechanisms. + SaslUsername string `json:"sasl.username,omitempty" ` + // SASL password for use with the PLAIN and SASL-SCRAM-.. mechanism. + SaslPassword string `json:"sasl.password,omitempty" ` + // SASL/OAUTHBEARER configuration. The format is implementation-dependent and must be parsed accordingly. The default unsecured token implementation (see https://tools.ietf.org/html/rfc7515#appendix-A.5) recognizes space-separated name=value pairs with valid names including principalClaimName, principal, scopeClaimName, scope, and lifeSeconds. The default value for principalClaimName is "sub", the default value for scopeClaimName is "scope", and the default value for lifeSeconds is 3600. The scope value is CSV format with the default value being no/empty scope. For example: principalClaimName=azp principal=admin scopeClaimName=roles scope=role1,role2 lifeSeconds=600. In addition, SASL extensions can be communicated to the broker via extension_NAME=value. For example: principal=admin extension_traceId=123. + SaslOauthbearerConfig string `json:"sasl.oauthbearer.config,omitempty" ` + // Enable the builtin unsecure JWT OAUTHBEARER token handler if no oauthbearer_refresh_cb has been set. This builtin handler should only be used for development or testing, and not in production. + EnableSaslOauthbearerUnsecureJwt bool `json:"enable.sasl.oauthbearer.unsecure.jwt,omitempty" ` + // SASL/OAUTHBEARER token refresh callback (set with rd_kafka_conf_set_oauthbearer_token_refresh_cb(), triggered by rd_kafka_poll(), et.al. This callback will be triggered when it is time to refresh the client's OAUTHBEARER token. Also see rd_kafka_conf_enable_sasl_queue(). + OauthbearerTokenRefreshCb string `json:"oauthbearer_token_refresh_cb,omitempty" ` + // Set to "default" or "oidc" to control which login method to be used. If set to "oidc", the following properties must also be specified: sasl.oauthbearer.client.id, sasl.oauthbearer.client.secret, and sasl.oauthbearer.token.endpoint.url. + SaslOauthbearerMethod string `json:"sasl.oauthbearer.method,omitempty" ` + // Public identifier for the application. Must be unique across all clients that the authorization server handles. Only used when sasl.oauthbearer.method is set to "oidc". + SaslOauthbearerClientId string `json:"sasl.oauthbearer.client.id,omitempty" ` + // Client secret only known to the application and the authorization server. This should be a sufficiently random string that is not guessable. Only used when sasl.oauthbearer.method is set to "oidc". + SaslOauthbearerClientSecret string `json:"sasl.oauthbearer.client.secret,omitempty" ` + // Client use this to specify the scope of the access request to the broker. Only used when sasl.oauthbearer.method is set to "oidc". + SaslOauthbearerScope string `json:"sasl.oauthbearer.scope,omitempty" ` + // Allow additional information to be provided to the broker. Comma-separated list of key=value pairs. E.g., "supportFeatureX=true,organizationId=sales-emea".Only used when sasl.oauthbearer.method is set to "oidc". + SaslOauthbearerExtensions string `json:"sasl.oauthbearer.extensions,omitempty" ` + // OAuth/OIDC issuer token endpoint HTTP(S) URI used to retrieve token. Only used when sasl.oauthbearer.method is set to "oidc". + SaslOauthbearerTokenEndpointUrl string `json:"sasl.oauthbearer.token.endpoint.url,omitempty" ` + // List of plugin libraries to load (; separated). The library search path is platform dependent (see dlopen(3) for Unix and LoadLibrary() for Windows). If no filename extension is specified the platform-specific extension (such as .dll or .so) will be appended automatically. + PluginLibraryPaths string `json:"plugin.library.paths,omitempty" ` + // Interceptors added through rd_kafka_conf_interceptor_add_..() and any configuration handled by interceptors. + Interceptors string `json:"interceptors,omitempty"` +} + func (e *KafkaOutputConfig) ToDirective(secretLoader secret.SecretLoader, id string) (types.Directive, error) { pluginType := "kafka2" if e.UseRdkafka { diff --git a/pkg/sdk/logging/model/output/kafka_test.go b/pkg/sdk/logging/model/output/kafka_test.go index 288c0f01f..2b8d0571c 100644 --- a/pkg/sdk/logging/model/output/kafka_test.go +++ b/pkg/sdk/logging/model/output/kafka_test.go @@ -69,6 +69,14 @@ brokers: kafka-headless.kafka.svc.cluster.local:29092 default_topic: topic use_rdkafka: true ssl_verify_hostname: false +rdkafka_options: + sasl.mechanisms: PLAIN + sasl.username: user + security.protocol: SASL_SSL + ssl.ca.location: /etc/ssl/certs/ca-certificates.crt + ssl.certificate.location: /etc/ssl/certs/tls.crt + ssl.key.location: /etc/ssl/certs/tls.key + ssl.key.password: password format: type: json buffer: diff --git a/pkg/sdk/logging/model/output/zz_generated.deepcopy.go b/pkg/sdk/logging/model/output/zz_generated.deepcopy.go index cca345225..1304d78dd 100644 --- a/pkg/sdk/logging/model/output/zz_generated.deepcopy.go +++ b/pkg/sdk/logging/model/output/zz_generated.deepcopy.go @@ -692,6 +692,7 @@ func (in *HTTPOutputConfig) DeepCopy() *HTTPOutputConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KafkaOutputConfig) DeepCopyInto(out *KafkaOutputConfig) { *out = *in + out.RdkafkaOptions = in.RdkafkaOptions if in.Headers != nil { in, out := &in.Headers, &out.Headers *out = make(map[string]string, len(*in)) From 77aa696b7c6b3e9c006364ff8c97c2365f3bafb4 Mon Sep 17 00:00:00 2001 From: withlin Date: Wed, 4 Dec 2024 19:32:46 +0800 Subject: [PATCH 2/4] fix: some nits Signed-off-by: withlin Signed-off-by: withlin --- pkg/sdk/logging/model/output/kafka.go | 42 +++++++++++++-------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/pkg/sdk/logging/model/output/kafka.go b/pkg/sdk/logging/model/output/kafka.go index ed43f4f43..fb91d34c3 100644 --- a/pkg/sdk/logging/model/output/kafka.go +++ b/pkg/sdk/logging/model/output/kafka.go @@ -148,7 +148,7 @@ type KafkaOutputConfig struct { SlowFlushLogThreshold string `json:"slow_flush_log_threshold,omitempty"` } -// GlobalConfig represents the global configuration properties for librdkafka. +// RdkafkaOptions represents the global configuration properties for librdkafka. type RdkafkaOptions struct { // Indicates the builtin features for this build of librdkafka. An application can either query this value or attempt to set it with its list of required features to check for library support. BuiltinFeatures string `json:"builtin.features,omitempty"` @@ -197,7 +197,7 @@ type RdkafkaOptions struct { // Disconnect from broker when this number of send failures (e.g., timed out requests) is reached. Disable with 0. WARNING: It is highly recommended to leave this setting at its default value of 1 to avoid the client and broker to become desynchronized in case of request timeouts. NOTE: The connection is automatically re-established. SocketMaxFails int `json:"socket.max.fails,omitempty"` // How long to cache the broker address resolving results (milliseconds). - BrokerAddressTtl int `json:"broker.address.ttl,omitempty"` + BrokerAddressTTl int `json:"broker.address.ttl,omitempty"` // Allowed broker IP address families: any, v4, v6 BrokerAddressFamily string `json:"broker.address.family,omitempty"` // Maximum time allowed for broker connection setup (TCP connection setup as well SSL and SASL handshake). If the connection to the broker is not fully functional after this the connection will be closed and retried. @@ -237,7 +237,7 @@ type RdkafkaOptions struct { // Socket connect callback ConnectCb string `json:"connect_cb,omitempty"` // Socket close callback - ClosesocketCb string `json:"closesocket_cb,omitempty"` + CloseSocketCb string `json:"closesocket_cb,omitempty"` // File open callback to provide race-free CLOEXEC OpenCb string `json:"open_cb,omitempty"` // Address resolution callback (set with rd_kafka_conf_set_resolve_cb()) @@ -261,41 +261,41 @@ type RdkafkaOptions struct { // Protocol used to communicate with brokers. SecurityProtocol string `json:"security.protocol,omitempty"` // A cipher suite is a named combination of authentication, encryption, MAC and key exchange algorithm used to negotiate the security settings for a network connection using TLS or SSL network protocol. See manual page for `ciphers(1)` and `SSL_CTX_set_cipher_list(3). - SslCipherSuites string `json:"ssl.cipher.suites,omitempty"` + SSLCipherSuites string `json:"ssl.cipher.suites,omitempty"` // The supported-curves extension in the TLS ClientHello message specifies the curves (standard/named, or 'explicit' GF(2^k) or GF(p)) the client is willing to have the server use. See manual page for `SSL_CTX_set1_curves_list(3)`. OpenSSL >= 1.0.2 required. - SslCurvesList string `json:"ssl.curves.list,omitempty"` + SSLCurvesList string `json:"ssl.curves.list,omitempty"` // The client uses the TLS ClientHello signature_algorithms extension to indicate to the server which signature/hash algorithm pairs may be used in digital signatures. See manual page for `SSL_CTX_set1_sigalgs_list(3)`. OpenSSL >= 1.0.2 required. - SslSigalgsList string `json:"ssl.sigalgs.list,omitempty"` + SSLSigalgsList string `json:"ssl.sigalgs.list,omitempty"` // Path to client's private key (PEM) used for authentication. - SslKeyLocation string `json:"ssl.key.location,omitempty"` + SSLKeyLocation string `json:"ssl.key.location,omitempty"` // Private key passphrase (for use with `ssl.key.location` and `set_ssl_cert()`). - SslKeyPassword string `json:"ssl.key.password,omitempty"` + SSLKeyPassword string `json:"ssl.key.password,omitempty"` // Client's private key string (PEM format) used for authentication. - SslKeyPem string `json:"ssl.key.pem,omitempty"` + SSLKeyPem string `json:"ssl.key.pem,omitempty"` // Path to client's public key (PEM) used for authentication. - SslCertificateLocation string `json:"ssl.certificate.location,omitempty"` + SSLCertificateLocation string `json:"ssl.certificate.location,omitempty"` // Client's public key string (PEM format) used for authentication. - SslCertificatePem string `json:"ssl.certificate.pem,omitempty"` + SSLCertificatePem string `json:"ssl.certificate.pem,omitempty"` // File or directory path to CA certificate(s) for verifying the broker's key. Defaults: On Windows the system's CA certificates are automatically looked up in the Windows Root certificate store. On Mac OSX this configuration defaults to `probe`. It is recommended to install openssl using