Appendix C. Custom Resource API Reference

C.1. `Kafka` schema reference

Property	Description
spec	The specification of the Kafka and Zookeeper clusters, and Topic Operator.
`KafkaSpec`
status	The status of the Kafka and Zookeeper clusters, and Topic Operator.
`KafkaStatus`

C.2. `KafkaSpec` schema reference

Used in: Kafka

Property	Description
kafka	Configuration of the Kafka cluster.
`KafkaClusterSpec`	Configuration of the Kafka cluster.
zookeeper	Configuration of the Zookeeper cluster.
`ZookeeperClusterSpec`	Configuration of the Zookeeper cluster.
topicOperator	The property `topicOperator` has been deprecated. This feature should now be configured at path `spec.entityOerator.topicOperator`. Configuration of the Topic Operator.
`TopicOperatorSpec`
entityOperator	Configuration of the Entity Operator.
`EntityOperatorSpec`	Configuration of the Entity Operator.
clusterCa	Configuration of the cluster certificate authority.
`CertificateAuthority`	Configuration of the cluster certificate authority.
clientsCa	Configuration of the clients certificate authority.
`CertificateAuthority`	Configuration of the clients certificate authority.
kafkaExporter	Configuration of the Kafka Exporter. Kafka Exporter can provide additional metrics, for example lag of consumer group at topic/partition.
`KafkaExporterSpec`
maintenanceTimeWindows	A list of time windows for maintenance tasks (that is, certificates renewal). Each time window is defined by a cron expression.
string array

C.3. `KafkaClusterSpec` schema reference

Used in: KafkaSpec

Property	Description
replicas	The number of pods in the cluster.
integer	The number of pods in the cluster.
image	The docker image for the pods. The default value depends on the configured `Kafka.spec.kafka.version`.
string
storage	Storage configuration (disk). Cannot be updated. The type depends on the value of the `storage.type` property within the given object, which must be one of [ephemeral, persistent-claim, jbod].
`EphemeralStorage`, `PersistentClaimStorage`, `JbodStorage`
listeners	Configures listeners of Kafka brokers.
`KafkaListeners`	Configures listeners of Kafka brokers.
authorization	Authorization configuration for Kafka brokers. The type depends on the value of the `authorization.type` property within the given object, which must be one of [simple].
`KafkaAuthorizationSimple`
config	The kafka broker config. Properties with the following prefixes cannot be set: listeners, advertised., broker., listener., host.name, port, inter.broker.listener.name, sasl., ssl., security., password., principal.builder.class, log.dir, zookeeper.connect, zookeeper.set.acl, authorizer., super.user.
map
rack	Configuration of the `broker.rack` broker config.
`Rack`	Configuration of the `broker.rack` broker config.
brokerRackInitImage	The image of the init container used for initializing the `broker.rack`.
string
affinity	The property `affinity` has been deprecated. This feature should now be configured at path `spec.kafka.template.pod.affinity`. The pod’s affinity rules. See external documentation of core/v1 affinity.
Affinity
tolerations	The property `tolerations` has been deprecated. This feature should now be configured at path `spec.kafka.template.pod.tolerations`. The pod’s tolerations. See external documentation of core/v1 toleration.
Toleration array
livenessProbe	Pod liveness checking.
`Probe`	Pod liveness checking.
readinessProbe	Pod readiness checking.
`Probe`	Pod readiness checking.
jvmOptions	JVM Options for pods.
`JvmOptions`	JVM Options for pods.
resources	CPU and memory resources to reserve (limits and requests).
`ResourceRequirements`	CPU and memory resources to reserve (limits and requests).
metrics	The Prometheus JMX Exporter configuration. See https://github.com/prometheus/jmx_exporter for details of the structure of this configuration.
map
logging	Logging configuration for Kafka. The type depends on the value of the `logging.type` property within the given object, which must be one of [inline, external].
`InlineLogging`, `ExternalLogging`
tlsSidecar	TLS sidecar configuration.
`TlsSidecar`	TLS sidecar configuration.
template	Template for Kafka cluster resources. The template allows users to specify how are the `StatefulSet`, `Pods` and `Services` generated.
`KafkaClusterTemplate`
version	The kafka broker version. Defaults to 2.3.0. Consult the user documentation to understand the process required to upgrade or downgrade the version.
string

C.4. `EphemeralStorage` schema reference

Used in: JbodStorage, KafkaClusterSpec, ZookeeperClusterSpec

The type property is a discriminator that distinguishes the use of the type EphemeralStorage from PersistentClaimStorage. It must have the value ephemeral for the type EphemeralStorage.

Property	Description
id	Storage identification number. It is mandatory only for storage volumes defined in a storage of type 'jbod'.
integer
sizeLimit	When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi).
string
type	Must be `ephemeral`.
string	Must be `ephemeral`.

C.5. `PersistentClaimStorage` schema reference

Used in: JbodStorage, KafkaClusterSpec, ZookeeperClusterSpec

The type property is a discriminator that distinguishes the use of the type PersistentClaimStorage from EphemeralStorage. It must have the value persistent-claim for the type PersistentClaimStorage.

Property	Description
type	Must be `persistent-claim`.
string	Must be `persistent-claim`.
size	When type=persistent-claim, defines the size of the persistent volume claim (i.e 1Gi). Mandatory when type=persistent-claim.
string
selector	Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume.
map
deleteClaim	Specifies if the persistent volume claim has to be deleted when the cluster is un-deployed.
boolean
class	The storage class to use for dynamic volume allocation.
string	The storage class to use for dynamic volume allocation.
id	Storage identification number. It is mandatory only for storage volumes defined in a storage of type 'jbod'.
integer
overrides	Overrides for individual brokers. The `overrides` field allows to specify a different configuration for different brokers.
`PersistentClaimStorageOverride` array

C.6. `PersistentClaimStorageOverride` schema reference

Used in: PersistentClaimStorage

Property	Description
class	The storage class to use for dynamic volume allocation for this broker.
string
broker	Id of the kafka broker (broker identifier).
integer	Id of the kafka broker (broker identifier).

C.7. `JbodStorage` schema reference

Used in: KafkaClusterSpec

The type property is a discriminator that distinguishes the use of the type JbodStorage from EphemeralStorage, PersistentClaimStorage. It must have the value jbod for the type JbodStorage.

Property	Description
type	Must be `jbod`.
string	Must be `jbod`.
volumes	List of volumes as Storage objects representing the JBOD disks array.
`EphemeralStorage`, `PersistentClaimStorage` array

C.8. `KafkaListeners` schema reference

Used in: KafkaClusterSpec

Property	Description
plain	Configures plain listener on port 9092.
`KafkaListenerPlain`	Configures plain listener on port 9092.
tls	Configures TLS listener on port 9093.
`KafkaListenerTls`	Configures TLS listener on port 9093.
external	Configures external listener on port 9094. The type depends on the value of the `external.type` property within the given object, which must be one of [route, loadbalancer, nodeport, ingress].
`KafkaListenerExternalRoute`, `KafkaListenerExternalLoadBalancer`, `KafkaListenerExternalNodePort`, `KafkaListenerExternalIngress`

C.9. `KafkaListenerPlain` schema reference

Used in: KafkaListeners

Property	Description
authentication	Authentication configuration for this listener. Since this listener does not use TLS transport you cannot configure an authentication with `type: tls`. The type depends on the value of the `authentication.type` property within the given object, which must be one of [tls, scram-sha-512, oauth].
`KafkaListenerAuthenticationTls`, `KafkaListenerAuthenticationScramSha512`, `KafkaListenerAuthenticationOAuth`
networkPolicyPeers	List of peers which should be able to connect to this listener. Peers in this list are combined using a logical OR operation. If this field is empty or missing, all connections will be allowed for this listener. If this field is present and contains at least one item, the listener only allows the traffic which matches at least one item in this list. See external documentation of networking.k8s.io/v1 networkpolicypeer.
NetworkPolicyPeer array

C.10. `KafkaListenerAuthenticationTls` schema reference

Used in: KafkaListenerExternalIngress, KafkaListenerExternalLoadBalancer, KafkaListenerExternalNodePort, KafkaListenerExternalRoute, KafkaListenerPlain, KafkaListenerTls

The type property is a discriminator that distinguishes the use of the type KafkaListenerAuthenticationTls from KafkaListenerAuthenticationScramSha512, KafkaListenerAuthenticationOAuth. It must have the value tls for the type KafkaListenerAuthenticationTls.

Property	Description
type	Must be `tls`.
string	Must be `tls`.

C.11. `KafkaListenerAuthenticationScramSha512` schema reference

Used in: KafkaListenerExternalIngress, KafkaListenerExternalLoadBalancer, KafkaListenerExternalNodePort, KafkaListenerExternalRoute, KafkaListenerPlain, KafkaListenerTls

The type property is a discriminator that distinguishes the use of the type KafkaListenerAuthenticationScramSha512 from KafkaListenerAuthenticationTls, KafkaListenerAuthenticationOAuth. It must have the value scram-sha-512 for the type KafkaListenerAuthenticationScramSha512.

Property	Description
type	Must be `scram-sha-512`.
string	Must be `scram-sha-512`.

C.12. `KafkaListenerAuthenticationOAuth` schema reference

Used in: KafkaListenerExternalIngress, KafkaListenerExternalLoadBalancer, KafkaListenerExternalNodePort, KafkaListenerExternalRoute, KafkaListenerPlain, KafkaListenerTls

The type property is a discriminator that distinguishes the use of the type KafkaListenerAuthenticationOAuth from KafkaListenerAuthenticationTls, KafkaListenerAuthenticationScramSha512. It must have the value oauth for the type KafkaListenerAuthenticationOAuth.

Property	Description
clientId	OAuth Client ID which the Kafka broker can use to authenticate against the authorization server and use the introspect endpoint URI.
string
clientSecret	Link to OpenShift Secret containing the OAuth client secret which the Kafka broker can use to authenticate against the authorization server and use the introspect endpoint URI.
`GenericSecretSource`
disableTlsHostnameVerification	Enable or disable TLS hostname verification. Default value is `false`.
boolean
introspectionEndpointUri	URI of the token introspection endpoint which can be used to validate opaque non-JWT tokens.
string
jwksEndpointUri	URI of the JWKS certificate endpoint, which can be used for local JWT validation.
string
jwksExpirySeconds	Configures how often are the JWKS certificates considered valid. The expiry interval has to be at least 60 seconds longer then the refresh interval specified in `jwksRefreshSeconds`. Defaults to 360 seconds.
integer
jwksRefreshSeconds	Configures how often are the JWKS certificates refreshed. The refresh interval has to be at least 60 seconds shorter then the expiry interval specified in `jwksExpirySeconds`. Defaults to 300 seconds.
integer
tlsTrustedCertificates	Trusted certificates for TLS connection to the OAuth server.
`CertSecretSource` array
type	Must be `oauth`.
string	Must be `oauth`.
userNameClaim	Name of the claim from the authentication token which will be used as the user principal. Defaults to `sub`.
string
validIssuerUri	URI of the token issuer used for authentication.
string	URI of the token issuer used for authentication.

C.13. `GenericSecretSource` schema reference

Used in: KafkaClientAuthenticationOAuth, KafkaListenerAuthenticationOAuth

Property	Description
key	The key under which the secret value is stored in the OpenShift Secret.
string
secretName	The name of the OpenShift Secret containing the secret value.
string

C.14. `CertSecretSource` schema reference

Used in: KafkaBridgeTls, KafkaClientAuthenticationOAuth, KafkaConnectTls, KafkaListenerAuthenticationOAuth, KafkaMirrorMakerTls

Property	Description
certificate	The name of the file certificate in the Secret.
string	The name of the file certificate in the Secret.
secretName	The name of the Secret containing the certificate.
string	The name of the Secret containing the certificate.

C.15. `KafkaListenerTls` schema reference

Used in: KafkaListeners

Property	Description
authentication	Authentication configuration for this listener. The type depends on the value of the `authentication.type` property within the given object, which must be one of [tls, scram-sha-512, oauth].
`KafkaListenerAuthenticationTls`, `KafkaListenerAuthenticationScramSha512`, `KafkaListenerAuthenticationOAuth`
networkPolicyPeers	List of peers which should be able to connect to this listener. Peers in this list are combined using a logical OR operation. If this field is empty or missing, all connections will be allowed for this listener. If this field is present and contains at least one item, the listener only allows the traffic which matches at least one item in this list. See external documentation of networking.k8s.io/v1 networkpolicypeer.
NetworkPolicyPeer array

C.16. `KafkaListenerExternalRoute` schema reference

Used in: KafkaListeners

The type property is a discriminator that distinguishes the use of the type KafkaListenerExternalRoute from KafkaListenerExternalLoadBalancer, KafkaListenerExternalNodePort, KafkaListenerExternalIngress. It must have the value route for the type KafkaListenerExternalRoute.

Property	Description
type	Must be `route`.
string	Must be `route`.
authentication	Authentication configuration for Kafka brokers. The type depends on the value of the `authentication.type` property within the given object, which must be one of [tls, scram-sha-512, oauth].
`KafkaListenerAuthenticationTls`, `KafkaListenerAuthenticationScramSha512`, `KafkaListenerAuthenticationOAuth`
overrides	Overrides for external bootstrap and broker services and externally advertised addresses.
`RouteListenerOverride`
networkPolicyPeers	List of peers which should be able to connect to this listener. Peers in this list are combined using a logical OR operation. If this field is empty or missing, all connections will be allowed for this listener. If this field is present and contains at least one item, the listener only allows the traffic which matches at least one item in this list. See external documentation of networking.k8s.io/v1 networkpolicypeer.
NetworkPolicyPeer array

C.17. `RouteListenerOverride` schema reference

Used in: KafkaListenerExternalRoute

Property	Description
bootstrap	External bootstrap service configuration.
`RouteListenerBootstrapOverride`	External bootstrap service configuration.
brokers	External broker services configuration.
`RouteListenerBrokerOverride` array	External broker services configuration.

C.18. `RouteListenerBootstrapOverride` schema reference

Used in: RouteListenerOverride

Property	Description
address	Additional address name for the bootstrap service. The address will be added to the list of subject alternative names of the TLS certificates.
string
host	Host for the bootstrap route. This field will be used in the `spec.host` field of the OpenShift Route.
string

C.19. `RouteListenerBrokerOverride` schema reference

Used in: RouteListenerOverride

Property	Description
broker	Id of the kafka broker (broker identifier).
integer	Id of the kafka broker (broker identifier).
advertisedHost	The host name which will be used in the brokers' `advertised.brokers`.
string
advertisedPort	The port number which will be used in the brokers' `advertised.brokers`.
integer
host	Host for the broker route. This field will be used in the `spec.host` field of the OpenShift Route.
string

C.20. `KafkaListenerExternalLoadBalancer` schema reference

Used in: KafkaListeners

The type property is a discriminator that distinguishes the use of the type KafkaListenerExternalLoadBalancer from KafkaListenerExternalRoute, KafkaListenerExternalNodePort, KafkaListenerExternalIngress. It must have the value loadbalancer for the type KafkaListenerExternalLoadBalancer.

Property	Description
type	Must be `loadbalancer`.
string	Must be `loadbalancer`.
authentication	Authentication configuration for Kafka brokers. The type depends on the value of the `authentication.type` property within the given object, which must be one of [tls, scram-sha-512, oauth].
`KafkaListenerAuthenticationTls`, `KafkaListenerAuthenticationScramSha512`, `KafkaListenerAuthenticationOAuth`
overrides	Overrides for external bootstrap and broker services and externally advertised addresses.
`LoadBalancerListenerOverride`
networkPolicyPeers	List of peers which should be able to connect to this listener. Peers in this list are combined using a logical OR operation. If this field is empty or missing, all connections will be allowed for this listener. If this field is present and contains at least one item, the listener only allows the traffic which matches at least one item in this list. See external documentation of networking.k8s.io/v1 networkpolicypeer.
NetworkPolicyPeer array
tls	Enables TLS encryption on the listener. By default set to `true` for enabled TLS encryption.
boolean

C.21. `LoadBalancerListenerOverride` schema reference

Used in: KafkaListenerExternalLoadBalancer

Property	Description
bootstrap	External bootstrap service configuration.
`LoadBalancerListenerBootstrapOverride`	External bootstrap service configuration.
brokers	External broker services configuration.
`LoadBalancerListenerBrokerOverride` array	External broker services configuration.

C.22. `LoadBalancerListenerBootstrapOverride` schema reference

Used in: LoadBalancerListenerOverride

Property	Description
address	Additional address name for the bootstrap service. The address will be added to the list of subject alternative names of the TLS certificates.
string
dnsAnnotations	Annotations that will be added to the `Service` resource. You can use this field to configure DNS providers such as External DNS.
map
loadBalancerIP	The loadbalancer is requested with the IP address specified in this field. This feature depends on whether the underlying cloud provider supports specifying the `loadBalancerIP` when a load balancer is created. This field is ignored if the cloud provider does not support the feature.
string

C.23. `LoadBalancerListenerBrokerOverride` schema reference

Used in: LoadBalancerListenerOverride

Property	Description
broker	Id of the kafka broker (broker identifier).
integer	Id of the kafka broker (broker identifier).
advertisedHost	The host name which will be used in the brokers' `advertised.brokers`.
string
advertisedPort	The port number which will be used in the brokers' `advertised.brokers`.
integer
dnsAnnotations	Annotations that will be added to the `Service` resources for individual brokers. You can use this field to configure DNS providers such as External DNS.
map
loadBalancerIP	The loadbalancer is requested with the IP address specified in this field. This feature depends on whether the underlying cloud provider supports specifying the `loadBalancerIP` when a load balancer is created. This field is ignored if the cloud provider does not support the feature.
string

C.24. `KafkaListenerExternalNodePort` schema reference

Used in: KafkaListeners

The type property is a discriminator that distinguishes the use of the type KafkaListenerExternalNodePort from KafkaListenerExternalRoute, KafkaListenerExternalLoadBalancer, KafkaListenerExternalIngress. It must have the value nodeport for the type KafkaListenerExternalNodePort.

Property	Description
type	Must be `nodeport`.
string	Must be `nodeport`.
authentication	Authentication configuration for Kafka brokers. The type depends on the value of the `authentication.type` property within the given object, which must be one of [tls, scram-sha-512, oauth].
`KafkaListenerAuthenticationTls`, `KafkaListenerAuthenticationScramSha512`, `KafkaListenerAuthenticationOAuth`
overrides	Overrides for external bootstrap and broker services and externally advertised addresses.
`NodePortListenerOverride`
networkPolicyPeers	List of peers which should be able to connect to this listener. Peers in this list are combined using a logical OR operation. If this field is empty or missing, all connections will be allowed for this listener. If this field is present and contains at least one item, the listener only allows the traffic which matches at least one item in this list. See external documentation of networking.k8s.io/v1 networkpolicypeer.
NetworkPolicyPeer array
tls	Enables TLS encryption on the listener. By default set to `true` for enabled TLS encryption.
boolean

C.25. `NodePortListenerOverride` schema reference

Used in: KafkaListenerExternalNodePort

Property	Description
bootstrap	External bootstrap service configuration.
`NodePortListenerBootstrapOverride`	External bootstrap service configuration.
brokers	External broker services configuration.
`NodePortListenerBrokerOverride` array	External broker services configuration.

C.26. `NodePortListenerBootstrapOverride` schema reference

Used in: NodePortListenerOverride

Property	Description
address	Additional address name for the bootstrap service. The address will be added to the list of subject alternative names of the TLS certificates.
string
dnsAnnotations	Annotations that will be added to the `Service` resource. You can use this field to configure DNS providers such as External DNS.
map
nodePort	Node port for the bootstrap service.
integer	Node port for the bootstrap service.

C.27. `NodePortListenerBrokerOverride` schema reference

Used in: NodePortListenerOverride

Property	Description
broker	Id of the kafka broker (broker identifier).
integer	Id of the kafka broker (broker identifier).
advertisedHost	The host name which will be used in the brokers' `advertised.brokers`.
string
advertisedPort	The port number which will be used in the brokers' `advertised.brokers`.
integer
nodePort	Node port for the broker service.
integer	Node port for the broker service.
dnsAnnotations	Annotations that will be added to the `Service` resources for individual brokers. You can use this field to configure DNS providers such as External DNS.
map

C.28. `KafkaListenerExternalIngress` schema reference

Used in: KafkaListeners

The type property is a discriminator that distinguishes the use of the type KafkaListenerExternalIngress from KafkaListenerExternalRoute, KafkaListenerExternalLoadBalancer, KafkaListenerExternalNodePort. It must have the value ingress for the type KafkaListenerExternalIngress.

Property	Description
type	Must be `ingress`.
string	Must be `ingress`.
authentication	Authentication configuration for Kafka brokers. The type depends on the value of the `authentication.type` property within the given object, which must be one of [tls, scram-sha-512, oauth].
`KafkaListenerAuthenticationTls`, `KafkaListenerAuthenticationScramSha512`, `KafkaListenerAuthenticationOAuth`
class	Configures the `Ingress` class that defines which `Ingress` controller will be used. If not set, the `Ingress` class is set to `nginx`.
string
configuration	Overrides for external bootstrap and broker services and externally advertised addresses.
`IngressListenerConfiguration`
networkPolicyPeers	List of peers which should be able to connect to this listener. Peers in this list are combined using a logical OR operation. If this field is empty or missing, all connections will be allowed for this listener. If this field is present and contains at least one item, the listener only allows the traffic which matches at least one item in this list. See external documentation of networking.k8s.io/v1 networkpolicypeer.
NetworkPolicyPeer array

C.29. `IngressListenerConfiguration` schema reference

Used in: KafkaListenerExternalIngress

Property	Description
bootstrap	External bootstrap ingress configuration.
`IngressListenerBootstrapConfiguration`	External bootstrap ingress configuration.
brokers	External broker ingress configuration.
`IngressListenerBrokerConfiguration` array	External broker ingress configuration.

C.30. `IngressListenerBootstrapConfiguration` schema reference

Used in: IngressListenerConfiguration

Property	Description
address	Additional address name for the bootstrap service. The address will be added to the list of subject alternative names of the TLS certificates.
string
dnsAnnotations	Annotations that will be added to the `Ingress` resource. You can use this field to configure DNS providers such as External DNS.
map
host	Host for the bootstrap route. This field will be used in the Ingress resource.
string

C.31. `IngressListenerBrokerConfiguration` schema reference

Used in: IngressListenerConfiguration

Property	Description
broker	Id of the kafka broker (broker identifier).
integer	Id of the kafka broker (broker identifier).
advertisedHost	The host name which will be used in the brokers' `advertised.brokers`.
string
advertisedPort	The port number which will be used in the brokers' `advertised.brokers`.
integer
host	Host for the broker ingress. This field will be used in the Ingress resource.
string
dnsAnnotations	Annotations that will be added to the `Ingress` resources for individual brokers. You can use this field to configure DNS providers such as External DNS.
map

C.32. `KafkaAuthorizationSimple` schema reference

Used in: KafkaClusterSpec

The type property is a discriminator that distinguishes the use of the type KafkaAuthorizationSimple from other subtypes which may be added in the future. It must have the value simple for the type KafkaAuthorizationSimple.

Property	Description
type	Must be `simple`.
string	Must be `simple`.
superUsers	List of super users. Should contain list of user principals which should get unlimited access rights.
string array

C.33. `Rack` schema reference

Used in: KafkaClusterSpec

Property	Description
topologyKey	A key that matches labels assigned to the OpenShift cluster nodes. The value of the label is used to set the broker’s `broker.rack` config.
string

C.34. `Probe` schema reference

Used in: EntityTopicOperatorSpec, EntityUserOperatorSpec, KafkaBridgeSpec, KafkaClusterSpec, KafkaConnectS2ISpec, KafkaConnectSpec, KafkaExporterSpec, KafkaMirrorMakerSpec, TlsSidecar, TopicOperatorSpec, ZookeeperClusterSpec

Property	Description
failureThreshold	Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
integer
initialDelaySeconds	The initial delay before first the health is first checked.
integer	The initial delay before first the health is first checked.
periodSeconds	How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
integer
successThreshold	Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
integer
timeoutSeconds	The timeout for each attempted health check.
integer	The timeout for each attempted health check.

C.35. `JvmOptions` schema reference

Used in: KafkaBridgeSpec, KafkaClusterSpec, KafkaConnectS2ISpec, KafkaConnectSpec, KafkaMirrorMakerSpec, ZookeeperClusterSpec

Property	Description
-XX	A map of -XX options to the JVM.
map	A map of -XX options to the JVM.
-Xms	-Xms option to to the JVM.
string	-Xms option to to the JVM.
-Xmx	-Xmx option to to the JVM.
string	-Xmx option to to the JVM.
gcLoggingEnabled	Specifies whether the Garbage Collection logging is enabled. The default is true.
boolean

C.36. `ResourceRequirements` schema reference

Used in: EntityTopicOperatorSpec, EntityUserOperatorSpec, KafkaBridgeSpec, KafkaClusterSpec, KafkaConnectS2ISpec, KafkaConnectSpec, KafkaExporterSpec, KafkaMirrorMakerSpec, TlsSidecar, TopicOperatorSpec, ZookeeperClusterSpec

Property	Description
limits
map
requests
map

C.37. `InlineLogging` schema reference

Used in: EntityTopicOperatorSpec, EntityUserOperatorSpec, KafkaBridgeSpec, KafkaClusterSpec, KafkaConnectS2ISpec, KafkaConnectSpec, KafkaMirrorMakerSpec, TopicOperatorSpec, ZookeeperClusterSpec

The type property is a discriminator that distinguishes the use of the type InlineLogging from ExternalLogging. It must have the value inline for the type InlineLogging.

Property	Description
type	Must be `inline`.
string	Must be `inline`.
loggers	A Map from logger name to logger level.
map	A Map from logger name to logger level.

C.38. `ExternalLogging` schema reference

Used in: EntityTopicOperatorSpec, EntityUserOperatorSpec, KafkaBridgeSpec, KafkaClusterSpec, KafkaConnectS2ISpec, KafkaConnectSpec, KafkaMirrorMakerSpec, TopicOperatorSpec, ZookeeperClusterSpec

The type property is a discriminator that distinguishes the use of the type ExternalLogging from InlineLogging. It must have the value external for the type ExternalLogging.

Property	Description
type	Must be `external`.
string	Must be `external`.
name	The name of the `ConfigMap` from which to get the logging configuration.
string

C.39. `TlsSidecar` schema reference

Used in: EntityOperatorSpec, KafkaClusterSpec, TopicOperatorSpec, ZookeeperClusterSpec

Property	Description
image	The docker image for the container.
string	The docker image for the container.
livenessProbe	Pod liveness checking.
`Probe`	Pod liveness checking.
logLevel	The log level for the TLS sidecar. Default value is `notice`.
string (one of [emerg, debug, crit, err, alert, warning, notice, info])
readinessProbe	Pod readiness checking.
`Probe`	Pod readiness checking.
resources	CPU and memory resources to reserve (limits and requests).
`ResourceRequirements`	CPU and memory resources to reserve (limits and requests).

C.40. `KafkaClusterTemplate` schema reference

Used in: KafkaClusterSpec

Property	Description
statefulset	Template for Kafka `StatefulSet`.
`ResourceTemplate`	Template for Kafka `StatefulSet`.
pod	Template for Kafka `Pods`.
`PodTemplate`	Template for Kafka `Pods`.
bootstrapService	Template for Kafka bootstrap `Service`.
`ResourceTemplate`	Template for Kafka bootstrap `Service`.
brokersService	Template for Kafka broker `Service`.
`ResourceTemplate`	Template for Kafka broker `Service`.
externalBootstrapService	Template for Kafka external bootstrap `Service`.
`ResourceTemplate`	Template for Kafka external bootstrap `Service`.
perPodService	Template for Kafka per-pod `Services` used for access from outside of OpenShift.
`ResourceTemplate`
externalBootstrapRoute	Template for Kafka external bootstrap `Route`.
`ResourceTemplate`	Template for Kafka external bootstrap `Route`.
perPodRoute	Template for Kafka per-pod `Routes` used for access from outside of OpenShift.
`ResourceTemplate`
externalBootstrapIngress	Template for Kafka external bootstrap `Ingress`.
`ResourceTemplate`	Template for Kafka external bootstrap `Ingress`.
perPodIngress	Template for Kafka per-pod `Ingress` used for access from outside of OpenShift.
`ResourceTemplate`
persistentVolumeClaim	Template for all Kafka `PersistentVolumeClaims`.
`ResourceTemplate`	Template for all Kafka `PersistentVolumeClaims`.
podDisruptionBudget	Template for Kafka `PodDisruptionBudget`.
`PodDisruptionBudgetTemplate`	Template for Kafka `PodDisruptionBudget`.
kafkaContainer	Template for the Kafka broker container.
`ContainerTemplate`	Template for the Kafka broker container.
tlsSidecarContainer	Template for the Kafka broker TLS sidecar container.
`ContainerTemplate`	Template for the Kafka broker TLS sidecar container.
initContainer	Template for the Kafka init container.
`ContainerTemplate`	Template for the Kafka init container.

C.41. `ResourceTemplate` schema reference

Used in: EntityOperatorTemplate, KafkaBridgeTemplate, KafkaClusterTemplate, KafkaConnectTemplate, KafkaExporterTemplate, KafkaMirrorMakerTemplate, ZookeeperClusterTemplate

Property	Description
metadata	Metadata which should be applied to the resource.
`MetadataTemplate`	Metadata which should be applied to the resource.

C.42. `MetadataTemplate` schema reference

Used in: PodDisruptionBudgetTemplate, PodTemplate, ResourceTemplate

Property	Description
labels	Labels which should be added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`.
map
annotations	Annotations which should be added to the resource template. Can be applied to different resources such as `StatefulSets`, `Deployments`, `Pods`, and `Services`.
map

C.43. `PodTemplate` schema reference

Used in: EntityOperatorTemplate, KafkaBridgeTemplate, KafkaClusterTemplate, KafkaConnectTemplate, KafkaExporterTemplate, KafkaMirrorMakerTemplate, ZookeeperClusterTemplate

Property	Description
metadata	Metadata applied to the resource.
`MetadataTemplate`	Metadata applied to the resource.
imagePullSecrets	List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. See external documentation of core/v1 localobjectreference.
LocalObjectReference array
securityContext	Configures pod-level security attributes and common container settings. See external documentation of core/v1 podsecuritycontext.
PodSecurityContext
terminationGracePeriodSeconds	The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process.Value must be non-negative integer. The value zero indicates delete immediately. Defaults to 30 seconds.
integer
affinity	The pod’s affinity rules. See external documentation of core/v1 affinity.
Affinity
priorityClassName	The name of the Priority Class to which these pods will be assigned.
string
tolerations	The pod’s tolerations. See external documentation of core/v1 toleration.
Toleration array

C.44. `PodDisruptionBudgetTemplate` schema reference

Used in: KafkaBridgeTemplate, KafkaClusterTemplate, KafkaConnectTemplate, KafkaMirrorMakerTemplate, ZookeeperClusterTemplate

Property	Description
metadata	Metadata to apply to the `PodDistruptionBugetTemplate` resource.
`MetadataTemplate`
maxUnavailable	Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1.
integer

C.45. `ContainerTemplate` schema reference

Used in: EntityOperatorTemplate, KafkaBridgeTemplate, KafkaClusterTemplate, KafkaConnectTemplate, KafkaExporterTemplate, KafkaMirrorMakerTemplate, ZookeeperClusterTemplate

Property	Description
env	Environment variables which should be applied to the container.
`ContainerEnvVar` array

C.46. `ContainerEnvVar` schema reference

Used in: ContainerTemplate

Property	Description
name	The environment variable key.
string	The environment variable key.
value	The environment variable value.
string	The environment variable value.

C.47. `ZookeeperClusterSpec` schema reference

Used in: KafkaSpec

Property	Description
replicas	The number of pods in the cluster.
integer	The number of pods in the cluster.
image	The docker image for the pods.
string	The docker image for the pods.
storage	Storage configuration (disk). Cannot be updated. The type depends on the value of the `storage.type` property within the given object, which must be one of [ephemeral, persistent-claim].
`EphemeralStorage`, `PersistentClaimStorage`
config	The zookeeper broker config. Properties with the following prefixes cannot be set: server., dataDir, dataLogDir, clientPort, authProvider, quorum.auth, requireClientAuthScheme.
map
affinity	The property `affinity` has been deprecated. This feature should now be configured at path `spec.zookeeper.template.pod.affinity`. The pod’s affinity rules. See external documentation of core/v1 affinity.
Affinity
tolerations	The property `tolerations` has been deprecated. This feature should now be configured at path `spec.zookeeper.template.pod.tolerations`. The pod’s tolerations. See external documentation of core/v1 toleration.
Toleration array
livenessProbe	Pod liveness checking.
`Probe`	Pod liveness checking.
readinessProbe	Pod readiness checking.
`Probe`	Pod readiness checking.
jvmOptions	JVM Options for pods.
`JvmOptions`	JVM Options for pods.
resources	CPU and memory resources to reserve (limits and requests).
`ResourceRequirements`	CPU and memory resources to reserve (limits and requests).
metrics	The Prometheus JMX Exporter configuration. See https://github.com/prometheus/jmx_exporter for details of the structure of this configuration.
map
logging	Logging configuration for Zookeeper. The type depends on the value of the `logging.type` property within the given object, which must be one of [inline, external].
`InlineLogging`, `ExternalLogging`
tlsSidecar	TLS sidecar configuration.
`TlsSidecar`	TLS sidecar configuration.
template	Template for Zookeeper cluster resources. The template allows users to specify how are the `StatefulSet`, `Pods` and `Services` generated.
`ZookeeperClusterTemplate`

C.48. `ZookeeperClusterTemplate` schema reference

Used in: ZookeeperClusterSpec

Property	Description
statefulset	Template for Zookeeper `StatefulSet`.
`ResourceTemplate`	Template for Zookeeper `StatefulSet`.
pod	Template for Zookeeper `Pods`.
`PodTemplate`	Template for Zookeeper `Pods`.
clientService	Template for Zookeeper client `Service`.
`ResourceTemplate`	Template for Zookeeper client `Service`.
nodesService	Template for Zookeeper nodes `Service`.
`ResourceTemplate`	Template for Zookeeper nodes `Service`.
persistentVolumeClaim	Template for all Zookeeper `PersistentVolumeClaims`.
`ResourceTemplate`	Template for all Zookeeper `PersistentVolumeClaims`.
podDisruptionBudget	Template for Zookeeper `PodDisruptionBudget`.
`PodDisruptionBudgetTemplate`	Template for Zookeeper `PodDisruptionBudget`.
zookeeperContainer	Template for the Zookeeper container.
`ContainerTemplate`	Template for the Zookeeper container.
tlsSidecarContainer	Template for the Kafka broker TLS sidecar container.
`ContainerTemplate`	Template for the Kafka broker TLS sidecar container.

C.49. `TopicOperatorSpec` schema reference

Used in: KafkaSpec

Property	Description
watchedNamespace	The namespace the Topic Operator should watch.
string	The namespace the Topic Operator should watch.
image	The image to use for the Topic Operator.
string	The image to use for the Topic Operator.
reconciliationIntervalSeconds	Interval between periodic reconciliations.
integer	Interval between periodic reconciliations.
zookeeperSessionTimeoutSeconds	Timeout for the Zookeeper session.
integer	Timeout for the Zookeeper session.
affinity	Pod affinity rules. See external documentation of core/v1 affinity.
Affinity
resources	CPU and memory resources to reserve (limits and requests).
`ResourceRequirements`	CPU and memory resources to reserve (limits and requests).
topicMetadataMaxAttempts	The number of attempts at getting topic metadata.
integer	The number of attempts at getting topic metadata.
tlsSidecar	TLS sidecar configuration.
`TlsSidecar`	TLS sidecar configuration.
logging	Logging configuration. The type depends on the value of the `logging.type` property within the given object, which must be one of [inline, external].
`InlineLogging`, `ExternalLogging`
jvmOptions	JVM Options for pods.
`EntityOperatorJvmOptions`	JVM Options for pods.
livenessProbe	Pod liveness checking.
`Probe`	Pod liveness checking.
readinessProbe	Pod readiness checking.
`Probe`	Pod readiness checking.

