Sample Azure Function to demonstrate ability to connect to Azure EventHub with Kafka protocol. Provides way to use client credentials Vs managed identity auth.
Sample demonstrates,
- Different authentication mechanisms for EventHub using AzureAD.
- Code uses VSCode devcontainer feature to run locally in an isolated environment.
- Has docker image definition to build the image
Sample relies on below packages,
Azure.Identity -> For Azure AD AUTH. Please refer defaultazurecredential
Confluent-Kafka -> To connect to EventHub using Kafka protocol
To get going, add below configurations to your local.settings.json or azure function configurations,
"AZURE_AUTHORITY_HOST":"login.microsoftonline.com",
"AZURE_CLIENT_ID":"<<AppClientIdForClientCredsAuthFlow-NotRequiredForManagedIdentityAuth>>",
"AZURE_CLIENT_SECRET":"<<AppSecretForClientCredsAuthFlow-NotRequiredForManagedIdentityAuth>>",
"AZURE_TENANT_ID":"<<TenantID>>",
"EVENT_HUB_HOSTNAME":"<<EVentHubNameSpace>>",
"EVENT_HUB_NAME":"<<EventHubName>>",
"CONSUMER_GROUP":"<<EventHubConsumerGroupName-Typically $Default>>"
To test locally, execute azure function with azure func cli command func start on terminal window.
To Deploy to Azure
-
Build the container and publish to Azure Container Registry (ACR) docker build -t <<ACRName>>.azurecr.io/<<RepoName>>:<<Tag>> .
az login az acr login <<ACRName>>
docker push <<ACRName>>.azurecr.io/<<RepoName>>:<<Tag>>
-
Configure azure function to deploy from ACR
-
Provision EventHub RBAC role.
-
To use ClientCreds auth flow, register an AzureAD App, create client secret and add it to configurations as mentioned above.
-
To use ManagedIdentity authentication, create a system or user assigned identity for the azure function.
Based on the above approach, provision EventHub Sender role for the Service Principal.