The kafka-connect ingestion source only supports username/password for authentication. There is no way to configure TLS client certificates or a custom CA bundle when the Kafka Connect REST API is secured with mTLS.
Missing config options:
ssl_ca_cert — path to custom CA certificate
ssl_client_cert — path to client certificate (mTLS)
ssl_client_key — path to client private key (mTLS)
Current workaround: Set REQUESTS_CA_BUNDLE env var (CA trust only) or front Kafka Connect with a sidecar proxy. Neither is viable for mTLS in a managed K8s deployment where certificate configuration should live in the recipe.
Expected behavior: Recipe supports:
source:
type: kafka-connect
config:
connect_uri: "https://kafka-connect:8083"
ssl_ca_cert: /etc/ssl/certs/ca.crt
ssl_client_cert: /etc/ssl/certs/client.crt
ssl_client_key: /etc/ssl/certs/client.key
The kafka-connect ingestion source only supports username/password for authentication. There is no way to configure TLS client certificates or a custom CA bundle when the Kafka Connect REST API is secured with mTLS.
Missing config options:
ssl_ca_cert — path to custom CA certificate
ssl_client_cert — path to client certificate (mTLS)
ssl_client_key — path to client private key (mTLS)
Current workaround: Set REQUESTS_CA_BUNDLE env var (CA trust only) or front Kafka Connect with a sidecar proxy. Neither is viable for mTLS in a managed K8s deployment where certificate configuration should live in the recipe.
Expected behavior: Recipe supports: