docs: kafka: add Windows SSPI support for MSK IAM authentication

[bp-cheng]

docs: kafka: add Windows SSPI support for MSK IAM authentication

Summary by CodeRabbit

• Documentation
  • Updated Build Requirements and AWS MSK IAM prerequisites documentation with platform-specific tables for Linux/macOS and Windows.
  • Added Windows-specific notes regarding SASL libraries, SSPI, and OpenSSL requirements for improved clarity.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Documentation update to pipeline/outputs/kafka.md that replaces plain bullet points with structured platform-specific requirement tables in the Build Requirements and AWS MSK IAM prerequisites sections, distinguishing Linux/macOS from Windows configurations with platform-specific notes.

Changes

Cohort / File(s)	Summary
Documentation pipeline/outputs/kafka.md	Replaced plain bullets with two-row Platform tables under Build Requirements and AWS MSK IAM prerequisites; added platform-specific details for Windows (SASL libraries, SSPI, OpenSSL notes) and Linux/macOS

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A table fair, so neat and true,
Platform needs, both old and new,
Windows, Linux, side by side,
Kafka's secrets, clearly tied!
Documentation hops with glee,
Structured, clear as can be! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: documentation updates to the Kafka plugin adding Windows SSPI support for MSK IAM authentication.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f4d0117 and 8150f77.

📒 Files selected for processing (1)

• pipeline/outputs/kafka.md

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: kalavt
Repo: fluent/fluent-bit-docs PR: 2294
File: pipeline/inputs/kafka.md:147-168
Timestamp: 2025-12-12T14:30:18.461Z
Learning: In Fluent Bit v4.0.4+, when using AWS MSK IAM authentication (rdkafka.sasl.mechanism: aws_msk_iam), the rdkafka.security.protocol is automatically set to SASL_SSL and the AWS region is auto-detected from the broker hostname for standard MSK endpoints. The aws_msk_iam_cluster_arn parameter was removed - users only need to set rdkafka.sasl.mechanism: aws_msk_iam (and optionally aws_region for custom DNS/PrivateLink).

🔇 Additional comments (1)

pipeline/outputs/kafka.md (1)

248-251: Windows SSPI support table structure looks good.

The platform-specific Build Requirements table appropriately distinguishes between Linux/macOS and Windows configurations, with clear notes about SSPI and OpenSSL/TLS requirements for Windows. This aligns well with the PR objective to document Windows SSPI support.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[bp-cheng]

@codex review

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

pipeline/outputs/kafka.md (2)

5-5: Fix plugin type reference in introductory text.

Line 5 references "Kafka input plugin" but this documentation is for the Kafka output plugin. This inconsistency may confuse readers.

Suggested fix:

-In Fluent Bit 4.0.4 and later, the Kafka input plugin supports authentication with AWS MSK IAM, enabling integration with Amazon MSK (Managed Streaming for Apache Kafka) clusters that require IAM-based access.
+In Fluent Bit 4.0.4 and later, the Kafka output plugin supports authentication with AWS MSK IAM, enabling integration with Amazon MSK (Managed Streaming for Apache Kafka) clusters that require IAM-based access.

---

290-293: Remove aws_msk_iam_cluster_arn from the AWS MSK IAM configuration example.

In Fluent Bit v4.0.4+, the aws_msk_iam_cluster_arn parameter was removed. The minimal required configuration for AWS MSK IAM authentication is aws_msk_iam: true only (the region is auto-detected from the broker hostname). Update the example at lines 290-293 to remove the aws_msk_iam_cluster_arn line, and update the parameter table to reflect that this parameter is no longer used.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f4d0117 and 8150f77.

📒 Files selected for processing (1)

• pipeline/outputs/kafka.md

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: kalavt
Repo: fluent/fluent-bit-docs PR: 2294
File: pipeline/inputs/kafka.md:147-168
Timestamp: 2025-12-12T14:30:18.461Z
Learning: In Fluent Bit v4.0.4+, when using AWS MSK IAM authentication (rdkafka.sasl.mechanism: aws_msk_iam), the rdkafka.security.protocol is automatically set to SASL_SSL and the AWS region is auto-detected from the broker hostname for standard MSK endpoints. The aws_msk_iam_cluster_arn parameter was removed - users only need to set rdkafka.sasl.mechanism: aws_msk_iam (and optionally aws_region for custom DNS/PrivateLink).

🔇 Additional comments (1)

pipeline/outputs/kafka.md (1)

248-251: Windows SSPI support table structure looks good.

The platform-specific Build Requirements table appropriately distinguishes between Linux/macOS and Windows configurations, with clear notes about SSPI and OpenSSL/TLS requirements for Windows. This aligns well with the PR objective to document Windows SSPI support.