Kafka Connect: Data Integration
Welcome to TopperBlog! 👋
I'm a tech content creator passionate about helping developers level up their careers and master cutting-edge technologies.
🎯 What I Write About:
• AI/ML Engineering & LLMs
• Web3 & Blockchain Development
• System Design & Architecture
• Interview Preparation (FAANG)
• Freelancing & Remote Work
• Modern Tech Stacks (Next.js, React, Rust, TypeScript)
• Performance Optimization & Best Practices
💼 Mission: Sharing practical, actionable insights that accelerate your tech career and maximize your earning potential.
📚 15+ In-Depth Guides covering everything from earning $10k/month as a freelancer to cracking FAANG interviews.
🌐 Let's connect and grow together in this amazing tech journey!
#TechBlogger #SoftwareEngineering #CareerGrowth #WebDevelopment #AIEngineering
Why Traditional Data Integration Fails at Scale
Legacy integration approaches collapse under modern requirements. Point-to-point integrations create O(n²) complexity as systems multiply. A company with 20 data systems needs 190 direct connections if each system must communicate with every other—an unmaintainable architecture. Batch ETL tools like traditional Airflow DAGs or cron-based scripts introduce latency measured in hours, making them unsuitable for real-time personalization, fraud detection, or operational dashboards where decisions require sub-second data freshness.
Custom microservices for data movement seem appealing initially but become technical debt. Each service requires error handling, retry logic, backpressure management, monitoring, and schema compatibility checks. When a database schema changes, every consuming service needs updates. Teams spend more time maintaining integration code than building features.
The 2025 data landscape intensifies these problems. GDPR, CCPA, and emerging AI regulations require audit trails showing exactly when data moved between systems. Real-time AI applications need feature stores synchronized within milliseconds. Multi-cloud architectures demand data replication across AWS, GCP, and Azure without vendor lock-in. Cost optimization requires efficient resource utilization—running dozens of custom integration services wastes compute and engineering time.
Kafka Connect Architecture and Core Concepts
Kafka Connect data integration operates through a distributed, scalable runtime that executes connector plugins. The architecture separates concerns: the Connect framework handles distribution, fault tolerance, and offset management while connectors implement source-specific or sink-specific logic.
Source connectors read data from external systems and write to Kafka topics. A PostgreSQL source connector captures database changes using logical replication, converting each INSERT, UPDATE, or DELETE into a Kafka event. Sink connectors read from Kafka topics and write to external systems—an Elasticsearch sink connector indexes documents for full-text search as events arrive.
The framework runs in two modes: standalone for development and distributed for production. Distributed mode provides horizontal scalability, automatic rebalancing when workers join or leave, and centralized configuration through a REST API. Workers coordinate through Kafka itself, storing connector configurations and task offsets in internal topics.
Converters handle serialization between Kafka's byte arrays and structured data. The Avro converter with Schema Registry provides schema evolution—adding optional fields to records without breaking consumers. JSON converters offer simplicity but lack schema enforcement. Protobuf converters balance performance and compatibility for polyglot environments.
Transforms enable lightweight data manipulation within Connect: filtering fields, routing records to different topics based on content, or flattening nested structures. While transforms handle simple cases, complex transformations belong in stream processing applications using Kafka Streams or Flink.
Production-Grade Kafka Connect Deployment
A modern Kafka Connect deployment requires careful configuration for reliability and performance. Here's a production-ready distributed mode setup:
# connect-distributed.properties
bootstrap.servers=kafka-1:9092,kafka-2:9092,kafka-3:9092
group.id=connect-cluster-prod
# Internal topics for coordination
config.storage.topic=connect-configs
config.storage.replication.factor=3
offset.storage.topic=connect-offsets
offset.storage.replication.factor=3
offset.storage.partitions=25
status.storage.topic=connect-status
status.storage.replication.factor=3
# Converter configuration
key.converter=io.confluent.connect.avro.AvroConverter
key.converter.schema.registry.url=https://schema-registry:8081
value.converter=io.confluent.connect.avro.AvroConverter
value.converter.schema.registry.url=https://schema-registry:8081
# Performance tuning
offset.flush.interval.ms=10000
offset.flush.timeout.ms=5000
# Security
security.protocol=SASL_SSL
sasl.mechanism=PLAIN
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="connect-user" password="${env:KAFKA_PASSWORD}";
# REST API
rest.port=8083
rest.advertised.host.name=connect-worker-1
Deploy multiple Connect workers behind a load balancer. Each worker joins the cluster automatically, and the framework distributes connector tasks across available workers. If a worker fails, tasks rebalance to healthy workers within seconds.