C.50. `EntityOperatorJvmOptions` schema reference

Used in: EntityTopicOperatorSpec, EntityUserOperatorSpec, TopicOperatorSpec

Property	Description
gcLoggingEnabled	Specifies whether the Garbage Collection logging is enabled. The default is true.
boolean

C.51. `EntityOperatorSpec` schema reference

Used in: KafkaSpec

Property	Description
topicOperator	Configuration of the Topic Operator.
`EntityTopicOperatorSpec`	Configuration of the Topic Operator.
userOperator	Configuration of the User Operator.
`EntityUserOperatorSpec`	Configuration of the User Operator.
affinity	The property `affinity` has been deprecated. This feature should now be configured at path `spec.template.pod.affinity`. The pod’s affinity rules. See external documentation of core/v1 affinity.
Affinity
tolerations	The property `tolerations` has been deprecated. This feature should now be configured at path `spec.template.pod.tolerations`. The pod’s tolerations. See external documentation of core/v1 toleration.
Toleration array
tlsSidecar	TLS sidecar configuration.
`TlsSidecar`	TLS sidecar configuration.
template	Template for Entity Operator resources. The template allows users to specify how is the `Deployment` and `Pods` generated.
`EntityOperatorTemplate`

C.52. `EntityTopicOperatorSpec` schema reference

Used in: EntityOperatorSpec

Property	Description
watchedNamespace	The namespace the Topic Operator should watch.
string	The namespace the Topic Operator should watch.
image	The image to use for the Topic Operator.
string	The image to use for the Topic Operator.
reconciliationIntervalSeconds	Interval between periodic reconciliations.
integer	Interval between periodic reconciliations.
zookeeperSessionTimeoutSeconds	Timeout for the Zookeeper session.
integer	Timeout for the Zookeeper session.
livenessProbe	Pod liveness checking.
`Probe`	Pod liveness checking.
readinessProbe	Pod readiness checking.
`Probe`	Pod readiness checking.
resources	CPU and memory resources to reserve (limits and requests).
`ResourceRequirements`	CPU and memory resources to reserve (limits and requests).
topicMetadataMaxAttempts	The number of attempts at getting topic metadata.
integer	The number of attempts at getting topic metadata.
logging	Logging configuration. The type depends on the value of the `logging.type` property within the given object, which must be one of [inline, external].
`InlineLogging`, `ExternalLogging`
jvmOptions	JVM Options for pods.
`EntityOperatorJvmOptions`	JVM Options for pods.

C.53. `EntityUserOperatorSpec` schema reference

Used in: EntityOperatorSpec

Property	Description
watchedNamespace	The namespace the User Operator should watch.
string	The namespace the User Operator should watch.
image	The image to use for the User Operator.
string	The image to use for the User Operator.
reconciliationIntervalSeconds	Interval between periodic reconciliations.
integer	Interval between periodic reconciliations.
zookeeperSessionTimeoutSeconds	Timeout for the Zookeeper session.
integer	Timeout for the Zookeeper session.
livenessProbe	Pod liveness checking.
`Probe`	Pod liveness checking.
readinessProbe	Pod readiness checking.
`Probe`	Pod readiness checking.
resources	CPU and memory resources to reserve (limits and requests).
`ResourceRequirements`	CPU and memory resources to reserve (limits and requests).
logging	Logging configuration. The type depends on the value of the `logging.type` property within the given object, which must be one of [inline, external].
`InlineLogging`, `ExternalLogging`
jvmOptions	JVM Options for pods.
`EntityOperatorJvmOptions`	JVM Options for pods.

C.54. `EntityOperatorTemplate` schema reference

Used in: EntityOperatorSpec

Property	Description
deployment	Template for Entity Operator `Deployment`.
`ResourceTemplate`	Template for Entity Operator `Deployment`.
pod	Template for Entity Operator `Pods`.
`PodTemplate`	Template for Entity Operator `Pods`.
tlsSidecarContainer	Template for the Entity Operator TLS sidecar container.
`ContainerTemplate`	Template for the Entity Operator TLS sidecar container.
topicOperatorContainer	Template for the Entity Topic Operator container.
`ContainerTemplate`	Template for the Entity Topic Operator container.
userOperatorContainer	Template for the Entity User Operator container.
`ContainerTemplate`	Template for the Entity User Operator container.

C.55. `CertificateAuthority` schema reference

Used in: KafkaSpec

Configuration of how TLS certificates are used within the cluster. This applies to certificates used for both internal communication within the cluster and to certificates used for client access via Kafka.spec.kafka.listeners.tls.

Property	Description
generateCertificateAuthority	If true then Certificate Authority certificates will be generated automatically. Otherwise the user will need to provide a Secret with the CA certificate. Default is true.
boolean
validityDays	The number of days generated certificates should be valid for. The default is 365.
integer
renewalDays	The number of days in the certificate renewal period. This is the number of days before the a certificate expires during which renewal actions may be performed. When `generateCertificateAuthority` is true, this will cause the generation of a new certificate. When `generateCertificateAuthority` is true, this will cause extra logging at WARN level about the pending certificate expiry. Default is 30.
integer
certificateExpirationPolicy	How should CA certificate expiration be handled when `generateCertificateAuthority=true`. The default is for a new CA certificate to be generated reusing the existing private key.
string (one of [replace-key, renew-certificate])

C.56. `KafkaExporterSpec` schema reference

Used in: KafkaSpec

Property	Description
image	The docker image for the pods.
string	The docker image for the pods.
groupRegex	Regular expression to specify which consumer groups to collect. Default value is `.*`.
string
topicRegex	Regular expression to specify which topics to collect. Default value is `.*`.
string
resources	CPU and memory resources to reserve (limits and requests).
`ResourceRequirements`	CPU and memory resources to reserve (limits and requests).
logging	Only log messages with the given severity or above. Valid levels: [`debug`, `info`, `warn`, `error`, `fatal`]. Default log level is `info`.
string
enableSaramaLogging	Enable Sarama logging, a Go client library used by the Kafka Exporter.
boolean
template	Customization of deployment templates and pods.
`KafkaExporterTemplate`	Customization of deployment templates and pods.
livenessProbe	Pod liveness check.
`Probe`	Pod liveness check.
readinessProbe	Pod readiness check.
`Probe`	Pod readiness check.

C.57. `KafkaExporterTemplate` schema reference

Used in: KafkaExporterSpec

Property	Description
deployment	Template for Kafka Exporter `Deployment`.
`ResourceTemplate`	Template for Kafka Exporter `Deployment`.
pod	Template for Kafka Exporter `Pods`.
`PodTemplate`	Template for Kafka Exporter `Pods`.
service	Template for Kafka Exporter `Service`.
`ResourceTemplate`	Template for Kafka Exporter `Service`.
container	Template for the Kafka Exporter container.
`ContainerTemplate`	Template for the Kafka Exporter container.

C.58. `KafkaStatus` schema reference

Used in: Kafka

Property	Description
conditions	List of status conditions.
`Condition` array	List of status conditions.
observedGeneration	The generation of the CRD that was last reconciled by the operator.
integer
listeners	Addresses of the internal and external listeners.
`ListenerStatus` array	Addresses of the internal and external listeners.

C.59. `Condition` schema reference

Used in: KafkaBridgeStatus, KafkaConnectS2Istatus, KafkaConnectStatus, KafkaMirrorMakerStatus, KafkaStatus, KafkaTopicStatus, KafkaUserStatus

Property	Description
type	The unique identifier of a condition, used to distinguish between other conditions in the resource.
string
status	The status of the condition, either True, False or Unknown.
string	The status of the condition, either True, False or Unknown.
lastTransitionTime	Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone.
string
reason	The reason for the condition’s last transition (a single word in CamelCase).
string
message	Human-readable message indicating details about the condition’s last transition.
string

C.60. `ListenerStatus` schema reference

Used in: KafkaStatus

Property	Description
type	The type of the listener. Can be one of the following three types: `plain`, `tls`, and `external`.
string
addresses	A list of the addresses for this listener.
`ListenerAddress` array	A list of the addresses for this listener.

C.61. `ListenerAddress` schema reference

Used in: ListenerStatus

Property	Description
host	The DNS name or IP address of Kafka bootstrap service.
string	The DNS name or IP address of Kafka bootstrap service.
port	The port of the Kafka bootstrap service.
integer	The port of the Kafka bootstrap service.

C.62. `KafkaConnect` schema reference

Property	Description
spec	The specification of the Kafka Connect cluster.
`KafkaConnectSpec`	The specification of the Kafka Connect cluster.
status	The status of the Kafka Connect cluster.
`KafkaConnectStatus`	The status of the Kafka Connect cluster.

