Quickstart: Stream data with Azure Event Hubs and Apache Kafka

This quickstart shows you how to stream data into and from Azure Event Hubs using the Apache Kafka protocol. You'll not change any code in the sample Kafka producer or consumer apps. You just update the configurations that the clients use to point to an Event Hubs namespace, which exposes a Kafka endpoint. You also don't build and use a Kafka cluster on your own. Instead, you use the Event Hubs namespace with the Kafka endpoint.

Note

This sample is available on GitHub

Prerequisites

To complete this quickstart, make sure you have the following prerequisites:

Create an Azure Event Hubs namespace

When you create an Event Hubs namespace, the Kafka endpoint for the namespace is automatically enabled. You can stream events from your applications that use the Kafka protocol into event hubs. Follow step-by-step instructions in the Create an event hub using Azure portal to create an Event Hubs namespace. If you're using a dedicated cluster, see Create a namespace and event hub in a dedicated cluster.

Note

Event Hubs for Kafka isn't supported in the basic tier.

Send and receive messages with Kafka in Event Hubs

  1. Enable a system-assigned managed identity for the virtual machine. For more information about configuring managed identity on a VM, see Configure managed identities for Azure resources on a VM using the Azure portal. Managed identities for Azure resources provide Azure services with an automatically managed identity in Microsoft Entra ID. You can use this identity to authenticate to any service that supports Microsoft Entra authentication, without having credentials in your code.

    Screenshot of the Identity tab of a virtual machine page in the Azure portal.

  2. Using the Access control page of the Event Hubs namespace you created, assign Azure Event Hubs Data Owner role to the VM's managed identity. Azure Event Hubs supports using Microsoft Entra ID to authorize requests to Event Hubs resources. With Microsoft Entra ID, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which may be a user, or an application service principal.

    1. In the Azure portal, navigate to your Event Hubs namespace. Go to "Access Control (IAM)" in the left navigation.

    2. Select + Add and select Add role assignment.

      Screenshot of the Access Control page of an Event Hubs namespace.

    3. In the Role tab, select Azure Event Hubs Data Owner, and select the Next button.

      Screenshot showing the selection of the Azure Event Hubs Data Owner role.

    4. In the Members tab, select the Managed Identity in the Assign access to section.

    5. Select the +Select members link.

    6. On the Select managed identities page, follow these steps:

      1. Select the Azure subscription that has the VM.

      2. For Managed identity, select Virtual machine

      3. Select your virtual machine's managed identity.

      4. Select Select at the bottom of the page.

        Screenshot showing the Add role assignment -> Select managed identities page.

    7. Select Review + Assign.

      Screenshot showing the Add role assignment page with role assigned to VM's managed identity.

  3. Restart the VM and sign in back to the VM for which you configured the managed identity.

  4. Clone the Azure Event Hubs for Kafka repository.

  5. Navigate to azure-event-hubs-for-kafka/tutorials/oauth/java/managedidentity/consumer.

  6. Switch to the src/main/resources/ folder, and open consumer.config. Replace namespacename with the name of your Event Hubs namespace.

    bootstrap.servers=NAMESPACENAME.servicebus.windows.net:9093
    security.protocol=SASL_SSL
    sasl.mechanism=OAUTHBEARER
    sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required;
    sasl.login.callback.handler.class=CustomAuthenticateCallbackHandler;
    

    Note

    You can find all the OAuth samples for Event Hubs for Kafka here.

  7. Switch back to the Consumer folder where the pom.xml file is and, and run the consumer code and process events from event hub using your Kafka clients:

    mvn clean package
    mvn exec:java -Dexec.mainClass="TestConsumer"                                    
    
  8. Launch another command prompt window, and navigate to azure-event-hubs-for-kafka/tutorials/oauth/java/managedidentity/producer.

  9. Switch to the src/main/resources/ folder, and open producer.config. Replace mynamespace with the name of your Event Hubs namespace.

  10. Switch back to the Producer folder where the pom.xml file is and, run the producer code and stream events into Event Hubs:

    mvn clean package
    mvn exec:java -Dexec.mainClass="TestProducer"                                    
    

    You should see messages about events sent in the producer window. Now, check the consumer app window to see the messages that it receives from the event hub.

    Screenshot showing the Producer and Consumer app windows showing the events.

Schema validation for Kafka with Schema Registry

You can use Azure Schema Registry to perform schema validation when you stream data with your Kafka applications using Event Hubs. Azure Schema Registry of Event Hubs provides a centralized repository for managing schemas and you can seamlessly connect your new or existing Kafka applications with Schema Registry.

To learn more, see Validate schemas for Apache Kafka applications using Avro.

Next steps

In this article, you learned how to stream into Event Hubs without changing your protocol clients or running your own clusters. To learn more, see Apache Kafka developer guide for Azure Event Hubs.