Enterprise Service Cloud - Docs

Client configuration

Kafka endpoints

Kafka clients must be configured with the Event Exposure Kafka endpoint which is reachable from ESC compute services (e.g. VM, K8s).

events.private.cloud.swisscom.ch:9094

::: info Although the existing endpoint kafka.prd.msg.entcloud.swisscom.com:9094 continues to work, we recommend switching to the endpoint above. :::

The Kafka endpoints are using a child certificate of the Swisscom RootCore CA. When configuring a Kafka client, it is necessary to create a CA bundle containing the root certificate of this chain. Below we provide the commands to get the required certificate:

wget http://crl.swisscom.com/SwisscomRootCore.crt
openssl x509 -inform DER -in SwisscomRootCore.crt -out ca-bundle.crt
This is an information message

Warning

The server certificates of Event Exposure Kafka brokers are rotated automatically every few months. To avoid issues when this happens, trust only the root certificate, not the whole chain reported by the brokers.

Logstash Example

An example Logstash configuration looks like this:

input
{
    kafka
    {
        bootstrap_servers => "events.private.cloud.swisscom.ch:9094"
        topics => ["logs-orion-123"]
        group_id => "the-consumer-group-set-at-certificate-creation"
        security_protocol => "SSL"
        ssl_truststore_location => "${TRUSTSTORE_FILENAME}"
        ssl_truststore_password => "${PASSWORD}"
        ssl_keystore_location => "${KEYSTORE_FILENAME}"
        ssl_keystore_password => "${PASSWORD}"
        ssl_key_password => "${PASSWORD}"
        codec => "json"
    }
}
This is an information message

Warning

Logstash may face issues if the same consumer group is used for consuming from multiple topics. Please create separate consumer groups for different kinds of Exposure Service instances.

If you have any problems setting up the client, please contact ESC support.

List of Kafka Clients

Out of the box solutions:

For custom solutions:

Last Updated: