❔ Context

We recenlty did operate maintenance on our interal (yet public repo) that helps us internally promote Kafka practices :

opt-nc / atelier-spring-kafka

Projet d'exemple d'utilisation de la lib `org.springframework.kafka:spring-kafka`

❔ A propos

Name: ⚖️ Kafka image : wurstmeister vs. bitnami
Rating: 1.3 (3065 reviews)
Author: adriens

Ce projet explique comment développer un producer/consumer sans la lib interne historique au profit de celle développée et maintenue par Spring.

📝 Description

Projet d'exemple d'utilisation de la lib org.springframework.kafka:spring-kafka

✅ Pré-requis

Instance kafka
docker & docker-compose (si utilisation de kafka.yml)

👶 Kafka ?! WTF ❔

Avant de passer à la suite, prendre soin de consulter les ressources ci-dessous:

🎥 Comprendre ce qu'est Kafka en 6 minutes

🧑‍🎓 Supports custome

⌨️ Pipe xlsx files into/from Kafka... From cli with (k)cat 🙀

📜 Scripts

1️⃣ Initialiser le topic `demo.user`

Entrer dans le container kafka :

docker exec -ti kafka bash

Créer le producer :

kafka-console-producer.sh --broker-list kafka:9092 --topic demo.user --property "parse.key=true" --property "key.separator=|"

Copier les lignes (inclure la dernière ligne vide) :

112233|{"phoneNumber":"112233", "firstName":"Hubert", "lastName":"Bonisseur de la Bath"}
998877|{"phoneNumber":"998877", "firstName":"Jean", "lastName":"Soudajman"}
446655|{"phoneNumber":"446655", "firstName":"Henri", "lastName":"Tathan"}

2️⃣ Ecriture automatique dans le topic `demo.sms`

Initialiser le topic demo.user par…

View on GitHub

☝️ We also do apply a maintenance strategy on this content like :

We created a dedicated issue to upgrade to Kafka 3.2, we switched from wurstmeister/kafka to bitnami/kafka (by vmWare) cf our configuration change.

🛡️ Security concerns

☝️ Each time we use a new Docker image, we also focus on the security part.

👉 This post is about the comparison of these two images security levels.

grype --add-cpes-if-none wurstmeister/kafka:latest \
    | grep Critical \
    | wc -l
# 14
grype bitnami/kafka:latest \
    | grep Critical \
    | wc -l
# 5

Criticity	`wurstmeister/kafka:latest`	`bitnami/kafka:latest`
☣️`Critical`	14	5
❗`High`	34	17
❕`Medium`	16	9
⚠️`Low`	9	9
🪶`Negligible`	68	66
❔`Unknown`	15	13

📊 Charts

🤔 The `Unknown` Criticity

Wondering what means Unknown Criticity ? Check the answer below :

❔ What does Unknown mean ❔ #807

adriens posted on Jun 24, 2022

❔ What happened

When analyzin Bitnami Kafka image I felt on the Unknown value :

grype bitnami/kafka:3.2 | grep Unknown

👉 So I don't knwo what to answer to the security team

✔️ What you expected to happen

I was expecting to get one of the following values :

Critical
High
Medium
Low
Negligible

🔁 Step to reproduce

grype bitnami/kafka:3.2 | grep Unknown

Environment

`grype version`:

Version:              0.40.0
Syft Version:         v0.48.1
BuildDate:            2022-06-17T16:15:24Z
GitCommit:            0703bae9778e661e2cc21d5caa816cda30472b14
GitDescription:       v0.40.0

🐧 OS

NAME="Linux Mint"
VERSION="20.3 (Una)"
ID=linuxmint
ID_LIKE=ubuntu
PRETTY_NAME="Linux Mint 20.3"
VERSION_ID="20.3"
HOME_URL="https://www.linuxmint.com/"
SUPPORT_URL="https://forums.linuxmint.com/"
BUG_REPORT_URL="http://linuxmint-troubleshooting-guide.readthedocs.io/en/latest/"
PRIVACY_POLICY_URL="https://www.linuxmint.com/"
VERSION_CODENAME=una
UBUNTU_CODENAME=focal

View on GitHub

📦 Apache Kafka packaged by `Bitnami`

bitnami / bitnami-docker-kafka

Bitnami Docker Image for Kafka

In order to unify the approaches followed for Bitnami containers and Bitnami Helm charts, we are moving the different bitnami/bitnami-docker-<container> repositories to a single monorepo bitnami/containers. Please follow bitnami/containers to keep you updated about the latest Bitnami images.

More information here: https://blog.bitnami.com/2022/07/new-source-of-truth-bitnami-containers.html

Apache Kafka packaged by Bitnami

What is Apache Kafka?

Apache Kafka is a distributed streaming platform designed to build real-time pipelines and can be used as a message broker or as a replacement for a log aggregation solution for big data applications.

Overview of Apache Kafka

Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.

TL;DR

Run the application using Docker Compose

The main folder of this repository contains a functional docker-compose.yml file. Run the application using it as shown below:

$ curl -sSL

…

View on GitHub

🔖 Resources

🐦 @bitnami
🐳 Bitnami containers

⚖️ Kafka image : wurstmeister vs. bitnami

❔ Context

opt-nc / atelier-spring-kafka

Projet d'exemple d'utilisation de la lib `org.springframework.kafka:spring-kafka`

❔ A propos

📝 Description

✅ Pré-requis

👶 Kafka ?! WTF ❔

🧑‍🎓 Supports custome

📜 Scripts

1️⃣ Initialiser le topic demo.user

2️⃣ Ecriture automatique dans le topic demo.sms

🛡️ Security concerns

📊 Charts

🤔 The Unknown Criticity

❔ What does Unknown mean ❔ #807

❔ What happened

✔️ What you expected to happen

🔁 Step to reproduce

Environment

grype version:

🐧 OS

📦 Apache Kafka packaged by Bitnami

bitnami / bitnami-docker-kafka

Bitnami Docker Image for Kafka

Apache Kafka packaged by Bitnami

What is Apache Kafka?

TL;DR

Run the application using Docker Compose

🔖 Resources

1️⃣ Initialiser le topic `demo.user`

2️⃣ Ecriture automatique dans le topic `demo.sms`

🤔 The `Unknown` Criticity

`grype version`:

📦 Apache Kafka packaged by `Bitnami`