Homebrew, to provide CA certificates. On Linux install the distribution's ca-certificates package. If OpenSSL is statically linked or `ssl.ca.location` is set to `probe` a list of standard paths will be probed and the first one found will be used as the default CA certificate location path. If OpenSSL is dynamically linked the OpenSSL library's default path will be used (see `OPENSSLDIR` in `openssl version -a`). - SslCaLocation string `json:"ssl.ca.location,omitempty"` + SSLCaLocation string `json:"ssl.ca.location,omitempty"` // CA certificate string (PEM format) for verifying the broker's key. - SslCaPem string `json:"ssl.ca.pem,omitempty"` + SSLCaPem string `json:"ssl.ca.pem,omitempty"` // Path to CRL for verifying broker's certificate validity. - SslCrlLocation string `json:"ssl.crl.location,omitempty"` + SSLCrlLocation string `json:"ssl.crl.location,omitempty"` // Path to client's keystore (PKCS#12) used for authentication. - SslKeystoreLocation string `json:"ssl.keystore.location,omitempty"` + SSLKeystoreLocation string `json:"ssl.keystore.location,omitempty"` // Client's keystore (PKCS#12) password. - SslKeystorePassword string `json:"ssl.keystore.password,omitempty"` + SSLKeystorePassword string `json:"ssl.keystore.password,omitempty"` // Comma-separated list of OpenSSL 3.0.x implementation providers. E.g., "default,legacy". - SslProviders string `json:"ssl.providers,omitempty"` + SSLProviders string `json:"ssl.providers,omitempty"` // **DEPRECATED** Path to OpenSSL engine library. OpenSSL >= 1.1.x required. DEPRECATED: OpenSSL engine support is deprecated and should be replaced by OpenSSL 3 providers. - SslEngineLocation string `json:"ssl.engine.location,omitempty"` + SSLEngineLocation string `json:"ssl.engine.location,omitempty"` // OpenSSL engine id is the name used for loading engine. - SslEngineId string `json:"ssl.engine.id,omitempty"` + SSLEngineId string `json:"ssl.engine.id,omitempty"` // Enable OpenSSL's builtin broker (server) certificate verification. This verification can be extended by the application by implementing a certificate_verify_cb. - EnableSslCertificateVerification bool `json:"enable.ssl.certificate.verification,omitempty"` + EnableSSLCertificateVerification bool `json:"enable.ssl.certificate.verification,omitempty"` // Endpoint identification algorithm to validate broker hostname using broker certificate. https - Server (broker) hostname verification as specified in RFC2818. none - No endpoint verification. OpenSSL >= 1.0.2 required. - SslEndpointIdentificationAlgorithm string `json:"ssl.endpoint.identification.algorithm,omitempty"` + SSLEndpointIdentificationAlgorithm string `json:"ssl.endpoint.identification.algorithm,omitempty"` // SASL mechanism to use for authentication. Supported: GSSAPI, PLAIN, SCRAM-SHA-256, SCRAM-SHA-512, OAUTHBEARER. NOTE: Despite the name only one mechanism must be configured. SaslMechanisms string `json:"sasl.mechanisms,omitempty" ` // Kerberos principal name that Kafka runs as, not including /hostname@REALM. From 766970f855619d2eb4f59fd87c37f8a79bb7d44b Mon Sep 17 00:00:00 2001 From: withlin Date: Wed, 4 Dec 2024 19:35:40 +0800 Subject: [PATCH 3/4] fix: missing markdown Signed-off-by: withlin Signed-off-by: withlin --- docs/configuration/plugins/outputs/kafka.md | 178 ++++++++++---------- 1 file changed, 89 insertions(+), 89 deletions(-) diff --git a/docs/configuration/plugins/outputs/kafka.md b/docs/configuration/plugins/outputs/kafka.md index ad73f79f5..a23b83c09 100644 --- a/docs/configuration/plugins/outputs/kafka.md +++ b/docs/configuration/plugins/outputs/kafka.md @@ -265,7 +265,7 @@ Username when using PLAIN/SCRAM SASL authentication ## RdkafkaOptions -GlobalConfig represents the global configuration properties for librdkafka. +RdkafkaOptions represents the global configuration properties for librdkafka. ### allow.auto.create.topics (bool, optional) {#rdkafkaoptions-allow.auto.create.topics} @@ -352,14 +352,14 @@ Default topic configuration for automatically subscribed topics If enabled librdkafka will initialize the PRNG with srand(current_time.milliseconds) on the first invocation of rd_kafka_new() (required only if rand_r() is not available on your platform). If disabled the application must call srand() prior to calling rd_kafka_new(). -### enable.sasl.oauthbearer.unsecure.jwt (bool, optional) {#rdkafkaoptions-enable.sasl.oauthbearer.unsecure.jwt} +### enable.ssl.certificate.verification (bool, optional) {#rdkafkaoptions-enable.ssl.certificate.verification} -Enable the builtin unsecure JWT OAUTHBEARER token handler if no oauthbearer_refresh_cb has been set. This builtin handler should only be used for development or testing, and not in production. +Enable OpenSSL's builtin broker (server) certificate verification. This verification can be extended by the application by implementing a certificate_verify_cb. -### enable.ssl.certificate.verification (bool, optional) {#rdkafkaoptions-enable.ssl.certificate.verification} +### enable.sasl.oauthbearer.unsecure.jwt (bool, optional) {#rdkafkaoptions-enable.sasl.oauthbearer.unsecure.jwt} -Enable OpenSSL's builtin broker (server) certificate verification. This verification can be extended by the application by implementing a certificate_verify_cb. +Enable the builtin unsecure JWT OAUTHBEARER token handler if no oauthbearer_refresh_cb has been set. This builtin handler should only be used for development or testing, and not in production. ### enabled_events (int, optional) {#rdkafkaoptions-enabled_events} @@ -477,214 +477,214 @@ The initial time to wait before reconnecting to a broker after the connection ha Address resolution callback (set with rd_kafka_conf_set_resolve_cb()) -### sasl.kerberos.keytab (string, optional) {#rdkafkaoptions-sasl.kerberos.keytab} +### ssl.ca.location (string, optional) {#rdkafkaoptions-ssl.ca.location} -Path to Kerberos keytab file. This configuration property is only used as a variable in sasl.kerberos.kinit.cmd as ... -t "%{sasl.kerberos.keytab}". +File or directory path to CA certificate(s) for verifying the broker's key. Defaults: On Windows the system's CA certificates are automatically looked up in the Windows Root certificate store. On Mac OSX this configuration defaults to `probe`. It is recommended to install openssl using Homebrew, to provide CA certificates. On Linux install the distribution's ca-certificates package. If OpenSSL is statically linked or `ssl.ca.location` is set to `probe` a list of standard paths will be probed and the first one found will be used as the default CA certificate location path. If OpenSSL is dynamically linked the OpenSSL library's default path will be used (see `OPENSSLDIR` in `openssl version -a`). -### sasl.kerberos.kinit.cmd (string, optional) {#rdkafkaoptions-sasl.kerberos.kinit.cmd} +### ssl.ca.pem (string, optional) {#rdkafkaoptions-ssl.ca.pem} -Shell command to refresh or acquire the client's Kerberos ticket. This command is executed on client creation and every sasl.kerberos.min.time.before.relogin (0=disable). +CA certificate string (PEM format) for verifying the broker's key. -### sasl.kerberos.min.time.before.relogin (int, optional) {#rdkafkaoptions-sasl.kerberos.min.time.before.relogin} +### ssl.certificate.location (string, optional) {#rdkafkaoptions-ssl.certificate.location} -Minimum time in milliseconds between key refresh attempts. Disable automatic key refresh by setting this property to 0. +Path to client's public key (PEM) used for authentication. -### sasl.kerberos.principal (string, optional) {#rdkafkaoptions-sasl.kerberos.principal} +### ssl.certificate.pem (string, optional) {#rdkafkaoptions-ssl.certificate.pem} -This client's Kerberos principal name. (Not supported on Windows, will use the logon user's principal). +Client's public key string (PEM format) used for authentication. -### sasl.kerberos.service.name (string, optional) {#rdkafkaoptions-sasl.kerberos.service.name} +### ssl.cipher.suites (string, optional) {#rdkafkaoptions-ssl.cipher.suites} -Kerberos principal name that Kafka runs as, not including /hostname@REALM. +A cipher suite is a named combination of authentication, encryption, MAC and key exchange algorithm used to negotiate the security settings for a network connection using TLS or SSL network protocol. See manual page for `ciphers(1)` and `SSL_CTX_set_cipher_list(3). -### sasl.mechanisms (string, optional) {#rdkafkaoptions-sasl.mechanisms} +### ssl.crl.location (string, optional) {#rdkafkaoptions-ssl.crl.location} -SASL mechanism to use for authentication. Supported: GSSAPI, PLAIN, SCRAM-SHA-256, SCRAM-SHA-512, OAUTHBEARER. NOTE: Despite the name only one mechanism must be configured. +Path to CRL for verifying broker's certificate validity. -### sasl.oauthbearer.client.id (string, optional) {#rdkafkaoptions-sasl.oauthbearer.client.id} +### ssl.curves.list (string, optional) {#rdkafkaoptions-ssl.curves.list} -Public identifier for the application. Must be unique across all clients that the authorization server handles. Only used when sasl.oauthbearer.method is set to "oidc". +The supported-curves extension in the TLS ClientHello message specifies the curves (standard/named, or 'explicit' GF(2^k) or GF(p)) the client is willing to have the server use. See manual page for `SSL_CTX_set1_curves_list(3)`. OpenSSL >= 1.0.2 required. -### sasl.oauthbearer.client.secret (string, optional) {#rdkafkaoptions-sasl.oauthbearer.client.secret} +### ssl.endpoint.identification.algorithm (string, optional) {#rdkafkaoptions-ssl.endpoint.identification.algorithm} -Client secret only known to the application and the authorization server. This should be a sufficiently random string that is not guessable. Only used when sasl.oauthbearer.method is set to "oidc". +Endpoint identification algorithm to validate broker hostname using broker certificate. https - Server (broker) hostname verification as specified in RFC2818. none - No endpoint verification. OpenSSL >= 1.0.2 required. -### sasl.oauthbearer.config (string, optional) {#rdkafkaoptions-sasl.oauthbearer.config} +### ssl.engine.id (string, optional) {#rdkafkaoptions-ssl.engine.id} -SASL/OAUTHBEARER configuration. The format is implementation-dependent and must be parsed accordingly. The default unsecured token implementation (see https://tools.ietf.org/html/rfc7515#appendix-A.5) recognizes