C.63. `KafkaConnectSpec` schema reference

Used in: KafkaConnect

Property	Description
replicas	The number of pods in the Kafka Connect group.
integer	The number of pods in the Kafka Connect group.
image	The docker image for the pods.
string	The docker image for the pods.
livenessProbe	Pod liveness checking.
`Probe`	Pod liveness checking.
readinessProbe	Pod readiness checking.
`Probe`	Pod readiness checking.
jvmOptions	JVM Options for pods.
`JvmOptions`	JVM Options for pods.
affinity	The property `affinity` has been deprecated. This feature should now be configured at path `spec.template.pod.affinity`. The pod’s affinity rules. See external documentation of core/v1 affinity.
Affinity
tolerations	The property `tolerations` has been deprecated. This feature should now be configured at path `spec.template.pod.tolerations`. The pod’s tolerations. See external documentation of core/v1 toleration.
Toleration array
logging	Logging configuration for Kafka Connect. The type depends on the value of the `logging.type` property within the given object, which must be one of [inline, external].
`InlineLogging`, `ExternalLogging`
metrics	The Prometheus JMX Exporter configuration. See https://github.com/prometheus/jmx_exporter for details of the structure of this configuration.
map
tracing	The configuration of tracing in Kafka Connect. The type depends on the value of the `tracing.type` property within the given object, which must be one of [jaeger].
`JaegerTracing`
template	Template for Kafka Connect and Kafka Connect S2I resources. The template allows users to specify how is the `Deployment`, `Pods` and `Service` generated.
`KafkaConnectTemplate`
authentication	Authentication configuration for Kafka Connect. The type depends on the value of the `authentication.type` property within the given object, which must be one of [tls, scram-sha-512, plain, oauth].
`KafkaClientAuthenticationTls`, `KafkaClientAuthenticationScramSha512`, `KafkaClientAuthenticationPlain`, `KafkaClientAuthenticationOAuth`
bootstrapServers	Bootstrap servers to connect to. This should be given as a comma separated list of <hostname>:‍<port> pairs.
string
config	The Kafka Connect configuration. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes.
map
externalConfiguration	Pass data from Secrets or ConfigMaps to the Kafka Connect pods and use them to configure connectors.
`ExternalConfiguration`
resources	CPU and memory resources to reserve (limits and requests).
`ResourceRequirements`	CPU and memory resources to reserve (limits and requests).
tls	TLS configuration.
`KafkaConnectTls`	TLS configuration.
version	The Kafka Connect version. Defaults to 2.3.0. Consult the user documentation to understand the process required to upgrade or downgrade the version.
string

C.64. `JaegerTracing` schema reference

Used in: KafkaConnectS2ISpec, KafkaConnectSpec, KafkaMirrorMakerSpec

The type property is a discriminator that distinguishes the use of the type JaegerTracing from other subtypes which may be added in the future. It must have the value jaeger for the type JaegerTracing.

Property	Description
type	Must be `jaeger`.
string	Must be `jaeger`.

C.65. `KafkaConnectTemplate` schema reference

Used in: KafkaConnectS2ISpec, KafkaConnectSpec

Property	Description
deployment	Template for Kafka Connect `Deployment`.
`ResourceTemplate`	Template for Kafka Connect `Deployment`.
pod	Template for Kafka Connect `Pods`.
`PodTemplate`	Template for Kafka Connect `Pods`.
apiService	Template for Kafka Connect API `Service`.
`ResourceTemplate`	Template for Kafka Connect API `Service`.
connectContainer	Template for the Kafka Connect container.
`ContainerTemplate`	Template for the Kafka Connect container.
podDisruptionBudget	Template for Kafka Connect `PodDisruptionBudget`.
`PodDisruptionBudgetTemplate`	Template for Kafka Connect `PodDisruptionBudget`.

C.66. `KafkaClientAuthenticationTls` schema reference

Used in: KafkaBridgeSpec, KafkaConnectS2ISpec, KafkaConnectSpec, KafkaMirrorMakerConsumerSpec, KafkaMirrorMakerProducerSpec

To use TLS client authentication, set the type property to the value tls. TLS client authentication uses a TLS certificate to authenticate. The certificate is specified in the certificateAndKey property and is always loaded from an OpenShift secret. In the secret, the certificate must be stored in X509 format under two different keys: public and private.

Note

TLS client authentication can only be used with TLS connections.

An example TLS client authentication configuration

authentication:
  type: tls
  certificateAndKey:
    secretName: my-secret
    certificate: public.crt
    key: private.key

The type property is a discriminator that distinguishes the use of the type KafkaClientAuthenticationTls from KafkaClientAuthenticationScramSha512, KafkaClientAuthenticationPlain, KafkaClientAuthenticationOAuth. It must have the value tls for the type KafkaClientAuthenticationTls.

Property	Description
certificateAndKey	Reference to the `Secret` which holds the certificate and private key pair.
`CertAndKeySecretSource`
type	Must be `tls`.
string	Must be `tls`.

C.67. `CertAndKeySecretSource` schema reference

Used in: KafkaClientAuthenticationTls

Property	Description
certificate	The name of the file certificate in the Secret.
string	The name of the file certificate in the Secret.
key	The name of the private key in the Secret.
string	The name of the private key in the Secret.
secretName	The name of the Secret containing the certificate.
string	The name of the Secret containing the certificate.

C.68. `KafkaClientAuthenticationScramSha512` schema reference

Used in: KafkaBridgeSpec, KafkaConnectS2ISpec, KafkaConnectSpec, KafkaMirrorMakerConsumerSpec, KafkaMirrorMakerProducerSpec

To configure SASL-based SCRAM-SHA-512 authentication, set the type property to scram-sha-512. The SCRAM-SHA-512 authentication mechanism requires a username and password.

Specify the username in the username property.
In the passwordSecret property, specify a link to a Secret containing the password. The secretName property contains the name of the Secret and the password property contains the name of the key under which the password is stored inside the Secret.

Important

Do not specify the actual password in the password field.

An example SASL based SCRAM-SHA-512 client authentication configuration

authentication:
  type: scram-sha-512
  username: my-connect
  passwordSecret:
    secretName: my-connect
    password: password

The type property is a discriminator that distinguishes the use of the type KafkaClientAuthenticationScramSha512 from KafkaClientAuthenticationTls, KafkaClientAuthenticationPlain, KafkaClientAuthenticationOAuth. It must have the value scram-sha-512 for the type KafkaClientAuthenticationScramSha512.

Property	Description
passwordSecret	Reference to the `Secret` which holds the password.
`PasswordSecretSource`	Reference to the `Secret` which holds the password.
type	Must be `scram-sha-512`.
string	Must be `scram-sha-512`.
username	Username used for the authentication.
string	Username used for the authentication.

C.69. `PasswordSecretSource` schema reference

Used in: KafkaClientAuthenticationPlain, KafkaClientAuthenticationScramSha512

Property	Description
password	The name of the key in the Secret under which the password is stored.
string
secretName	The name of the Secret containing the password.
string	The name of the Secret containing the password.

C.70. `KafkaClientAuthenticationPlain` schema reference

Used in: KafkaBridgeSpec, KafkaConnectS2ISpec, KafkaConnectSpec, KafkaMirrorMakerConsumerSpec, KafkaMirrorMakerProducerSpec

To configure SASL-based PLAIN authentication, set the type property to plain. SASL PLAIN authentication mechanism requires a username and password.

Warning

The SASL PLAIN mechanism will transfer the username and password across the network in cleartext. Only use SASL PLAIN authentication if TLS encryption is enabled.

Specify the username in the username property.
In the passwordSecret property, specify a link to a Secret containing the password. The secretName property contains the name of such a Secret and the password property contains the name of the key under which the password is stored inside the Secret.

Important

Do not specify the actual password in the password field.

An example SASL based PLAIN client authentication configuration

authentication:
  type: plain
  username: my-connect
  passwordSecret:
    secretName: my-connect
    password: password

The type property is a discriminator that distinguishes the use of the type KafkaClientAuthenticationPlain from KafkaClientAuthenticationTls, KafkaClientAuthenticationScramSha512, KafkaClientAuthenticationOAuth. It must have the value plain for the type KafkaClientAuthenticationPlain.

Property	Description
passwordSecret	Reference to the `Secret` which holds the password.
`PasswordSecretSource`	Reference to the `Secret` which holds the password.
type	Must be `plain`.
string	Must be `plain`.
username	Username used for the authentication.
string	Username used for the authentication.

C.71. `KafkaClientAuthenticationOAuth` schema reference

Used in: KafkaBridgeSpec, KafkaConnectS2ISpec, KafkaConnectSpec, KafkaMirrorMakerConsumerSpec, KafkaMirrorMakerProducerSpec

To use OAuth client authentication, set the type property to the value oauth. OAuth authentication can be configured using:

Client ID and secret
Client ID and refresh token
Access token
TLS

Client ID and secret

You can configure the address of your authorization server in the tokenEndpointUri property together with the client ID and client secret used in authentication. The OAuth client will connect to the OAuth server, authenticate using the client ID and secret and get an access token which it will use to authenticate with the Kafka broker. In the clientSecret property, specify a link to a Secret containing the client secret.

An example of OAuth client authentication using client ID and client secret

authentication:
  type: oauth
  tokenEndpointUri: https://sso.myproject.svc:8443/auth/realms/internal/protocol/openid-connect/token
  clientId: my-client-id
  clientSecret:
    secretName: my-client-oauth-secret
    key: client-secret

Client ID and refresh token

You can configure the address of your OAuth server in the tokenEndpointUri property together with the OAuth client ID and refresh token. The OAuth client will connect to the OAuth server, authenticate using the client ID and refresh token and get an access token which it will use to authenticate with the Kafka broker. In the refreshToken property, specify a link to a Secret containing the refresh token.

An example of OAuth client authentication using client ID and refresh token

authentication:
  type: oauth
  tokenEndpointUri: https://sso.myproject.svc:8443/auth/realms/internal/protocol/openid-connect/token
  clientId: my-client-id
  refreshToken:
    secretName: my-refresh-token-secret
    key: refresh-token

Access token

You can configure the access token used for authentication with the Kafka broker directly. In this case, you do not specify the tokenEndpointUri. In the accessToken property, specify a link to a Secret containing the access token.

An example of OAuth client authentication using only an access token

authentication:
  type: oauth
  accessToken:
    secretName: my-access-token-secret
    key: access-token

TLS

Accessing the OAuth server using the HTTPS protocol does not require any additional configuration as long as the TLS certificates used by it are signed by a trusted certification authority and its hostname is listed in the certificate.

If your OAuth server is using certificates which are self-signed or are signed by a certification authority which is not trusted, you can configure a list of trusted certificates in the custom resoruce. The tlsTrustedCertificates property contains a list of secrets with key names under which the certificates are stored. The certificates must be stored in X509 format.

An example of TLS certificates provided

authentication:
  type: oauth
  tokenEndpointUri: https://sso.myproject.svc:8443/auth/realms/internal/protocol/openid-connect/token
  clientId: my-client-id
  refreshToken:
    secretName: my-refresh-token-secret
    key: refresh-token
  tlsTrustedCertificates:
    - secretName: oauth-server-ca
      certificate: tls.crt

The OAuth client will by default verify that the hostname of your OAuth server matches either the certificate subject or one of the alternative DNS names. If it is not required, you can disable the hostname verification.

An example of disabled TLS hostname verification

authentication:
  type: oauth
  tokenEndpointUri: https://sso.myproject.svc:8443/auth/realms/internal/protocol/openid-connect/token
  clientId: my-client-id
  refreshToken:
    secretName: my-refresh-token-secret
    key: refresh-token
  disableTlsHostnameVerification: true

The type property is a discriminator that distinguishes the use of the type KafkaClientAuthenticationOAuth from KafkaClientAuthenticationTls, KafkaClientAuthenticationScramSha512, KafkaClientAuthenticationPlain. It must have the value oauth for the type KafkaClientAuthenticationOAuth.

Property	Description
accessToken	Link to OpenShift Secret containing the access token which was obtained from the authorization server.
`GenericSecretSource`
clientId	OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI.
string
clientSecret	Link to OpenShift Secret containing the OAuth client secret which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI.
`GenericSecretSource`
disableTlsHostnameVerification	Enable or disable TLS hostname verification. Default value is `false`.
boolean
refreshToken	Link to OpenShift Secret containing the refresh token which can be used to obtain access token from the authorization server.
`GenericSecretSource`
tlsTrustedCertificates	Trusted certificates for TLS connection to the OAuth server.
`CertSecretSource` array
tokenEndpointUri	Authorization server token endpoint URI.
string	Authorization server token endpoint URI.
type	Must be `oauth`.
string	Must be `oauth`.

C.72. `ExternalConfiguration` schema reference

Used in: KafkaConnectS2ISpec, KafkaConnectSpec

Property	Description
env	Allows to pass data from Secret or ConfigMap to the Kafka Connect pods as environment variables.
`ExternalConfigurationEnv` array
volumes	Allows to pass data from Secret or ConfigMap to the Kafka Connect pods as volumes.
`ExternalConfigurationVolumeSource` array

C.73. `ExternalConfigurationEnv` schema reference

Used in: ExternalConfiguration

Property	Description
name	Name of the environment variable which will be passed to the Kafka Connect pods. The name of the environment variable cannot start with `KAFKA_` or `STRIMZI_`.
string
valueFrom	Value of the environment variable which will be passed to the Kafka Connect pods. It can be passed either as a reference to Secret or ConfigMap field. The field has to specify exactly one Secret or ConfigMap.
`ExternalConfigurationEnvVarSource`

C.74. `ExternalConfigurationEnvVarSource` schema reference

Used in: ExternalConfigurationEnv

Property	Description
configMapKeyRef	Refernce to a key in a ConfigMap. See external documentation of core/v1 configmapkeyselector.
ConfigMapKeySelector
secretKeyRef	Reference to a key in a Secret. See external documentation of core/v1 secretkeyselector.
SecretKeySelector

C.75. `ExternalConfigurationVolumeSource` schema reference

Used in: ExternalConfiguration

Property	Description
configMap	Reference to a key in a ConfigMap. Exactly one Secret or ConfigMap has to be specified. See external documentation of core/v1 configmapvolumesource.
ConfigMapVolumeSource
name	Name of the volume which will be added to the Kafka Connect pods.
string
secret	Reference to a key in a Secret. Exactly one Secret or ConfigMap has to be specified. See external documentation of core/v1 secretvolumesource.
SecretVolumeSource

C.76. `KafkaConnectTls` schema reference

Used in: KafkaConnectS2ISpec, KafkaConnectSpec

Property	Description
trustedCertificates	Trusted certificates for TLS connection.
`CertSecretSource` array	Trusted certificates for TLS connection.

C.77. `KafkaConnectStatus` schema reference

Used in: KafkaConnect

Property	Description
conditions	List of status conditions.
`Condition` array	List of status conditions.
observedGeneration	The generation of the CRD that was last reconciled by the operator.
integer
url	The URL of the REST API endpoint for managing and monitoring Kafka Connect connectors.
string

C.78. `KafkaConnectS2I` schema reference

Property	Description
spec	The specification of the Kafka Connect Source-to-Image (S2I) cluster.
`KafkaConnectS2ISpec`
status	The status of the Kafka Connect Source-to-Image (S2I) cluster.
`KafkaConnectS2Istatus`

C.79. `KafkaConnectS2ISpec` schema reference

Used in: KafkaConnectS2I

Property	Description
replicas	The number of pods in the Kafka Connect group.
integer	The number of pods in the Kafka Connect group.
image	The docker image for the pods.
string	The docker image for the pods.
livenessProbe	Pod liveness checking.
`Probe`	Pod liveness checking.
readinessProbe	Pod readiness checking.
`Probe`	Pod readiness checking.
jvmOptions	JVM Options for pods.
`JvmOptions`	JVM Options for pods.
affinity	The property `affinity` has been deprecated. This feature should now be configured at path `spec.template.pod.affinity`. The pod’s affinity rules. See external documentation of core/v1 affinity.
Affinity
logging	Logging configuration for Kafka Connect. The type depends on the value of the `logging.type` property within the given object, which must be one of [inline, external].
`InlineLogging`, `ExternalLogging`
metrics	The Prometheus JMX Exporter configuration. See https://github.com/prometheus/jmx_exporter for details of the structure of this configuration.
map
template	Template for Kafka Connect and Kafka Connect S2I resources. The template allows users to specify how is the `Deployment`, `Pods` and `Service` generated.
`KafkaConnectTemplate`
authentication	Authentication configuration for Kafka Connect. The type depends on the value of the `authentication.type` property within the given object, which must be one of [tls, scram-sha-512, plain, oauth].
`KafkaClientAuthenticationTls`, `KafkaClientAuthenticationScramSha512`, `KafkaClientAuthenticationPlain`, `KafkaClientAuthenticationOAuth`
bootstrapServers	Bootstrap servers to connect to. This should be given as a comma separated list of <hostname>:‍<port> pairs.
string
config	The Kafka Connect configuration. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes.
map
externalConfiguration	Pass data from Secrets or ConfigMaps to the Kafka Connect pods and use them to configure connectors.
`ExternalConfiguration`
insecureSourceRepository	When true this configures the source repository with the 'Local' reference policy and an import policy that accepts insecure source tags.
boolean
resources	CPU and memory resources to reserve (limits and requests).
`ResourceRequirements`	CPU and memory resources to reserve (limits and requests).
tls	TLS configuration.
`KafkaConnectTls`	TLS configuration.
tolerations	The property `tolerations` has been deprecated. This feature should now be configured at path `spec.template.pod.tolerations`. The pod’s tolerations. See external documentation of core/v1 toleration.
Toleration array
tracing	The configuration of tracing in Kafka Connect. The type depends on the value of the `tracing.type` property within the given object, which must be one of [jaeger].
`JaegerTracing`
version	The Kafka Connect version. Defaults to 2.3.0. Consult the user documentation to understand the process required to upgrade or downgrade the version.
string

C.80. `KafkaConnectS2Istatus` schema reference

Used in: KafkaConnectS2I

Property	Description
conditions	List of status conditions.
`Condition` array	List of status conditions.
observedGeneration	The generation of the CRD that was last reconciled by the operator.
integer
url	The URL of the REST API endpoint for managing and monitoring Kafka Connect connectors.
string
buildConfigName	The name of the build configuration.
string	The name of the build configuration.

C.81. `KafkaTopic` schema reference

Property	Description
spec	The specification of the topic.
`KafkaTopicSpec`	The specification of the topic.
status	The status of the topic.
`KafkaTopicStatus`	The status of the topic.

C.82. `KafkaTopicSpec` schema reference

Used in: KafkaTopic

Property	Description
partitions	The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning.
integer
replicas	The number of replicas the topic should have.
integer	The number of replicas the topic should have.
config	The topic configuration.
map	The topic configuration.
topicName	The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid OpenShift resource name.
string

C.83. `KafkaTopicStatus` schema reference

Used in: KafkaTopic

Property	Description
conditions	List of status conditions.
`Condition` array	List of status conditions.
observedGeneration	The generation of the CRD that was last reconciled by the operator.
integer

C.84. `KafkaUser` schema reference

Property	Description
spec	The specification of the user.
`KafkaUserSpec`	The specification of the user.
status	The status of the Kafka User.
`KafkaUserStatus`	The status of the Kafka User.

C.85. `KafkaUserSpec` schema reference

Used in: KafkaUser

Property	Description
authentication	Authentication mechanism enabled for this Kafka user. The type depends on the value of the `authentication.type` property within the given object, which must be one of [tls, scram-sha-512].
`KafkaUserTlsClientAuthentication`, `KafkaUserScramSha512ClientAuthentication`
authorization	Authorization rules for this Kafka user. The type depends on the value of the `authorization.type` property within the given object, which must be one of [simple].
`KafkaUserAuthorizationSimple`

C.86. `KafkaUserTlsClientAuthentication` schema reference

Used in: KafkaUserSpec

The type property is a discriminator that distinguishes the use of the type KafkaUserTlsClientAuthentication from KafkaUserScramSha512ClientAuthentication. It must have the value tls for the type KafkaUserTlsClientAuthentication.

