@@ -17,7 +17,7 @@ Apache Kafka Connections
1717.. contents:: On this page
1818 :local:
1919 :backlinks: none
20- :depth: 1
20+ :depth: 2
2121 :class: singlecol
2222
2323{+atlas-sp+} supports both source and sink connections to {+kafka+}.
@@ -68,8 +68,8 @@ the following:
6868- {+aws-msk+} clusters
6969- Microsoft |azure| EventHub
7070
71- Amazon Web Services Private Link Connections
72- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
71+ Amazon Web Services Confluent and MSK Private Link Connections
72+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7373
7474To create an {+aws+} Private Link connection to use in your {+atlas-sp+}
7575project:
@@ -86,10 +86,10 @@ project:
8686
8787 .. include:: includes/atlas-stream-processing/create-private-link-aws-msk.rst
8888
89- Microsoft Azure Private Link Connections
90- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
89+ Microsoft Azure EventHub Private Link Connections
90+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
9191
92- To create an {+azure+} Private Link connection to use in your
92+ To create an {+azure+} EventHub Private Link connection to use in your
9393{+atlas-sp+} project:
9494
9595.. tabs::
@@ -104,6 +104,185 @@ To create an {+azure+} Private Link connection to use in your
104104
105105 .. include:: includes/atlas-stream-processing/create-private-link-azure-api.rst
106106
107+ Microsoft Azure Confluent Private Link Connections
108+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
109+
110+ To create an {+azure+} Confluent Private Link connection to use in your
111+ {+atlas-sp+} project:
112+
113+ .. procedure::
114+ :style: normal
115+
116+ .. step:: Configure Confluent cluster.
117+
118+ Call the ``streams/accountDetails`` endpoint to get your |service|
119+ project's |azure| subscription ID:
120+
121+ .. code-block:: bash
122+
123+ curl --location 'http://cloud.mongodb.com/api/atlas/v2/groups/<project_id>/streams/accountDetails?cloudProvider=azure®ionName=<region>' \
124+ --header 'Accept: application/vnd.atlas.2024-11-13+json'
125+
126+ {
127+ "azureSubscriptionId": "f1a2b3c4-d5e6-87a8-a9b0-c1d2e3f4a5b6",
128+ "cidrBlock": "192.168.123.0/21",
129+ "virtualNetworkName": "vnet_a1b2c3d4e5f6a7b8c9d0e1f2_xyz987ab",
130+ "cloudProvider": "azure"
131+ }
132+
133+ .. step:: Navigate to the cluster you want to connect to.
134+
135+ In your Confluent account, navigate to the cluster you want to connect to.
136+
137+
138+ .. step:: Navigate to your cluster networking details.
139+
140+ In your cluster networking interface, navigate to your cluster
141+ networking details.
142+
143+ .. step:: Add PrivateLink Acess.
144+
145+ Follow the procedure provided in the `Confluent documentation <https://docs.confluent.io/cloud/current/networking/private-links/azure-privatelink.html#add-a-private-link-access-in-ccloud>`__
146+ to add PrivateLink access.
147+
148+ .. note::
149+
150+ You need to provide your ``azureSubscriptionId``.
151+
152+ .. step:: Request a connection to your cloud provider.
153+
154+ .. list-table::
155+ :widths: 20 80
156+ :header-rows: 1
157+
158+ * - Key
159+ - Value
160+
161+ * - region
162+ - Region of the Confluent cluster
163+
164+ * - dnsDomain
165+ - The DNS domain of your cluster's network.
166+ Eg: ``abcxyz12345.eastus2.azure.confluent.cloud``
167+
168+ * - azureResourceIds
169+ - The resource ID for the Confluent Cloud Private Link service
170+ endpoint in each Availability Zone (AZ) used by your cluster's network.
171+
172+ - Multi-AZ Clusters: Include the unique Resource ID corresponding
173+ to each Availability Zone where your cluster has Private Link enabled.
174+ - Single-AZ Clusters: Provide only the single Resource ID for the
175+ specific Availability Zone used.
176+
177+
178+ .. io-code-block::
179+ :copyable: true
180+
181+ .. input::
182+
183+ curl --location 'https://cloud.mongodb.com/api/atlas/v2/groups/8358217d3abb5c76c3434648/streams/privateLinkConnections' \
184+ --digest \
185+ --user "slrntglrbn:933fb118-ac62-4991-db05-ee67a3481fde" \
186+ --header 'Content-Type: application/json' \
187+ --header 'Accept: application/vnd.atlas.2024-11-13+json' \
188+ --data '{
189+ "vendor": "Confluent",
190+ "provider": "Azure",
191+ "region": "US_EAST_2",
192+ "dnsDomain": "abcxyz12345.eastus2.azure.confluent.cloud",
193+ "azureResourceIds: [
194+ "/subscriptions/a1b2c3d4-e5f6-7890-abcd-ef1234567890/resourceGroups/d-xyz98/providers/Microsoft.Network/privateLinkServices/d-xyz98-privatelink-1",
195+ "/subscriptions/a1b2c3d4-e5f6-7890-abcd-ef1234567890/resourceGroups/d-xyz98/providers/Microsoft.Network/privateLinkServices/d-xyz98-privatelink-2",
196+ "/subscriptions/a1b2c3d4-e5f6-7890-abcd-ef1234567890/resourceGroups/d-xyz98/providers/Microsoft.Network/privateLinkServices/d-xyz98-privatelink-3"
197+ ]
198+ }'
199+
200+
201+ .. output::
202+
203+ {
204+ "_id": "65f8a3b4c5d6e7f8a9b0c1d2",
205+ "azureResourceIds": [
206+ "/subscriptions/a1b2c3d4-e5f6-7890-abcd-ef1234567890/resourceGroups/d-xyz98/providers/Microsoft.Network/privateLinkServices/d-xyz98-privatelink-1",
207+ "/subscriptions/a1b2c3d4-e5f6-7890-abcd-ef1234567890/resourceGroups/d-xyz98/providers/Microsoft.Network/privateLinkServices/d-xyz98-privatelink-2",
208+ "/subscriptions/a1b2c3d4-e5f6-7890-abcd-ef1234567890/resourceGroups/d-xyz98/providers/Microsoft.Network/privateLinkServices/d-xyz98-privatelink-3"
209+ ],
210+ "dnsDomain": "abcxyz12345.eastus2.azure.confluent.cloud",
211+ "provider": "Azure",
212+ "region": "US_EAST_2",
213+ "vendor": "Confluent"
214+ }
215+
216+ .. step:: Create the Atlas-side connection.
217+
218+ :ref:`Add a connection <atlas-sp-manage-connection-add>`
219+ with the following key-value pairs:
220+
221+ .. list-table::
222+ :widths: 35 65
223+ :header-rows: 1
224+
225+ * - Key
226+ - Value
227+
228+ * - ``bootstrapServers``
229+ - IP address of your cloud provider's Kafka bootstrap server.
230+
231+ * - ``security.protocol``
232+ - ``SASL_SSL``
233+
234+ * - ``authentication.mechanism``
235+ - ``"PLAIN"``
236+
237+ * - ``authentication.password``
238+ - The password associated with your `Confluent API key
239+ <https://docs.confluent.io/cloud/current/security/authenticate/workload-identities/service-accounts/api-keys/overview.html>`__
240+
241+ * - ``authentication.username``
242+ - The username associated with your `Confluent API key
243+ <https://docs.confluent.io/cloud/current/security/authenticate/workload-identities/service-accounts/api-keys/overview.html>`__
244+
245+ * - ``type``
246+ - ``"Kafka"``
247+
248+ * - ``networking.access.type``
249+ - ``"PRIVATE_LINK"``
250+
251+ * - ``networking.access.connectionId``
252+ - ``_id`` value from your Private Link request response
253+
254+ Set all other values as necessary.
255+
256+ The following example command creates an {+kafka+} connection in
257+ {+service+}:
258+
259+ .. code-block:: bash
260+
261+ curl --location 'https://cloud.mongodb.com/api/atlas/v2/groups/8358217d3abb5c76c3434648/streams/spinstance/connections' \
262+ --digest \
263+ --user "slrntglrbn:933fb118-ac62-4991-db05-ee67a3481fde" \
264+ --header 'Content-Type: application/json' \
265+ --header 'Accept: application/vnd.atlas.2023-02-01+json' \
266+ --data '{
267+ "name": "confluent_demo",
268+ "bootstrapServers": "slr-ntgrbn.sample.us-east-1.aws.confluent.cloud:9092",
269+ "security": {
270+ "protocol": "SASL_SSL"
271+ },
272+ "authentication": {
273+ "mechanism": "PLAIN",
274+ "password": "apiSecretDemo",
275+ "username": "apiUserDemo"
276+ },
277+ "type": "Kafka",
278+ "networking": {
279+ "access": {
280+ "type": "PRIVATE_LINK",
281+ "connectionId": "38972b0cbe9c2aa40a30a246"
282+ }
283+ }
284+ }'
285+
107286.. _atlas-sp-kafka-connection-config:
108287
109288Configuration
0 commit comments