space-separated name=value pairs with valid names including principalClaimName, principal, scopeClaimName, scope, and lifeSeconds. The default value for principalClaimName is "sub", the default value for scopeClaimName is "scope", and the default value for lifeSeconds is 3600. The scope value is CSV format with the default value being no/empty scope. For example: principalClaimName=azp principal=admin scopeClaimName=roles scope=role1,role2 lifeSeconds=600. In addition, SASL extensions can be communicated to the broker via extension_NAME=value. For example: principal=admin extension_traceId=123. +OpenSSL engine id is the name used for loading engine. -### sasl.oauthbearer.extensions (string, optional) {#rdkafkaoptions-sasl.oauthbearer.extensions} +### ssl.engine.location (string, optional) {#rdkafkaoptions-ssl.engine.location} -Allow additional information to be provided to the broker. Comma-separated list of key=value pairs. E.g., "supportFeatureX=true,organizationId=sales-emea".Only used when sasl.oauthbearer.method is set to "oidc". +**DEPRECATED** Path to OpenSSL engine library. OpenSSL >= 1.1.x required. DEPRECATED: OpenSSL engine support is deprecated and should be replaced by OpenSSL 3 providers. -### sasl.oauthbearer.method (string, optional) {#rdkafkaoptions-sasl.oauthbearer.method} +### ssl.key.location (string, optional) {#rdkafkaoptions-ssl.key.location} -Set to "default" or "oidc" to control which login method to be used. If set to "oidc", the following properties must also be specified: sasl.oauthbearer.client.id, sasl.oauthbearer.client.secret, and sasl.oauthbearer.token.endpoint.url. +Path to client's private key (PEM) used for authentication. -### sasl.oauthbearer.scope (string, optional) {#rdkafkaoptions-sasl.oauthbearer.scope} +### ssl.key.password (string, optional) {#rdkafkaoptions-ssl.key.password} -Client use this to specify the scope of the access request to the broker. Only used when sasl.oauthbearer.method is set to "oidc". +Private key passphrase (for use with `ssl.key.location` and `set_ssl_cert()`). -### sasl.oauthbearer.token.endpoint.url (string, optional) {#rdkafkaoptions-sasl.oauthbearer.token.endpoint.url} +### ssl.key.pem (string, optional) {#rdkafkaoptions-ssl.key.pem} -OAuth/OIDC issuer token endpoint HTTP(S) URI used to retrieve token. Only used when sasl.oauthbearer.method is set to "oidc". +Client's private key string (PEM format) used for authentication. -### sasl.password (string, optional) {#rdkafkaoptions-sasl.password} +### ssl.keystore.location (string, optional) {#rdkafkaoptions-ssl.keystore.location} -SASL password for use with the PLAIN and SASL-SCRAM-.. mechanism. +Path to client's keystore (PKCS#12) used for authentication. -### sasl.username (string, optional) {#rdkafkaoptions-sasl.username} +### ssl.keystore.password (string, optional) {#rdkafkaoptions-ssl.keystore.password} -SASL username for use with the PLAIN and SASL-SCRAM-.. mechanisms. +Client's keystore (PKCS#12) password. -### security.protocol (string, optional) {#rdkafkaoptions-security.protocol} +### ssl.providers (string, optional) {#rdkafkaoptions-ssl.providers} -Protocol used to communicate with brokers. +Comma-separated list of OpenSSL 3.0.x implementation providers. E.g., "default,legacy". -### socket.blocking.max.ms (int, optional) {#rdkafkaoptions-socket.blocking.max.ms} +### ssl.sigalgs.list (string, optional) {#rdkafkaoptions-ssl.sigalgs.list} -DEPRECATED No longer used. +The client uses the TLS ClientHello signature_algorithms extension to indicate to the server which signature/hash algorithm pairs may be used in digital signatures. See manual page for `SSL_CTX_set1_sigalgs_list(3)`. OpenSSL >= 1.0.2 required. -### socket_cb (string, optional) {#rdkafkaoptions-socket_cb} +### sasl.kerberos.keytab (string, optional) {#rdkafkaoptions-sasl.kerberos.keytab} -Socket creation callback to provide race-free CLOEXEC +Path to Kerberos keytab file. This configuration property is only used as a variable in sasl.kerberos.kinit.cmd as ... -t "%{sasl.kerberos.keytab}". -### socket.connection.setup.timeout.ms (int, optional) {#rdkafkaoptions-socket.connection.setup.timeout.ms} +### sasl.kerberos.kinit.cmd (string, optional) {#rdkafkaoptions-sasl.kerberos.kinit.cmd} -Maximum time allowed for broker connection setup (TCP connection setup as well SSL and SASL handshake). If the connection to the broker is not fully functional after this the connection will be closed and retried. +Shell command to refresh or acquire the client's Kerberos ticket. This command is executed on client creation and every sasl.kerberos.min.time.before.relogin (0=disable). -### socket.keepalive.enable (bool, optional) {#rdkafkaoptions-socket.keepalive.enable} +### sasl.kerberos.min.time.before.relogin (int, optional) {#rdkafkaoptions-sasl.kerberos.min.time.before.relogin} -Enable TCP keep-alives (SO_KEEPALIVE) on broker sockets +Minimum time in milliseconds between key refresh attempts. Disable automatic key refresh by setting this property to 0. -### socket.max.fails (int, optional) {#rdkafkaoptions-socket.max.fails} +### sasl.kerberos.principal (string, optional) {#rdkafkaoptions-sasl.kerberos.principal} -Disconnect