confluentinc
diff --git a/‎hybrid/clusterlink/non_confluent_source_cluster/README.md
+287 b/‎hybrid/clusterlink/non_confluent_source_cluster/README.md
+287
diff --git a/‎hybrid/clusterlink/non_confluent_source_cluster/ca-key.pem
+27 b/‎hybrid/clusterlink/non_confluent_source_cluster/ca-key.pem
+27
diff --git a/‎hybrid/clusterlink/non_confluent_source_cluster/ca.pem
+20 b/‎hybrid/clusterlink/non_confluent_source_cluster/ca.pem
+20
diff --git a/‎hybrid/clusterlink/non_confluent_source_cluster/clusterlink.yaml
+15 b/‎hybrid/clusterlink/non_confluent_source_cluster/clusterlink.yaml
+15
diff --git a/‎hybrid/clusterlink/non_confluent_source_cluster/clusterlinkfilter-disabled.yaml
+21 b/‎hybrid/clusterlink/non_confluent_source_cluster/clusterlinkfilter-disabled.yaml
+21
diff --git a/‎hybrid/clusterlink/non_confluent_source_cluster/clusterlinkfilter-enabled-and-list-noprefix.yaml
+22 b/‎hybrid/clusterlink/non_confluent_source_cluster/clusterlinkfilter-enabled-and-list-noprefix.yaml
+22
@@ -0,0 +1,287 @@
+## ClusterLink Setup
+
+### Kafka Cluster with Mutual TLS Authentication
+In this example, source is running opensource kafka without any security and destination Confluent Server run in mutual TLS mode.
+
+## Set up Pre-requisites
+Set the tutorial directory for this tutorial under the directory you downloaded
+the tutorial files:
+
+```
+export TUTORIAL_HOME=$PWD/hybrid/clusterlink/non_confluent_source_cluster
+```
+
+```
+kubectl create ns destination
+```
+
+Deploy Confluent for Kubernetes (CFK) in cluster mode, so that the one CFK instance can manage Confluent deployments in multiple namespaces. Here, CFk is deployed to the `default` namespace.
+
+```
+helm upgrade --install confluent-operator \
+  confluentinc/confluent-for-kubernetes \
+  --namespace default --set namespaced=false
+```
+
+### Source Cluster Deployment  
+```
+kubectl -n destination apply -f $TUTORIAL_HOME/zk-kafka-source.yaml
+```
+
+#### Create a topic on the source cluster and produce some data
+
+```
+kubectl -n destination exec -it notcflt  -- bash
+/opt/kafka_2.13-3.3.1/bin/kafka-topics.sh --bootstrap-server localhost:9092 --create --partitions 3 --replication-factor 1  --topic demo
+seq 1000 | /opt/kafka_2.13-3.3.1/bin/kafka-console-producer.sh --broker-list localhost:9092 --topic demo
+```
+
+You will need to keep the cluster ID from the source cluster:  
+```
+ grep cluster /tmp/kafka-logs/meta.properties | cut -d "=" -f 2
+```  
+
+Use the above value in the field `clusterID` line 13 in file `$TUTORIAL_HOME/clusterlink.yaml`.  
+
+### Destination Cluster Deployment
+
+### Create required secrets  
+
+```
+kubectl -n destination create secret generic credential \
+    --from-file=plain-users.json=$TUTORIAL_HOME/creds-kafka-sasl-users.json \
+    --from-file=plain.txt=$TUTORIAL_HOME/creds-client-kafka-sasl-user.txt \
+    --from-file=basic.txt=$TUTORIAL_HOME/creds-basic-users.txt
+```
+
+Generate a CA pair to use in this tutorial:
+```
+openssl genrsa -out $TUTORIAL_HOME/ca-key.pem 2048
+openssl req -new -key $TUTORIAL_HOME/ca-key.pem -x509 \
+  -days 1000 \
+  -out $TUTORIAL_HOME/ca.pem \
+  -subj "/C=US/ST=CA/L=MountainView/O=Confluent/OU=Operator/CN=TestCA"
+```
+Then, provide the certificate authority as a Kubernetes secret ca-pair-sslcerts  
+```
+kubectl -n destination create secret tls ca-pair-sslcerts \
+    --cert=$TUTORIAL_HOME/ca.pem \
+    --key=$TUTORIAL_HOME/ca-key.pem   
+```
+
+```
+kubectl -n destination create secret generic destination-tls-zk1 \
+    --from-file=fullchain.pem=$TUTORIAL_HOME/../../../assets/certs/component-certs/generated/zookeeper-server.pem \
+    --from-file=cacerts.pem=$TUTORIAL_HOME/../../../assets/certs/component-certs/generated/cacerts.pem \
+    --from-file=privkey.pem=$TUTORIAL_HOME/../../../assets/certs/component-certs/generated/zookeeper-server-key.pem
+
+kubectl -n destination create secret generic destination-tls-group1 \
+    --from-file=fullchain.pem=$TUTORIAL_HOME/../../../assets/certs/component-certs/generated/kafka-server.pem \
+    --from-file=cacerts.pem=$TUTORIAL_HOME/../../../assets/certs/component-certs/generated/cacerts.pem \
+    --from-file=privkey.pem=$TUTORIAL_HOME/../../../assets/certs/component-certs/generated/kafka-server-key.pem
+    
+kubectl -n destination create secret generic rest-credential \
+    --from-file=basic.txt=$TUTORIAL_HOME/rest-credential.txt
+    
+kubectl -n destination create secret generic password-encoder-secret \
+    --from-file=password-encoder.txt=$TUTORIAL_HOME/password-encoder-secret.txt
+ 
+```
+#### Deploy destination zookeeper and kafka cluster in namespace `destination`
+
+```
+kubectl apply -f $TUTORIAL_HOME/zk-kafka-destination.yaml
+```
+
+After the Kafka cluster is in running state, create cluster link between source and destination. Cluster link will be created in the destination cluster.
+
+```
+kubectl -n destination get pods     
+```
+
+#### Create clusterlink between source and destination
+```
+kubectl apply -f $TUTORIAL_HOME/clusterlink.yaml
+kubectl -n destination get cl     
+```
+
+### Run test
+
+#### Open a new terminal and exec into destination kafka pod
+```
+kubectl -n destination exec kafka-0 -it -- bash
+```
+
+#### Create kafka.properties for destination kafka cluster
+
+```
+cat <<EOF > /tmp/kafka.properties
+bootstrap.servers=kafka.destination.svc.cluster.local:9071
+security.protocol=SSL
+ssl.truststore.location=/mnt/sslcerts/truststore.p12
+ssl.truststore.password=mystorepassword
+ssl.keystore.location=/mnt/sslcerts/keystore.p12
+ssl.keystore.password=mystorepassword
+EOF
+```
+
+#### Validate topic is created in destination kafka cluster
+
+```
+kafka-topics --describe --topic demo --bootstrap-server kafka.destination.svc.cluster.local:9071 --command-config /tmp/kafka.properties
+```
+
+#### Consume in destination kafka cluster and confirm message delivery in destination cluster
+
+```
+kafka-console-consumer --from-beginning --topic demo --bootstrap-server kafka.destination.svc.cluster.local:9071  --consumer.config /tmp/kafka.properties
+```
+
+### Commands to be used on the Confluent server if needed  
+```
+kubectl -n destination exec kafka-0 -it -- bash
+cat <<EOF > /tmp/kafka.properties
+bootstrap.servers=kafka.destination.svc.cluster.local:9071
+security.protocol=SSL
+ssl.truststore.location=/mnt/sslcerts/truststore.p12
+ssl.truststore.password=mystorepassword
+ssl.keystore.location=/mnt/sslcerts/keystore.p12
+ssl.keystore.password=mystorepassword
+EOF
+kafka-cluster-links --bootstrap-server kafka.destination.svc.cluster.local:9071 --command-config /tmp/kafka.properties --list
+kafka-cluster-links --bootstrap-server kafka.destination.svc.cluster.local:9071 --command-config /tmp/kafka.properties --list --link clusterlink-cflt --include-topics
+kafka-replica-status --bootstrap-server kafka.destination.svc.cluster.local:9071 --admin.config /tmp/kafka.properties --topics demo --include-mirror
+kafka-mirrors --describe --topics demo  --bootstrap-server kafka.destination.svc.cluster.local:9071 --command-config /tmp/kafka.properties
+```
+
+Check it's a read only:  
+```
+kafka-console-producer --topic demo --bootstrap-server kafka.destination.svc.cluster.local:9071 --producer.config /tmp/kafka.properties
+>test
+>[2023-01-18 11:10:59,329] ERROR Error when sending message to topic demo with key: null, value: 3 bytes with error: (org.apache.kafka.clients.producer.internals.ErrorLoggingCallback)
+org.apache.kafka.common.errors.InvalidRequestException: Cannot append records to read-only mirror topic 'demo'
+```
+### Filter using
+
+Create a set of topics (filterdemo 1-5):  
+```
+kubectl -n destination exec -it notcflt  -- bash
+for i in {1..5}; do /opt/kafka_2.13-3.3.1/bin/kafka-topics.sh --bootstrap-server localhost:9092 --create --partitions 3 --replication-factor 1  --topic filterdemo$i; done
+for i in {1..5}; do seq 1000 | /opt/kafka_2.13-3.3.1/bin/kafka-console-producer.sh --broker-list localhost:9092 --topic filterdemo$i; done
+```
+Verify that there are messages in the source topic: 
+```
+/opt/kafka_2.13-3.3.1/bin/kafka-console-consumer.sh --from-beginning --topic filterdemo5 --bootstrap-server localhost:9092 
+```  
+First create a Cluster Link with autoCreateTopics disabled:
+
+```
+  mirrorTopicOptions:
+    autoCreateTopics: 
+      enabled: false
+      topicFilters: 
+        - filterType: INCLUDE
+          name: filterdemo
+          patternType: PREFIXED
+    prefix: "dest-"
+```
+
+```
+kubectl -n destination apply -f $TUTORIAL_HOME/clusterlinkfilter-disabled.yaml
+kubectl -n destination get cl
+```
+
+Notice that nothing is being created.
+Now change to `enabled: true`, wait 5 minutes ([default metadata duration](https://docs.confluent.io/platform/current/multi-dc-deployments/cluster-linking/topic-data-sharing.html#change-the-source-topics-partitions)): 
+```
+kubectl -n destination apply -f $TUTORIAL_HOME/clusterlinkfilter-enabled.yaml
+```
+Check for the topics on the destination cluster: 
+```
+kafka-topics --bootstrap-server kafka.destination.svc.cluster.local:9071 --command-config /tmp/kafka.properties --list
+```
+Once the topics are there, consume from the destination topics:  
+```
+kafka-console-consumer --from-beginning --topic dest-filterdemo5  --bootstrap-server kafka.destination.svc.cluster.local:9071  --consumer.config /tmp/kafka.properties
+```
+
+## Filter and topic list together 
+
+### With prefix 
+If you're using `prefix` you must include `sourceTopicName` as well. 
+
+```
+  mirrorTopics:
+  - name: merge-dest-atopic # must match prefix as a name https://docs.confluent.io/operator/current/co-link-clusters.html#create-a-mirror-topic
+    sourceTopicName: atopic
+```
+
+Create a set of topics (newfilterdemo 1-5):  
+```
+kubectl -n destination exec -it notcflt  -- bash
+for i in {1..5}; do /opt/kafka_2.13-3.3.1/bin/kafka-topics.sh --bootstrap-server localhost:9092 --create --partitions 3 --replication-factor 1 --topic newfilterdemo$i; done
+for i in {1..5}; do seq 1000 | /opt/kafka_2.13-3.3.1/bin/kafka-console-producer.sh --broker-list localhost:9092 --topic newfilterdemo$i; done
+
+/opt/kafka_2.13-3.3.1/bin/kafka-topics.sh --bootstrap-server localhost:9092 --create --partitions 3 --replication-factor 1 --topic atopic
+seq 1000 | /opt/kafka_2.13-3.3.1/bin/kafka-console-producer.sh --broker-list localhost:9092 --topic atopic
+
+```
+Verify that there are messages in the source topic: 
+```
+/opt/kafka_2.13-3.3.1/bin/kafka-console-consumer.sh --from-beginning --topic newfilterdemo1 --bootstrap-server localhost:9092 
+```
+
+Apply the cluster link: 
+```
+kubectl -n destination apply -f $TUTORIAL_HOME/clusterlinkfilter-enabled-and-list-prefix.yaml
+```
+Check the topics on the destination cluster. 
