Red Hat Streams for Apache Kafka Q&A follow-up
Following on from last week’s blog post I got more interesting questions to our product Red Hat Streams for Apache Kafka and more answers I would like to share.
- Is there a recommended way to use mTLS with custom/own certificates?
- We have a lot of docs for that, for example here
- Best way is to link tls external as described here
- It is NOT recommended to use own CAs to generate the certificate for the internal Kafka communication. The management is cumbersome and if you forget to update the certificates the whole kafka stops working!
- What is the best way to update client certificates?
- Use a GitOps approach, don’t overcomplicate things
- if you have other deployments/tools that needs certificates to be updated, embed this additional tool into the existing workflow
- documentation: https://docs.redhat.com/en/documentation/red_hat_streams_for_apache_kafka/2.8/html/deploying_and_managing_streams_for_apache_kafka_on_openshift/security-str#clients_ca_secrets
- Is there a recommended integrated schema registry?
- In our Application Foundation Bundle we have the product named Apicurio. The goal is to not include the schema registry somehow in the kafka but have it deployed separately.
- Supports Avro Schemas and authentication flows
- Super good example
- What the plans are for Apache Flink
- Flink is on the Roadmap and is currently evaluated (intern Link): https://docs.google.com/presentation/d/1UHT8waGXLi6fWzEVlD2yNq1VJsXjzrnOinaZ1xaiJjY/edit#slide=id.g2f32fcd8b8f_0_15
Spring Boot example deployment with heapdump and MTA custom rule
If you are more interested into the Volksdaten von Volkswagen topic, I created a small spring heapdump application and a custom rule for Migration Toolkit for Applications that checks explicitly for that. The code for the custom rule is located in a folder in the spring heapdump application repo.
- Repo: https://github.com/gmodzelewski/springboot-heapdump
- Code for custom rule: https://github.com/gmodzelewski/springboot-heapdump/blob/main/MTA%20-%20customer%20rule/springboot_heapdump_check.yaml
To check for this, just analyse your application with MTA and include this custom rule.