from broker when this number of send failures (e.g., timed out requests) is reached. Disable with 0. WARNING: It is highly recommended to leave this setting at its default value of 1 to avoid the client and broker to become desynchronized in case of request timeouts. NOTE: The connection is automatically re-established. +This client's Kerberos principal name. (Not supported on Windows, will use the logon user's principal). -### socket.nagle.disable (bool, optional) {#rdkafkaoptions-socket.nagle.disable} +### sasl.kerberos.service.name (string, optional) {#rdkafkaoptions-sasl.kerberos.service.name} -Disable the Nagle algorithm (TCP_NODELAY) on broker sockets. +Kerberos principal name that Kafka runs as, not including /hostname@REALM. -### socket.receive.buffer.bytes (int, optional) {#rdkafkaoptions-socket.receive.buffer.bytes} +### sasl.mechanisms (string, optional) {#rdkafkaoptions-sasl.mechanisms} -Broker socket receive buffer size. System default is used if 0. +SASL mechanism to use for authentication. Supported: GSSAPI, PLAIN, SCRAM-SHA-256, SCRAM-SHA-512, OAUTHBEARER. NOTE: Despite the name only one mechanism must be configured. -### socket.send.buffer.bytes (int, optional) {#rdkafkaoptions-socket.send.buffer.bytes} +### sasl.oauthbearer.client.id (string, optional) {#rdkafkaoptions-sasl.oauthbearer.client.id} -Broker socket send buffer size. System default is used if 0. +Public identifier for the application. Must be unique across all clients that the authorization server handles. Only used when sasl.oauthbearer.method is set to "oidc". -### socket.timeout.ms (int, optional) {#rdkafkaoptions-socket.timeout.ms} +### sasl.oauthbearer.client.secret (string, optional) {#rdkafkaoptions-sasl.oauthbearer.client.secret} -Default timeout for network requests. Producer: ProduceRequests will use the lesser value of `socket.timeout.ms` and remaining `message.timeout.ms` for the first message in the batch. Consumer: FetchRequests will use `fetch.wait.max.ms` + `socket.timeout.ms`. Admin: Admin requests will use `socket.timeout.ms` or explicitly set `rd_kafka_AdminOptions_set_operation_timeout()` value. +Client secret only known to the application and the authorization server. This should be a sufficiently random string that is not guessable. Only used when sasl.oauthbearer.method is set to "oidc". -### ssl.ca.location (string, optional) {#rdkafkaoptions-ssl.ca.location} +### sasl.oauthbearer.config (string, optional) {#rdkafkaoptions-sasl.oauthbearer.config} -File or directory path to CA certificate(s) for verifying the broker's key. Defaults: On Windows the system's CA certificates are automatically looked up in the Windows Root certificate store. On Mac OSX this configuration defaults to `probe`. It is recommended to install openssl using Homebrew, to provide CA certificates. On Linux install the distribution's ca-certificates package. If OpenSSL is statically linked or `ssl.ca.location` is set to `probe` a list of standard paths will be probed and the first one found will be used as the default CA certificate location path. If OpenSSL is dynamically linked the OpenSSL library's default path will be used (see `OPENSSLDIR` in `openssl version -a`). +SASL/OAUTHBEARER configuration. The format is implementation-dependent and must be parsed accordingly. The default unsecured token implementation (see https://tools.ietf.org/html/rfc7515#appendix-A.5) recognizes space-separated name=value pairs with valid names including principalClaimName, principal, scopeClaimName, scope, and lifeSeconds. The default value for principalClaimName is "sub", the default value for scopeClaimName is "scope", and the default value for lifeSeconds is 3600. The scope value is CSV format with the default value being no/empty scope. For example: principalClaimName=azp principal=admin scopeClaimName=roles scope=role1,role2 lifeSeconds=600. In addition, SASL extensions can be communicated to the broker via extension_NAME=value. For example: principal=admin extension_traceId=123. -### ssl.ca.pem (string, optional) {#rdkafkaoptions-ssl.ca.pem} +### sasl.oauthbearer.extensions (string, optional) {#rdkafkaoptions-sasl.oauthbearer.extensions} -CA certificate string (PEM format) for verifying the broker's key. +Allow additional information to be provided to the broker. Comma-separated list of key=value pairs. E.g., "supportFeatureX=true,organizationId=sales-emea".Only used when sasl.oauthbearer.method is set to "oidc". -### ssl.certificate.location (string, optional) {#rdkafkaoptions-ssl.certificate.location} +### sasl.oauthbearer.method (string, optional) {#rdkafkaoptions-sasl.oauthbearer.method} -Path to client's public key (PEM) used for authentication. +Set to "default" or "oidc" to control which login method to be used. If set to "oidc", the following properties must also be specified: sasl.oauthbearer.client.id, sasl.oauthbearer.client.secret, and sasl.oauthbearer.token.endpoint.url. -### ssl.certificate.pem (string, optional) {#rdkafkaoptions-ssl.certificate.pem} +### sasl.oauthbearer.scope (string, optional) {#rdkafkaoptions-sasl.oauthbearer.scope} -Client's public key string (PEM format) used