Implementing Change Data Capture with Debezium
Change Data Capture (CDC) represents the most powerful Kafka Connect pattern—streaming database changes to Kafka in real-time without application code changes. Debezium connectors read database transaction logs, capturing every modification with sub-second latency.
Here's a production Debezium PostgreSQL connector configuration:
{
"name": "postgres-cdc-orders",
"config": {
"connector.class": "io.debezium.connector.postgresql.PostgresConnector",
"database.hostname": "postgres-primary.internal",
"database.port": "5432",
"database.user": "replication_user",
"database.password": "${file:/secrets/db-password.txt:password}",
"database.dbname": "ecommerce",
"database.server.name": "orders-db",
"table.include.list": "public.orders,public.order_items,public.payments",
"plugin.name": "pgoutput",
"publication.name": "debezium_publication",
"slot.name": "debezium_orders_slot",
"snapshot.mode": "initial",
"snapshot.fetch.size": 10000,
"heartbeat.interval.ms": 30000,
"heartbeat.topics.prefix": "__debezium-heartbeat",
"transforms": "route,unwrap",
"transforms.route.type": "org.apache.kafka.connect.transforms.RegexRouter",
"transforms.route.regex": "([^.]+)\\.([^.]+)\\.([^.]+)",
"transforms.route.replacement": "cdc.$3",
"transforms.unwrap.type": "io.debezium.transforms.ExtractNewRecordState",
"transforms.unwrap.drop.tombstones": "false",
"transforms.unwrap.delete.handling.mode": "rewrite",
"transforms.unwrap.add.fields": "op,source.ts_ms,source.db",
"key.converter": "io.confluent.connect.avro.AvroConverter",
"value.converter": "io.confluent.connect.avro.AvroConverter",
"tasks.max": "1",
"max.batch.size": "2048",
"max.queue.size": "8192",
"poll.interval.ms": "500",
"errors.tolerance": "none",
"errors.log.enable": "true",
"errors.log.include.messages": "true"
}
}
This configuration captures changes from three tables, routes them to topic names like cdc.orders, and unwraps Debezium's envelope format to produce clean records. The ExtractNewRecordState transform adds operation metadata while preserving delete events as tombstones for proper compaction.
Critical considerations for CDC:
Replication slots in PostgreSQL must be monitored—if Connect stops consuming, the slot retains WAL segments, filling disk. Set wal_keep_size appropriately and monitor slot lag.
Initial snapshots lock tables briefly. For large tables, use snapshot.mode=schema_only and backfill data separately, or schedule snapshots during low-traffic windows.
Schema changes require coordination. Adding nullable columns works seamlessly with Avro's schema evolution. Dropping columns or changing types requires careful planning—update consumers first, then modify the database schema.
Building Custom Connectors for Proprietary Systems
When no existing connector fits your needs, building a custom connector is straightforward. Here's a simplified source connector that reads from a REST API:
public class RestApiSourceConnector extends SourceConnector {
private Map<String, String> configProps;
@Override
public void start(Map<String, String> props) {
this.configProps = props;
// Validate configuration
new RestApiSourceConnectorConfig(props);
}
@Override
public Class<? extends Task> taskClass() {
return RestApiSourceTask.class;
}
@Override
public List<Map<String, String>> taskConfigs(int maxTasks) {
List<Map<String, String>> configs = new ArrayList<>();
// Partition work across tasks - e.g., by API endpoint or date range
for (int i = 0; i < maxTasks; i++) {
Map<String, String> taskConfig = new HashMap<>(configProps);
taskConfig.put("task.id", String.valueOf(i));
configs.add(taskConfig);
}
return configs;
}
@Override
public void stop() {
// Cleanup resources
}
@Override
public ConfigDef config() {
return RestApiSourceConnectorConfig.CONFIG_DEF;
}
@Override
public String version() {
return "1.0.0";
}
}
public class RestApiSourceTask extends SourceTask {
private String apiUrl;
private String apiKey;
private String topic;
private OffsetStorageReader offsetReader;
private long lastPollTimestamp;
@Override
public void start(Map<String, String> props) {
this.apiUrl = props.get("api.url");
this.apiKey = props.get("api.key");
this.topic = props.get("topic");
this.offsetReader = context.offsetStorageReader();
// Load offset to resume from last position
Map<String, Object> offset = offsetReader.offset(
Collections.singletonMap("api", apiUrl)
);
this.lastPollTimestamp = offset != null
? (Long) offset.get("timestamp")
: System.currentTimeMillis() - 86400000; // Default: 24h ago
}
@Override
public List<SourceRecord> poll() throws InterruptedException {
List<SourceRecord> records = new ArrayList<>();
try {
// Fetch data from API with pagination
String url = String.format("%s?since=%d&limit=1000",
apiUrl, lastPollTimestamp);
HttpResponse<String> response = HttpClient.newHttpClient().send(
HttpRequest.newBuilder()
.uri(URI.create(url))
.header("Authorization", "Bearer " + apiKey)
.GET()
.build(),
HttpResponse.BodyHandlers.ofString()
);
if (response.statusCode() == 200) {
JsonArray items = JsonParser.parseString(response.body())
.getAsJsonArray();
for (JsonElement item : items) {
JsonObject obj = item.getAsJsonObject();
long timestamp = obj.get("timestamp").getAsLong();
SourceRecord record = new SourceRecord(
Collections.singletonMap("api", apiUrl),
Collections.singletonMap("timestamp", timestamp),
topic,
null,
Schema.STRING_SCHEMA,
obj.get("id").getAsString(),
null,
obj.toString()
);
records.add(record);
lastPollTimestamp = Math.max(lastPollTimestamp, timestamp);
}
} else if (response.statusCode() == 429) {
// Rate limited - back off
Thread.sleep(60000);
}
} catch (Exception e) {
throw new ConnectException("Failed to poll API", e);
}
// Return empty list if no data - Connect will call poll() again
return records;
}
@Override
public void stop() {
// Cleanup HTTP clients, close connections
}
@Override
public String version() {
return "1.0.0";
}
}
This connector demonstrates key patterns: offset management for exactly-once delivery, error handling with retries, and rate limit respect. Production connectors should add metrics, configurable retry policies, and comprehensive logging.
Common Pitfalls and Failure Modes
Connector task failures often stem from transient network issues or downstream system unavailability. Configure errors.tolerance=all with errors.deadletterqueue.topic.name to route problematic records to a DLQ for later analysis rather than stopping the entire connector.
Memory pressure occurs when connectors buffer too much data. The max.queue.size setting controls internal buffering—reduce it if workers experience OOM errors. Monitor JVM heap usage and set appropriate -Xmx values.
Offset corruption happens when Connect's offset topics lose data due to insufficient replication or retention. Always set offset.storage.replication.factor=3 and monitor these internal topics. If offsets are lost, connectors restart from the beginning, causing duplicate processing.
Schema incompatibilities break pipelines when producers and consumers expect different schemas. Use Schema Registry with compatibility modes—BACKWARD allows adding optional fields, FORWARD allows removing fields. Test schema changes in staging environments before production deployment.
Backpressure from slow sinks causes memory buildup and eventual failures. If a sink connector can't keep up with source throughput, either scale horizontally by increasing tasks.max or optimize the sink system. Monitor consumer lag on sink connector input topics.
Network partitions between Connect workers and Kafka can cause split-brain scenarios. Ensure proper network configuration and monitor worker health. Use Kubernetes liveness/readiness probes to detect and restart unhealthy workers.
Credential rotation breaks connectors if not handled properly. Use externalized secrets with ${file:} or ${env:} syntax rather than hardcoding credentials. Implement automated credential rotation with minimal downtime by updating configurations via the REST API.
Best Practices for Production Kafka Connect
Separate Connect clusters by workload. Run CDC connectors in a dedicated cluster isolated from bulk data loads. CDC requires low latency and high reliability; mixing with batch jobs risks resource contention.
