Chapter 13. GenericKafkaListenerConfiguration schema reference
Used in: GenericKafkaListener
Full list of GenericKafkaListenerConfiguration
schema properties
Configuration for Kafka listeners.
13.1. brokerCertChainAndKey
The brokerCertChainAndKey
property is only used with listeners that have TLS encryption enabled. You can use the property to provide your own Kafka listener certificates.
Example configuration for a loadbalancer
external listener with TLS encryption enabled
listeners: #... - name: external3 port: 9094 type: loadbalancer tls: true authentication: type: tls configuration: brokerCertChainAndKey: secretName: my-secret certificate: my-listener-certificate.crt key: my-listener-key.key # ...
When the certificate or key in the brokerCertChainAndKey
secret is updated, the operator will automatically detect it in the next reconciliation and trigger a rolling update of the Kafka brokers to reload the certificate.
13.2. externalTrafficPolicy
The externalTrafficPolicy
property is used with loadbalancer
and nodeport
listeners. When exposing Kafka outside of OpenShift you can choose Local
or Cluster
. Local
avoids hops to other nodes and preserves the client IP, whereas Cluster
does neither. The default is Cluster
.
13.3. loadBalancerSourceRanges
The loadBalancerSourceRanges
property is only used with loadbalancer
listeners. When exposing Kafka outside of OpenShift use source ranges, in addition to labels and annotations, to customize how a service is created.
Example source ranges configured for a loadbalancer listener
listeners: #... - name: external3 port: 9094 type: loadbalancer tls: false configuration: externalTrafficPolicy: Local loadBalancerSourceRanges: - 10.0.0.0/8 - 88.208.76.87/32 # ... # ...
13.4. class
The class
property is only used with ingress
listeners. You can configure the Ingress
class using the class
property.
Example of an external listener of type ingress
using Ingress
class nginx-internal
listeners: #... - name: external2 port: 9094 type: ingress tls: true configuration: class: nginx-internal # ... # ...
13.5. preferredNodePortAddressType
The preferredNodePortAddressType
property is only used with nodeport
listeners.
Use the preferredNodePortAddressType
property in your listener configuration to specify the first address type checked as the node address. This property is useful, for example, if your deployment does not have DNS support, or you only want to expose a broker internally through an internal DNS or IP address. If an address of this type is found, it is used. If the preferred address type is not found, Streams for Apache Kafka proceeds through the types in the standard order of priority:
- ExternalDNS
- ExternalIP
- Hostname
- InternalDNS
- InternalIP
Example of an external listener configured with a preferred node port address type
listeners: #... - name: external4 port: 9094 type: nodeport tls: false configuration: preferredNodePortAddressType: InternalDNS # ... # ...
13.6. useServiceDnsDomain
The useServiceDnsDomain
property is only used with internal
and cluster-ip
listeners. It defines whether the fully-qualified DNS names that include the cluster service suffix (usually .cluster.local
) are used. With useServiceDnsDomain
set as false
, the advertised addresses are generated without the service suffix; for example, my-cluster-kafka-0.my-cluster-kafka-brokers.myproject.svc
. With useServiceDnsDomain
set as true
, the advertised addresses are generated with the service suffix; for example, my-cluster-kafka-0.my-cluster-kafka-brokers.myproject.svc.cluster.local
. Default is false
.
Example of an internal listener configured to use the Service DNS domain
listeners: #... - name: plain port: 9092 type: internal tls: false configuration: useServiceDnsDomain: true # ... # ...
If your OpenShift cluster uses a different service suffix than .cluster.local
, you can configure the suffix using the KUBERNETES_SERVICE_DNS_DOMAIN
environment variable in the Cluster Operator configuration.
13.7. GenericKafkaListenerConfiguration
schema properties
Property | Property type | Description |
---|---|---|
brokerCertChainAndKey |
Reference to the | |
externalTrafficPolicy | string (one of [Local, Cluster]) |
Specifies whether the service routes external traffic to node-local or cluster-wide endpoints. |
loadBalancerSourceRanges | string array |
A list of CIDR ranges (for example |
bootstrap | Bootstrap configuration. | |
brokers | Per-broker configurations. | |
ipFamilyPolicy | string (one of [RequireDualStack, SingleStack, PreferDualStack]) |
Specifies the IP Family Policy used by the service. Available options are |
ipFamilies | string (one or more of [IPv6, IPv4]) array |
Specifies the IP Families used by the service. Available options are |
createBootstrapService | boolean |
Whether to create the bootstrap service or not. The bootstrap service is created by default (if not specified differently). This field can be used with the |
class | string |
Configures a specific class for |
finalizers | string array |
A list of finalizers which will be configured for the |
maxConnectionCreationRate | integer | The maximum connection creation rate we allow in this listener at any time. New connections will be throttled if the limit is reached. |
maxConnections | integer | The maximum number of connections we allow for this listener in the broker at any time. New connections are blocked if the limit is reached. |
preferredNodePortAddressType | string (one of [ExternalDNS, ExternalIP, Hostname, InternalIP, InternalDNS]) |
Defines which address type should be used as the node address. Available types are:
This field is used to select the preferred address type, which is checked first. If no address is found for this address type, the other types are checked in the default order. This field can only be used with |
useServiceDnsDomain | boolean |
Configures whether the OpenShift service DNS domain should be used or not. If set to |