+
+### Without prefix
+
+If you're **NOT** using `prefix` pass the change like so: 
+
+```
+  mirrorTopics:
+  - name: nopffilterdemo
+```
+Create a set of topics (newfilterdemo 1-5):  
+```
+kubectl -n destination exec -it notcflt  -- bash
+for i in {1..5}; do /opt/kafka_2.13-3.3.1/bin/kafka-topics.sh --bootstrap-server localhost:9092 --create --partitions 3 --replication-factor 1 --topic nopffilterdemo$i; done
+for i in {1..5}; do seq 1000 | /opt/kafka_2.13-3.3.1/bin/kafka-console-producer.sh --broker-list localhost:9092 --topic nopffilterdemo$i; done
+
+/opt/kafka_2.13-3.3.1/bin/kafka-topics.sh --bootstrap-server localhost:9092 --create --partitions 3 --replication-factor 1 --topic npfatopic
+seq 1000 | /opt/kafka_2.13-3.3.1/bin/kafka-console-producer.sh --broker-list localhost:9092 --topic npfatopic
+
+```
+Verify that there are messages in the source topic: 
+```
+/opt/kafka_2.13-3.3.1/bin/kafka-console-consumer.sh --from-beginning --topic nopffilterdemo5 --bootstrap-server localhost:9092 
+```
+
+Apply the cluster link: 
+```
+kubectl -n destination apply -f $TUTORIAL_HOME/clusterlinkfilter-enabled-and-list-noprefix.yaml
+```
+Check the topics on the destination cluster. 
+
+
+### Tear down 
+
+```
+kubectl -n destination delete -f $TUTORIAL_HOME/clusterlink.yaml
+kubectl -n destination delete -f $TUTORIAL_HOME/clusterlinkfilter-enabled.yaml
+kubectl -n destination delete -f $TUTORIAL_HOME/clusterlinkfilter-enabled-and-list-prefix.yaml
+kubectl -n destination delete -f $TUTORIAL_HOME/clusterlinkfilter-enabled-and-list-noprefix.yaml
+kubectl -n destination delete -f $TUTORIAL_HOME/zk-kafka-destination.yaml
+kubectl -n destination delete secret password-encoder-secret
+kubectl -n destination delete secret rest-credential
+kubectl -n destination delete secret destination-tls-group1
+kubectl -n destination delete secret destination-tls-zk1
+kubectl -n destination delete secret ca-pair-sslcerts
+kubectl -n destination delete secret credential
+kubectl -n destination delete -f $TUTORIAL_HOME/zk-kafka-source.yaml
+kubectl delete ns destination
+helm -n default delete confluent-operator
+```
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAoOI6pVYsH81VME2PDszr24bl/Tm7Jjp2A8d41ov2EByZa+GO
+g25RAR+Fk54I79geWxlN9Y4uQiq7r6unG3n7VrvZWgBAdobihHE7oVlmgpkCljxk
+ItBOJYmD/KFFelUPTc8WbsBs2+AT4W1c/rR2Vbn6SFWGhDo+Vi6466obOzJ0NZWT
+9sF+Zw0JUnNo4jTmPd89YqllRpJl/KGwdPTc+Bp3Lr8UR3AE54VvLAOo7G7Ryf2z
+SqrrcZHVQPrieS+k/icyzXbYskwtZ1C+2rfcs/goBTf20VooL4kzMckIkAwzYzOJ
+2H7+AXK5dqEwh32d95/vLKnxCdv6yIaM0UHaCQIDAQABAoIBAD9JPrCTOUA5UW1y
+1PeJfK4aXpZCA3CCRrIt4UbkP6MO3Psm+xyQZKUAdVcgL3vJlAdZ6OTTTTcSAEqW
+R2Hzlf8EXfedab42SRy4PjC2LjDpZ68Zinp3XoY9lgHmnqIEm8SL1dMzNp83ghqH
+HrHC41nNkrqpigSxtJvKPUvW2mdqTavUU28s+DlkH0Z4puX1EUkzUbyrKiPIWIPE
+MxHbzQ/AaRpJr0jK4rvQ6rPKAXaxkkX5zVl+mxI6hbVBRgZoBfRVYrKDtoJ+VAug
+WWtIcJZiUEhB67FQ8D1rwRBsAFMjb4GWRhqkgnBWI4fR70VKoMv5hihYVoH3NfWW
+/WQ7dAECgYEA0uo/RQG7RfZcArHzyTOCWR4iIEphvEza+zmuTOJMo7hZ8fe7xAxN
+QeRi/5X4dt1Xdc7ThvfXa3ElhwPUXPo1exGu8bYniZkM/3o9RBJkvMO/eWzIYDut
+Fqscpuf4ORirZSl8AM4PzEXREiMXCDcpfWkM1WDBRsTzQQIEOxhRvqECgYEAw0Yn
+U32AK0TqdJZ9WJic82HeIdJczaXruex908NyA/ztW0hiCB0BhS4TedO5FJRIzU8N
+2+VlY3lRLVAHJjWNkFH2dONKnJyOHnSPPS3pbeHQTykoAxHMCP5d3csivzB6ozKh
+BEj38SN+0eMx6DZVGXX25dLBeN+arNu14wdMamkCgYEAtfKOEiGkRH56cXjCLdfZ
+ord0CRchqSdD4WWpD3pJUxM9xJdJy54xJ562KHZfmWrogCCkKdK0a2N4VDjhgjP2
+3uwqVyokgXce12XEZGzZql3TWBSX5yyT7PJADVwfrmGxudtHtgoNZtLzwQm0XMn5
+aM6u24RUN5C/qFzs+W3JVwECgYEAtfC5V3sJXkdZw8Mris62/bVkCFM+EIXVeme0
+XQgvRTP12yU34aNU9UeW8d2pBlma82AC4616qBIy5ms4HgurmJolbYcQz5a2e/3S
+MAiFA9JwCjGojCOa3Y5S2wIXn9eFjGTxzVJHYa/Wy6xJpbhp1c0pe7zAcuSz8vbL
+I3p7YnECgYAjKAyVLRFqEe1rekWojGMFNLeuzo4PVkjemaCK+/W1hLNxH9m4MnGt
+IodMSoS1b/SuUGX1qF0y5HqpvBXpGjZpmx/O9rDdGjYgDUkyeziu51mIHbsphcQm
+KYbZuK0lu1BG5byo9n8DBOJHv9AbYamPUR9s9pqgalweY8oF+fI28g==
+-----END RSA PRIVATE KEY-----
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTjCCAjYCCQCiHP62dMLuljANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJV
+UzELMAkGA1UECAwCQ0ExFTATBgNVBAcMDE1vdW50YWluVmlldzESMBAGA1UECgwJ
+Q29uZmx1ZW50MREwDwYDVQQLDAhPcGVyYXRvcjEPMA0GA1UEAwwGVGVzdENBMB4X
+DTIzMDExODEzNDMwMloXDTI1MTAxNDEzNDMwMlowaTELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgMAkNBMRUwEwYDVQQHDAxNb3VudGFpblZpZXcxEjAQBgNVBAoMCUNvbmZs
+dWVudDERMA8GA1UECwwIT3BlcmF0b3IxDzANBgNVBAMMBlRlc3RDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDiOqVWLB/NVTBNjw7M69uG5f05uyY6
+dgPHeNaL9hAcmWvhjoNuUQEfhZOeCO/YHlsZTfWOLkIqu6+rpxt5+1a72VoAQHaG
+4oRxO6FZZoKZApY8ZCLQTiWJg/yhRXpVD03PFm7AbNvgE+FtXP60dlW5+khVhoQ6
