zamazan4ik
commented
1 year ago @bemoore34 Could you please share the details, how exactly Vector with enabled TLS for Pulsar Sink (it is enabled via specifying Pulsar endpoint with pulsar+ssl prefix) did not work? As far as I see from the current sources, it should work even without additional parameters.
The only potentially useful parameter here is adding custom certificates to the certificate chain. But even without them TLS connection shoould work if your Pulsar certificate is trusted by system trust root.
bemoore34
Community Note
Current Vector Version
vector 0.19.0Use-cases
Apache Pulsar supports enabling TLS encryption on client connections to the broker to secure data in transit. Many production instances will have TLS encryption enabled on their Pulsar clusters. It would be beneficial for the Vector Pulsar sink to support TLS connections to Pulsar topics.
A potential workaround is to use the Websocket API on Puslar and send messages to topics using the Vector HTTP sink, which supports TLS. This may not be an option for all users running TLS-enabled Puslar clusters and it would be useful to support TLS with native Pulsar client connections.
Attempted Solutions
Tested the existing sink to a TLS-encrypted cluster and confirmed on discord that it isn't currently supported.
Proposal
Add configuration options for connecting the Vector Pulsar sink to Pulsar topics with TLS 1.2+ enabled.
Reference
https://pulsar.apache.org/docs/en/security-tls-transport/