for authentication. +Client use this to specify the scope of the access request to the broker. Only used when sasl.oauthbearer.method is set to "oidc". -### ssl.cipher.suites (string, optional) {#rdkafkaoptions-ssl.cipher.suites} +### sasl.oauthbearer.token.endpoint.url (string, optional) {#rdkafkaoptions-sasl.oauthbearer.token.endpoint.url} -A cipher suite is a named combination of authentication, encryption, MAC and key exchange algorithm used to negotiate the security settings for a network connection using TLS or SSL network protocol. See manual page for `ciphers(1)` and `SSL_CTX_set_cipher_list(3). +OAuth/OIDC issuer token endpoint HTTP(S) URI used to retrieve token. Only used when sasl.oauthbearer.method is set to "oidc". -### ssl.crl.location (string, optional) {#rdkafkaoptions-ssl.crl.location} +### sasl.password (string, optional) {#rdkafkaoptions-sasl.password} -Path to CRL for verifying broker's certificate validity. +SASL password for use with the PLAIN and SASL-SCRAM-.. mechanism. -### ssl.curves.list (string, optional) {#rdkafkaoptions-ssl.curves.list} +### sasl.username (string, optional) {#rdkafkaoptions-sasl.username} -The supported-curves extension in the TLS ClientHello message specifies the curves (standard/named, or 'explicit' GF(2^k) or GF(p)) the client is willing to have the server use. See manual page for `SSL_CTX_set1_curves_list(3)`. OpenSSL >= 1.0.2 required. +SASL username for use with the PLAIN and SASL-SCRAM-.. mechanisms. -### ssl.endpoint.identification.algorithm (string, optional) {#rdkafkaoptions-ssl.endpoint.identification.algorithm} +### security.protocol (string, optional) {#rdkafkaoptions-security.protocol} -Endpoint identification algorithm to validate broker hostname using broker certificate. https - Server (broker) hostname verification as specified in RFC2818. none - No endpoint verification. OpenSSL >= 1.0.2 required. +Protocol used to communicate with brokers. -### ssl.engine.id (string, optional) {#rdkafkaoptions-ssl.engine.id} +### socket.blocking.max.ms (int, optional) {#rdkafkaoptions-socket.blocking.max.ms} -OpenSSL engine id is the name used for loading engine. +DEPRECATED No longer used. -### ssl.engine.location (string, optional) {#rdkafkaoptions-ssl.engine.location} +### socket_cb (string, optional) {#rdkafkaoptions-socket_cb} -**DEPRECATED** Path to OpenSSL engine library. OpenSSL >= 1.1.x required. DEPRECATED: OpenSSL engine support is deprecated and should be replaced by OpenSSL 3 providers. +Socket creation callback to provide race-free CLOEXEC -### ssl.key.location (string, optional) {#rdkafkaoptions-ssl.key.location} +### socket.connection.setup.timeout.ms (int, optional) {#rdkafkaoptions-socket.connection.setup.timeout.ms} -Path to client's private key (PEM) used for authentication. +Maximum time allowed for broker connection setup (TCP connection setup as well SSL and SASL handshake). If the connection to the broker is not fully functional after this the connection will be closed and retried. -### ssl.key.password (string, optional) {#rdkafkaoptions-ssl.key.password} +### socket.keepalive.enable (bool, optional) {#rdkafkaoptions-socket.keepalive.enable} -Private key passphrase (for use with `ssl.key.location` and `set_ssl_cert()`). +Enable TCP keep-alives (SO_KEEPALIVE) on broker sockets -### ssl.key.pem (string, optional) {#rdkafkaoptions-ssl.key.pem} +### socket.max.fails (int, optional) {#rdkafkaoptions-socket.max.fails} -Client's private key string (PEM format) used for authentication. +Disconnect from broker when this number of send failures (e.g., timed out requests) is reached. Disable with 0. WARNING: It is highly recommended to leave this setting at its default value of 1 to avoid the client and broker to become desynchronized in case of request timeouts. NOTE: The connection is automatically re-established. -### ssl.keystore.location (string, optional) {#rdkafkaoptions-ssl.keystore.location} +### socket.nagle.disable (bool, optional) {#rdkafkaoptions-socket.nagle.disable} -Path to client's keystore (PKCS#12) used for authentication. +Disable the Nagle algorithm (TCP_NODELAY) on broker sockets. -### ssl.keystore.password (string, optional) {#rdkafkaoptions-ssl.keystore.password} +### socket.receive.buffer.bytes (int, optional) {#rdkafkaoptions-socket.receive.buffer.bytes} -Client's keystore (PKCS#12) password. +Broker socket receive buffer size. System default is used if 0. -### ssl.providers (string, optional) {#rdkafkaoptions-ssl.providers} +### socket.send.buffer.bytes (int, optional) {#rdkafkaoptions-socket.send.buffer.bytes} -Comma-separated list of OpenSSL 3.0.x implementation providers. E.g., "default,legacy". +Broker socket send buffer size. System default is used if 0. -### ssl.sigalgs.list (string, optional) {#rdkafkaoptions-ssl.sigalgs.list} +### socket.timeout.ms (int, optional) {#rdkafkaoptions-socket.timeout.ms} -The client uses the TLS ClientHello signature_algorithms extension to indicate to the server which signature/hash algorithm pairs may be used in digital signatures. See manual page for `SSL_CTX_set1_sigalgs_list(3)`. OpenSSL >= 1.0.2 required. +Default timeout for network requests. Producer: ProduceRequests will use the lesser value of `socket.timeout.ms` and remaining `message.timeout.ms` for the first message in the batch. Consumer: FetchRequests will use `fetch.wait.max.ms` + `socket.timeout.ms`. Admin: Admin requests will use `socket.timeout.ms` or explicitly set `rd_kafka_AdminOptions_set_operation_timeout()` value. ### statistics.interval.ms (int, optional) {#rdkafkaoptions-statistics.interval.ms} From ca91c148ac66c253aa4791b3820d72257f85ab26 Mon Sep 17 00:00:00 2001 From: Peter Wilcsinszky Date: Mon, 16 Dec 2024 17:10:18 +0100 Subject: [PATCH 4/4] chore: fix rdkafka options tests Signed-off-by: Peter Wilcsinszky --- docs/configuration/plugins/outputs/kafka.md | 4 +++- pkg/sdk/logging/model/output/kafka.go | 18 ++++++++++++++++-- pkg/sdk/logging/model/output/kafka_test.go | 14 ++++++++++++-- .../model/output/zz_generated.deepcopy.go | 6 +++++- 4 files changed, 36 insertions(+), 6 deletions(-) diff --git a/docs/configuration/plugins/outputs/kafka.md b/docs/configuration/plugins/outputs/kafka.md index a23b83c09..0ff4629c2 100644 --- a/docs/configuration/plugins/outputs/kafka.md +++ b/docs/configuration/plugins/outputs/kafka.md @@ -184,7 +184,9 @@ Password when using PLAIN/SCRAM SASL authentication ### principal (string, optional) {#kafka-principal} -### rdkafka_options (RdkafkaOptions, optional) {#kafka-rdkafka_options} +### rdkafka_options (*RdkafkaOptions, optional) {#kafka-rdkafka_options} + +RdkafkaOptions represents the global configuration properties for librdkafka. ### required_acks (int, optional) {#kafka-required_acks} diff --git a/pkg/sdk/logging/model/output/kafka.go b/pkg/sdk/logging/model/output/kafka.go index fb91d34c3..afa32a659 100644 --- a/pkg/sdk/logging/model/output/kafka.go +++ b/pkg/sdk/logging/model/output/kafka.go @@ -65,8 +65,9 @@ type _metaKafka interface{} //nolint:deadcode,unused // -[more info](https://github.com/fluent/fluent-plugin-kafka#output-plugin) type KafkaOutputConfig struct { // Use rdkafka2 instead of the legacy kafka2 output plugin. This plugin requires fluentd image version v1.16-4.9-full or higher. - UseRdkafka bool `json:"use_rdkafka,omitempty"` - RdkafkaOptions RdkafkaOptions `json:"rdkafka_options,omitempty"` + UseRdkafka bool `json:"use_rdkafka,omitempty"` + // RdkafkaOptions represents the global configuration properties for librdkafka. + RdkafkaOptions *RdkafkaOptions `json:"rdkafka_options,omitempty"` // The list of all seed brokers, with their host and port information. Brokers string `json:"brokers"` // Topic Key (default: "topic") @@ -362,6 +363,13 @@ func (e *KafkaOutputConfig) ToDirective(secretLoader secret.SecretLoader, id str } else { kafka.SubDirectives = append(kafka.SubDirectives, buffer) } + if e.RdkafkaOptions != nil { + if rdkafkaOptions, err := e.RdkafkaOptions.ToDirective(secretLoader, id); err != nil { + return nil, err + } else { + kafka.SubDirectives = append(kafka.SubDirectives, rdkafkaOptions) + } + } if e.Format != nil { if format, err := e.Format.ToDirective(secretLoader, ""); err != nil { @@ -375,3 +383,9 @@ func (e *KafkaOutputConfig) ToDirective(secretLoader secret.SecretLoader, id str delete(kafka.Params, "use_rdkafka") return kafka, nil } + +func (o *RdkafkaOptions) ToDirective(secretLoader secret.SecretLoader, id string) (types.Directive, error) { + return types.NewFlatDirective(types.PluginMeta{ + Directive: "rdkafka_options", + }, o, secretLoader) +} diff --git a/pkg/sdk/logging/model/output/kafka_test.go b/pkg/sdk/logging/model/output/kafka_test.go index 2b8d0571c..18a243e47 100644 --- a/pkg/sdk/logging/model/output/kafka_test.go +++ b/pkg/sdk/logging/model/output/kafka_test.go @@ -17,10 +17,11 @@ package output_test import ( "testing" - "github.com/kube-logging/logging-operator/pkg/sdk/logging/model/output" - "github.com/kube-logging/logging-operator/pkg/sdk/logging/model/render" "github.com/stretchr/testify/require" "sigs.k8s.io/yaml" + + "github.com/kube-logging/logging-operator/pkg/sdk/logging/model/output" + "github.com/kube-logging/logging-operator/pkg/sdk/logging/model/render" ) func TestKafka(t *testing.T) { @@ -99,6 +100,15 @@ buffer: timekey_use_utc true timekey_wait 30s + + sasl.mechanisms PLAIN + sasl.username user + security.protocol SASL_SSL + ssl.ca.location /etc/ssl/certs/ca-certificates.crt + ssl.certificate.location /etc/ssl/certs/tls.crt + ssl.key.location /etc/ssl/certs/tls.key + ssl.key.password password + @type json diff --git a/pkg/sdk/logging/model/output/zz_generated.deepcopy.go b/pkg/sdk/logging/model/output/zz_generated.deepcopy.go index 1304d78dd..b5bac4221 100644 --- a/pkg/sdk/logging/model/output/zz_generated.deepcopy.go +++ b/pkg/sdk/logging/model/output/zz_generated.deepcopy.go @@ -692,7 +692,11 @@ func (in *HTTPOutputConfig) DeepCopy() *HTTPOutputConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KafkaOutputConfig) DeepCopyInto(out *KafkaOutputConfig) { *out = *in - out.RdkafkaOptions = in.RdkafkaOptions + if in.RdkafkaOptions != nil { + in, out := &in.RdkafkaOptions, &out.RdkafkaOptions + *out = new(RdkafkaOptions) + **out = **in + } if in.Headers != nil { in, out := &in.Headers, &out.Headers *out = make(map[string]string, len(*in))