Monitor connector and task health using JMX metrics. Key metrics include connector-total-task-count, task-error-rate, source-record-poll-rate, and sink-record-send-rate. Alert on task failures and declining throughput.
Implement circuit breakers for external system failures. If a sink system is down, pause the connector rather than accumulating errors. Use the REST API to automate pause/resume based on downstream health checks.
Version control connector configurations in Git. Deploy configurations through CI/CD pipelines with validation steps. This enables rollback, audit trails, and consistent deployments across environments.
Test schema evolution scenarios before production. Create test cases for adding fields, removing fields, and changing field types. Verify that consumers handle schema changes gracefully.
Size Connect clusters appropriately. Each worker should handle 10-20 tasks comfortably. Monitor CPU and memory usage—if workers consistently exceed 70% utilization, add more workers.
Use exactly-once semantics where supported. Kafka Connect 3.3+ supports exactly-once for source connectors when exactly.once.support=required and transaction.boundary=connector. This prevents duplicates during rebalances.
Implement data quality checks downstream. Connect ensures delivery but not data correctness. Use stream processing to validate data quality, detect anomalies, and route invalid records to quarantine topics.
Plan for disaster recovery. Back up Connect's internal topics (connect-configs, connect-offsets, connect-status). Document connector configurations and dependencies. Test recovery procedures regularly.
Optimize for cost. Use tiered storage for Kafka topics to reduce storage costs. Configure appropriate retention policies—CDC topics often need longer retention than transient event streams. Right-size worker instances based on actual resource usage.
Frequently Asked Questions
What is Kafka Connect and how does it differ from Kafka Streams?
Kafka Connect is a data integration framework for moving data between Kafka and external systems like databases, search indexes, and cloud storage. Kafka Streams is a library for processing and transforming data within Kafka. Use Connect for integration, Streams for transformation. They complement each other—Connect ingests data, Streams processes it, Connect exports results.
How does Kafka Connect ensure exactly-once delivery in 2025?
Kafka Connect achieves exactly-once through transactional writes to Kafka and idempotent sink operations. Source connectors use Kafka transactions to atomically commit offsets with produced records. Sink connectors use consumer transactions and idempotent writes to external systems. Configure exactly.once.support=required for source connectors and ensure sink systems support idempotent operations or use transactional APIs.
What is the best way to scale Kafka Connect for high-throughput workloads?
Scale horizontally by adding more workers to the Connect cluster and increasing tasks.max for connectors. Each task runs independently, allowing parallel processing. For source connectors, ensure the source system can handle parallel reads. For sink connectors, verify the destination system can handle concurrent writes. Monitor task distribution across workers and rebalance if needed.
When should you avoid using Kafka Connect?
Avoid Connect for complex data transformations—use Kafka Streams or Flink instead. Don't use Connect for ultra-low latency requirements under 10ms—direct Kafka producer/consumer code offers lower overhead. Skip Connect if you need custom business logic tightly coupled with data movement—build a dedicated microservice. For one-time data migrations, batch tools may be simpler.
How do you handle schema evolution with Kafka Connect in production?
Use Schema Registry with Avro, Protobuf, or JSON Schema. Configure compatibility modes: BACKWARD for adding optional fields (consumers first, then producers), FORWARD for removing fields (producers first, then consumers). Test schema changes in staging. Use the ExtractNewRecordState transform with Debezium to handle schema changes in CDC scenarios. Version schemas explicitly and maintain documentation.
What are the security best practices for Kafka Connect deployments?
Enable TLS encryption for all connections (Kafka, Schema Registry, external systems). Use SASL authentication with SCRAM or OAuth. Externalize credentials using environment variables or secret management systems like HashiCorp Vault. Apply principle of least privilege—grant connectors only necessary permissions. Enable audit logging for configuration changes via the REST API. Secure the REST API with authentication and restrict network access.
How do you troubleshoot Kafka Connect connector failures?
Check connector status via REST API: GET /connectors/{name}/status. Review worker logs for stack traces and error messages. Verify external system connectivity and credentials. Check Schema Registry for schema compatibility issues. Monitor Kafka consumer lag if it's a sink connector. Use errors.log.enable=true to log problematic records. Test connector configuration in isolation with minimal data. Validate network policies and firewall rules.
Conclusion
Kafka Connect data integration provides a robust
