Consume messages over SSLv3.12+
Configure the Solace Consume plugin to consume messages over SSL.
By default, SSL certification validation is disabled. In a production environment, we recommend enabing SSL validation.
Prerequisites
-
You have a Solace PubSub+ Event Broker
-
You have a Solace message queue
Environment variables
-
SOLACE_BROKER_HOST: The Solace broker host URL. For example,tcps://my.broker:55443 -
QUEUE_NAME: The name of the message queue to consume from.
Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: solace-consume
config:
session:
host: ${{ env "DECK_SOLACE_BROKER_HOST" }}
ssl_validate_certificate: true
authentication:
scheme: BASIC
username: admin
password: admin
properties:
SESSION_SSL_TRUST_STORE_DIR: "/usr/local/share/lua/5.1/kong/plugins/solace/cert"
SESSION_SSL_VALIDATE_CERTIFICATE_DATE: 'true'
SESSION_SSL_VALIDATE_CERTIFICATE_HOST: 'true'
SESSION_SSL_CIPHER_SUITES: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
flow:
binds:
- name: ${{ env "DECK_QUEUE_NAME" }}
Make the following request:
curl -i -X POST http://localhost:8001/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "solace-consume",
"config": {
"session": {
"host": "'$SOLACE_BROKER_HOST'",
"ssl_validate_certificate": true,
"authentication": {
"scheme": "BASIC",
"username": "admin",
"password": "admin"
},
"properties": {
"SESSION_SSL_TRUST_STORE_DIR": "/usr/local/share/lua/5.1/kong/plugins/solace/cert",
"SESSION_SSL_VALIDATE_CERTIFICATE_DATE": "true",
"SESSION_SSL_VALIDATE_CERTIFICATE_HOST": "true",
"SESSION_SSL_CIPHER_SUITES": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
}
},
"flow": {
"binds": [
{
"name": "'$QUEUE_NAME'"
}
]
}
}
}
'
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "solace-consume",
"config": {
"session": {
"host": "'$SOLACE_BROKER_HOST'",
"ssl_validate_certificate": true,
"authentication": {
"scheme": "BASIC",
"username": "admin",
"password": "admin"
},
"properties": {
"SESSION_SSL_TRUST_STORE_DIR": "/usr/local/share/lua/5.1/kong/plugins/solace/cert",
"SESSION_SSL_VALIDATE_CERTIFICATE_DATE": "true",
"SESSION_SSL_VALIDATE_CERTIFICATE_HOST": "true",
"SESSION_SSL_CIPHER_SUITES": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
}
},
"flow": {
"binds": [
{
"name": "'$QUEUE_NAME'"
}
]
}
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: solace-consume
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
labels:
global: 'true'
config:
session:
host: '$SOLACE_BROKER_HOST'
ssl_validate_certificate: true
authentication:
scheme: BASIC
username: admin
password: admin
properties:
SESSION_SSL_TRUST_STORE_DIR: '/usr/local/share/lua/5.1/kong/plugins/solace/cert'
SESSION_SSL_VALIDATE_CERTIFICATE_DATE: 'true'
SESSION_SSL_VALIDATE_CERTIFICATE_HOST: 'true'
SESSION_SSL_CIPHER_SUITES: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
flow:
binds:
- name: '$QUEUE_NAME'
plugin: solace-consume
" | kubectl apply -f -
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_solace_consume" "my_solace_consume" {
enabled = true
config = {
session = {
host = var.solace_broker_host
ssl_validate_certificate = true
authentication = {
scheme = "BASIC"
username = "admin"
password = "admin"
}
properties = {
SESSION_SSL_TRUST_STORE_DIR = "/usr/local/share/lua/5.1/kong/plugins/solace/cert"
SESSION_SSL_VALIDATE_CERTIFICATE_DATE = true
SESSION_SSL_VALIDATE_CERTIFICATE_HOST = true
SESSION_SSL_CIPHER_SUITES = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
}
}
flow = {
binds = [
{
name = var.queue_name
} ]
}
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "queue_name" {
type = string
}
Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: solace-consume
service: serviceName|Id
config:
session:
host: ${{ env "DECK_SOLACE_BROKER_HOST" }}
ssl_validate_certificate: true
authentication:
scheme: BASIC
username: admin
password: admin
properties:
SESSION_SSL_TRUST_STORE_DIR: "/usr/local/share/lua/5.1/kong/plugins/solace/cert"
SESSION_SSL_VALIDATE_CERTIFICATE_DATE: 'true'
SESSION_SSL_VALIDATE_CERTIFICATE_HOST: 'true'
SESSION_SSL_CIPHER_SUITES: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
flow:
binds:
- name: ${{ env "DECK_QUEUE_NAME" }}
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/services/{serviceName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "solace-consume",
"config": {
"session": {
"host": "'$SOLACE_BROKER_HOST'",
"ssl_validate_certificate": true,
"authentication": {
"scheme": "BASIC",
"username": "admin",
"password": "admin"
},
"properties": {
"SESSION_SSL_TRUST_STORE_DIR": "/usr/local/share/lua/5.1/kong/plugins/solace/cert",
"SESSION_SSL_VALIDATE_CERTIFICATE_DATE": "true",
"SESSION_SSL_VALIDATE_CERTIFICATE_HOST": "true",
"SESSION_SSL_CIPHER_SUITES": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
}
},
"flow": {
"binds": [
{
"name": "'$QUEUE_NAME'"
}
]
}
}
}
'
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/services/{serviceId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "solace-consume",
"config": {
"session": {
"host": "'$SOLACE_BROKER_HOST'",
"ssl_validate_certificate": true,
"authentication": {
"scheme": "BASIC",
"username": "admin",
"password": "admin"
},
"properties": {
"SESSION_SSL_TRUST_STORE_DIR": "/usr/local/share/lua/5.1/kong/plugins/solace/cert",
"SESSION_SSL_VALIDATE_CERTIFICATE_DATE": "true",
"SESSION_SSL_VALIDATE_CERTIFICATE_HOST": "true",
"SESSION_SSL_CIPHER_SUITES": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
}
},
"flow": {
"binds": [
{
"name": "'$QUEUE_NAME'"
}
]
}
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
serviceId: Theidof the service the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: solace-consume
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
session:
host: '$SOLACE_BROKER_HOST'
ssl_validate_certificate: true
authentication:
scheme: BASIC
username: admin
password: admin
properties:
SESSION_SSL_TRUST_STORE_DIR: '/usr/local/share/lua/5.1/kong/plugins/solace/cert'
SESSION_SSL_VALIDATE_CERTIFICATE_DATE: 'true'
SESSION_SSL_VALIDATE_CERTIFICATE_HOST: 'true'
SESSION_SSL_CIPHER_SUITES: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
flow:
binds:
- name: '$QUEUE_NAME'
plugin: solace-consume
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the service resource:
kubectl annotate -n kong service SERVICE_NAME konghq.com/plugins=solace-consume
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_solace_consume" "my_solace_consume" {
enabled = true
config = {
session = {
host = var.solace_broker_host
ssl_validate_certificate = true
authentication = {
scheme = "BASIC"
username = "admin"
password = "admin"
}
properties = {
SESSION_SSL_TRUST_STORE_DIR = "/usr/local/share/lua/5.1/kong/plugins/solace/cert"
SESSION_SSL_VALIDATE_CERTIFICATE_DATE = true
SESSION_SSL_VALIDATE_CERTIFICATE_HOST = true
SESSION_SSL_CIPHER_SUITES = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
}
}
flow = {
binds = [
{
name = var.queue_name
} ]
}
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
service = {
id = konnect_gateway_service.my_service.id
}
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "queue_name" {
type = string
}
Add this section to your kong.yaml configuration file:
_format_version: "3.0"
plugins:
- name: solace-consume