+PlYuuOuqGzsydDWVk/bBfmcNCVJzaOI05j3fPWKpZUaSZfyhsHT03Pgady6/FEdw
+BOeFbywDqOxu0cn9s0qq63GR1UD64nkvpP4nMs122LJMLWdQvtq33LP4KAU39tFa
+KC+JMzHJCJAMM2Mzidh+/gFyuXahMId9nfef7yyp8Qnb+siGjNFB2gkCAwEAATAN
+BgkqhkiG9w0BAQsFAAOCAQEAe4K0BmalhQE7TuOYmUEZefg4mxoeA7KxutKhjeQp
+YsQPakexXBXKlNOiMOfUxOxIhIi6uVbZx1xMbyjYtHMSE9yTbALZ5F5EBJWvMN4E
+eK1zlb1qmiiwWZ/QQC7dhys+r2yCcaGhJf3M5l92c/jJVnPCLAyuURElZ+tM9mGx
+kCfDbFud9O/9q/KqpdgUII5TzyjJ3gh2PYc7b+gMzzzSFgd6bgaRc1cU8ZrM4C1y
+snzgvEgh+uLoq1YXh3Lwm6F5JI1y3fOWeJZKBg/HfYRMcdFF+npLFDzL5BRWKFq7
+lij0z4K9ZPNr1spQ4o2t8KHt53YJSso7Z/IjMHma4VS+og==
+-----END CERTIFICATE-----
@@ -0,0 +1,15 @@
+apiVersion: platform.confluent.io/v1beta1
+kind: ClusterLink
+metadata:
+  name: clusterlink-cflt
+  namespace: destination
+spec:
+  destinationKafkaCluster:
+    kafkaRestClassRef:
+      name: destination-kafka-rest
+      namespace: destination
+  sourceKafkaCluster:
+    bootstrapEndpoint: notcflt.destination.svc.cluster.local:9092
+    clusterID: XqsWIFY8TcqYbIr_YMxJ2g
+  mirrorTopics:
+  - name: demo
@@ -0,0 +1,21 @@
+apiVersion: platform.confluent.io/v1beta1
+kind: ClusterLink
+metadata:
+  name: clusterlink-cflt-filter
+  namespace: destination
+spec:
+  destinationKafkaCluster:
+    kafkaRestClassRef:
+      name: destination-kafka-rest
+      namespace: destination
+  sourceKafkaCluster:
+    bootstrapEndpoint: notcflt.destination.svc.cluster.local:9092
+    clusterID: XqsWIFY8TcqYbIr_YMxJ2g
+  mirrorTopicOptions:
+    autoCreateTopics: 
+      enabled: false
+      topicFilters: 
+        - filterType: INCLUDE
+          name: filterdemo
+          patternType: PREFIXED
+    prefix: "dest-"
@@ -0,0 +1,22 @@
+apiVersion: platform.confluent.io/v1beta1
+kind: ClusterLink
+metadata:
+  name: clusterlink-cflt-filterandlist
+  namespace: destination
+spec:
+  destinationKafkaCluster:
+    kafkaRestClassRef:
+      name: destination-kafka-rest
+      namespace: destination
+  sourceKafkaCluster:
+    bootstrapEndpoint: notcflt.destination.svc.cluster.local:9092
+    clusterID: XqsWIFY8TcqYbIr_YMxJ2g
+  mirrorTopicOptions:
+    autoCreateTopics: 
+      enabled: true
+      topicFilters: 
+        - filterType: INCLUDE
+          name: nopffilterdemo
+          patternType: PREFIXED
+  mirrorTopics:
+  - name: npfatopic