search

cloudflare / goflow

The high-scalability sFlow/NetFlow/IPFIX collector used internally at Cloudflare.
BSD 3-Clause "New" or "Revised" License
852 stars 171 forks source link

[Kafka SSL] Custom truststore and keystore. #122

Open mcvity opened 10 months ago

mcvity commented 10 months ago

I have a network monitoring stack set up as follows:

SFLOW DATA -> GOFLOW -> KAFKA INSTANCE -> ETC

It's currently operational, but I need to enable SSL encryption on Kafka to ensure that I'm not transmitting sflow data in plaintext. Since I'm using my own CA for certificates, Goflow will need the truststore and keystore to connect. However, it seems that Goflow doesn't support this option.

Here are the consumer properties I'm using to connect to the Kafka instance with SSL enabled:

sasl.mechanism=PLAIN 
security.protocol=SASL_SSL
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="U" password="P";
ssl.endpoint.identification.algorithm=
ssl.truststore.type=PEM
ssl.truststore.location=/opt/truststore.pem