route: routeName|Id
config:
session:
host: ${{ env "DECK_SOLACE_BROKER_HOST" }}
ssl_validate_certificate: true
authentication:
scheme: BASIC
username: admin
password: admin
properties:
SESSION_SSL_TRUST_STORE_DIR: "/usr/local/share/lua/5.1/kong/plugins/solace/cert"
SESSION_SSL_VALIDATE_CERTIFICATE_DATE: 'true'
SESSION_SSL_VALIDATE_CERTIFICATE_HOST: 'true'
SESSION_SSL_CIPHER_SUITES: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
flow:
binds:
- name: ${{ env "DECK_QUEUE_NAME" }}
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/routes/{routeName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "solace-consume",
"config": {
"session": {
"host": "'$SOLACE_BROKER_HOST'",
"ssl_validate_certificate": true,
"authentication": {
"scheme": "BASIC",
"username": "admin",
"password": "admin"
},
"properties": {
"SESSION_SSL_TRUST_STORE_DIR": "/usr/local/share/lua/5.1/kong/plugins/solace/cert",
"SESSION_SSL_VALIDATE_CERTIFICATE_DATE": "true",
"SESSION_SSL_VALIDATE_CERTIFICATE_HOST": "true",
"SESSION_SSL_CIPHER_SUITES": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
}
},
"flow": {
"binds": [
{
"name": "'$QUEUE_NAME'"
}
]
}
}
}
'
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/routes/{routeId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "solace-consume",
"config": {
"session": {
"host": "'$SOLACE_BROKER_HOST'",
"ssl_validate_certificate": true,
"authentication": {
"scheme": "BASIC",
"username": "admin",
"password": "admin"
},
"properties": {
"SESSION_SSL_TRUST_STORE_DIR": "/usr/local/share/lua/5.1/kong/plugins/solace/cert",
"SESSION_SSL_VALIDATE_CERTIFICATE_DATE": "true",
"SESSION_SSL_VALIDATE_CERTIFICATE_HOST": "true",
"SESSION_SSL_CIPHER_SUITES": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
}
},
"flow": {
"binds": [
{
"name": "'$QUEUE_NAME'"
}
]
}
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
routeId: Theidof the route the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: solace-consume
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
session:
host: '$SOLACE_BROKER_HOST'
ssl_validate_certificate: true
authentication:
scheme: BASIC
username: admin
password: admin
properties:
SESSION_SSL_TRUST_STORE_DIR: '/usr/local/share/lua/5.1/kong/plugins/solace/cert'
SESSION_SSL_VALIDATE_CERTIFICATE_DATE: 'true'
SESSION_SSL_VALIDATE_CERTIFICATE_HOST: 'true'
SESSION_SSL_CIPHER_SUITES: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
flow:
binds:
- name: '$QUEUE_NAME'
plugin: solace-consume
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the httproute or ingress resource:
kubectl annotate -n kong httproute konghq.com/plugins=solace-consume
kubectl annotate -n kong ingress konghq.com/plugins=solace-consume
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_solace_consume" "my_solace_consume" {
enabled = true
config = {
session = {
host = var.solace_broker_host
ssl_validate_certificate = true
authentication = {
scheme = "BASIC"
username = "admin"
password = "admin"
}
properties = {
SESSION_SSL_TRUST_STORE_DIR = "/usr/local/share/lua/5.1/kong/plugins/solace/cert"
SESSION_SSL_VALIDATE_CERTIFICATE_DATE = true
SESSION_SSL_VALIDATE_CERTIFICATE_HOST = true
SESSION_SSL_CIPHER_SUITES = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
}
}
flow = {
binds = [
{
name = var.queue_name
} ]
}
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
route = {
id = konnect_gateway_route.my_route.id
}
}
This example requires the following variables to be added to your manifest. You can specify values at runtime by setting TF_VAR_name=value.
variable "queue_name" {
type = string
}