The document discusses securing connections between KSQL and Kafka. It covers enabling encryption using TLS for the KSQL-Kafka connection. It also covers enabling authentication using SASL and authorization using Kafka ACLs. It provides configuration examples for securing each part of the connection and recommends configuring the KSQL output topic name prefix to more easily manage ACLs for output topics.
12. 12
KSQL 101
KSQL
Server
KSQL
Server
CREATE STREAM purchases (
productID BIGINT,
quantity INT,
storeLocation VARCHAR)
WITH (...);
SELECT
productID, SUM(quantity)
FROM purchases
WHERE storeLocation=’NYC’
GROUP BY productID;
13. 13
KSQL 101
KSQL
Server
KSQL
Server
CREATE STREAM purchases (
productID BIGINT,
quantity INT,
storeLocation VARCHAR)
WITH (...);
CREATE TABLE NYC_totals
AS SELECT
productID, SUM(quantity)
FROM purchases
WHERE storeLocation=’NYC’
GROUP BY productID;
14. 14
KSQL 101
CREATE TABLE NYC_totals
AS SELECT
productID, SUM(quantity)
FROM purchases
WHERE storeLocation=’NYC’
GROUP BY productID;
kafka
Streams
purchases NYC_totalsintermediary
topic
intermediary
topic
15. 15
CREATE STREAM purchases (
productID BIGINT,
quantity INT,
storeLocation VARCHAR)
WITH (
KAFKA_TOPIC=’purchases’,
VALUE_FORMAT=’Avro’);
KSQL 101
Schema
Registry
KSQL
Server
KSQL
Server
103. 103
Takeaways
● Works in a secure Kafka environment
● Lock down KSQL by using headless mode
○ Or secure KSQL’s REST endpoint
● Deploy separate KSQL clusters for different use cases
● Consider: UDFs and record processing log