Property	Description
type	Must be `tls`.
string	Must be `tls`.

C.87. `KafkaUserScramSha512ClientAuthentication` schema reference

Used in: KafkaUserSpec

The type property is a discriminator that distinguishes the use of the type KafkaUserScramSha512ClientAuthentication from KafkaUserTlsClientAuthentication. It must have the value scram-sha-512 for the type KafkaUserScramSha512ClientAuthentication.

Property	Description
type	Must be `scram-sha-512`.
string	Must be `scram-sha-512`.

C.88. `KafkaUserAuthorizationSimple` schema reference

Used in: KafkaUserSpec

The type property is a discriminator that distinguishes the use of the type KafkaUserAuthorizationSimple from other subtypes which may be added in the future. It must have the value simple for the type KafkaUserAuthorizationSimple.

Property	Description
type	Must be `simple`.
string	Must be `simple`.
acls	List of ACL rules which should be applied to this user.
`AclRule` array	List of ACL rules which should be applied to this user.

C.89. `AclRule` schema reference

Used in: KafkaUserAuthorizationSimple

Property	Description
host	The host from which the action described in the ACL rule is allowed or denied.
string
operation	Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All.
string (one of [Read, Write, Delete, Alter, Describe, All, IdempotentWrite, ClusterAction, Create, AlterConfigs, DescribeConfigs])
resource	Indicates the resource for which given ACL rule applies. The type depends on the value of the `resource.type` property within the given object, which must be one of [topic, group, cluster, transactionalId].
`AclRuleTopicResource`, `AclRuleGroupResource`, `AclRuleClusterResource`, `AclRuleTransactionalIdResource`
type	The type of the rule. Currently the only supported type is `allow`. ACL rules with type `allow` are used to allow user to execute the specified operations. Default value is `allow`.
string (one of [allow, deny])

C.90. `AclRuleTopicResource` schema reference

Used in: AclRule

The type property is a discriminator that distinguishes the use of the type AclRuleTopicResource from AclRuleGroupResource, AclRuleClusterResource, AclRuleTransactionalIdResource. It must have the value topic for the type AclRuleTopicResource.

Property	Description
type	Must be `topic`.
string	Must be `topic`.
name	Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
string
patternType	Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full topic name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`.
string (one of [prefix, literal])

C.91. `AclRuleGroupResource` schema reference

Used in: AclRule

The type property is a discriminator that distinguishes the use of the type AclRuleGroupResource from AclRuleTopicResource, AclRuleClusterResource, AclRuleTransactionalIdResource. It must have the value group for the type AclRuleGroupResource.

Property	Description
type	Must be `group`.
string	Must be `group`.
name	Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
string
patternType	Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full topic name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`.
string (one of [prefix, literal])

C.92. `AclRuleClusterResource` schema reference

Used in: AclRule

The type property is a discriminator that distinguishes the use of the type AclRuleClusterResource from AclRuleTopicResource, AclRuleGroupResource, AclRuleTransactionalIdResource. It must have the value cluster for the type AclRuleClusterResource.

Property	Description
type	Must be `cluster`.
string	Must be `cluster`.

C.93. `AclRuleTransactionalIdResource` schema reference

Used in: AclRule

The type property is a discriminator that distinguishes the use of the type AclRuleTransactionalIdResource from AclRuleTopicResource, AclRuleGroupResource, AclRuleClusterResource. It must have the value transactionalId for the type AclRuleTransactionalIdResource.

Property	Description
type	Must be `transactionalId`.
string	Must be `transactionalId`.
name	Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.
string
patternType	Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`.
string (one of [prefix, literal])

C.94. `KafkaUserStatus` schema reference

Used in: KafkaUser

Property	Description
conditions	List of status conditions.
`Condition` array	List of status conditions.
observedGeneration	The generation of the CRD that was last reconciled by the operator.
integer
username	Username.
string	Username.
secret	The name of `Secret` where the credentials are stored.
string	The name of `Secret` where the credentials are stored.

C.95. `KafkaMirrorMaker` schema reference

Property	Description
spec	The specification of Kafka Mirror Maker.
`KafkaMirrorMakerSpec`	The specification of Kafka Mirror Maker.
status	The status of Kafka Mirror Maker.
`KafkaMirrorMakerStatus`	The status of Kafka Mirror Maker.

C.96. `KafkaMirrorMakerSpec` schema reference

Used in: KafkaMirrorMaker

Property	Description
replicas	The number of pods in the `Deployment`.
integer	The number of pods in the `Deployment`.
image	The docker image for the pods.
string	The docker image for the pods.
whitelist	List of topics which are included for mirroring. This option allows any regular expression using Java-style regular expressions. Mirroring two topics named A and B is achieved by using the whitelist `'A\|B'`. Or, as a special case, you can mirror all topics using the whitelist '*'. You can also specify multiple regular expressions separated by commas.
string
consumer	Configuration of source cluster.
`KafkaMirrorMakerConsumerSpec`	Configuration of source cluster.
producer	Configuration of target cluster.
`KafkaMirrorMakerProducerSpec`	Configuration of target cluster.
resources	CPU and memory resources to reserve (limits and requests).
`ResourceRequirements`	CPU and memory resources to reserve (limits and requests).
affinity	The property `affinity` has been deprecated. This feature should now be configured at path `spec.template.pod.affinity`. The pod’s affinity rules. See external documentation of core/v1 affinity.
Affinity
tolerations	The property `tolerations` has been deprecated. This feature should now be configured at path `spec.template.pod.tolerations`. The pod’s tolerations. See external documentation of core/v1 toleration.
Toleration array
jvmOptions	JVM Options for pods.
`JvmOptions`	JVM Options for pods.
logging	Logging configuration for Mirror Maker. The type depends on the value of the `logging.type` property within the given object, which must be one of [inline, external].
`InlineLogging`, `ExternalLogging`
metrics	The Prometheus JMX Exporter configuration. See JMX Exporter documentation for details of the structure of this configuration.
map
tracing	The configuration of tracing in Kafka Mirror Maker. The type depends on the value of the `tracing.type` property within the given object, which must be one of [jaeger].
`JaegerTracing`
template	Template to specify how Kafka Mirror Maker resources, `Deployments` and `Pods`, are generated.
`KafkaMirrorMakerTemplate`
livenessProbe	Pod liveness checking.
`Probe`	Pod liveness checking.
readinessProbe	Pod readiness checking.
`Probe`	Pod readiness checking.
version	The Kafka Mirror Maker version. Defaults to 2.3.0. Consult the documentation to understand the process required to upgrade or downgrade the version.
string

C.97. `KafkaMirrorMakerConsumerSpec` schema reference

Used in: KafkaMirrorMakerSpec

Property	Description
numStreams	Specifies the number of consumer stream threads to create.
integer	Specifies the number of consumer stream threads to create.
offsetCommitInterval	Specifies the offset auto-commit interval in ms. Default value is 60000.
integer
groupId	A unique string that identifies the consumer group this consumer belongs to.
string
bootstrapServers	A list of host:port pairs for establishing the initial connection to the Kafka cluster.
string
authentication	Authentication configuration for connecting to the cluster. The type depends on the value of the `authentication.type` property within the given object, which must be one of [tls, scram-sha-512, plain, oauth].
`KafkaClientAuthenticationTls`, `KafkaClientAuthenticationScramSha512`, `KafkaClientAuthenticationPlain`, `KafkaClientAuthenticationOAuth`
config	The Mirror Maker consumer config. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, group.id, sasl., security., interceptor.classes.
map
tls	TLS configuration for connecting Mirror Maker to the cluster.
`KafkaMirrorMakerTls`

C.98. `KafkaMirrorMakerTls` schema reference

Used in: KafkaMirrorMakerConsumerSpec, KafkaMirrorMakerProducerSpec

Use the tls property to configure TLS encryption. Provide a list of secrets with key names under which the certificates are stored in X.509 format.

An example TLS encryption configuration

tls:
  trustedCertificates:
    - secretName: my-cluster-cluster-ca-cert
      certificate: ca.crt

Property	Description
trustedCertificates	Trusted certificates for TLS connection.
`CertSecretSource` array	Trusted certificates for TLS connection.

C.99. `KafkaMirrorMakerProducerSpec` schema reference

Used in: KafkaMirrorMakerSpec

Property	Description
bootstrapServers	A list of host:port pairs for establishing the initial connection to the Kafka cluster.
string
abortOnSendFailure	Flag to set the Mirror Maker to exit on a failed send. Default value is `true`.
boolean
authentication	Authentication configuration for connecting to the cluster. The type depends on the value of the `authentication.type` property within the given object, which must be one of [tls, scram-sha-512, plain, oauth].
`KafkaClientAuthenticationTls`, `KafkaClientAuthenticationScramSha512`, `KafkaClientAuthenticationPlain`, `KafkaClientAuthenticationOAuth`
config	The Mirror Maker producer config. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, sasl., security., interceptor.classes.
map
tls	TLS configuration for connecting Mirror Maker to the cluster.
`KafkaMirrorMakerTls`

C.100. `KafkaMirrorMakerTemplate` schema reference

Used in: KafkaMirrorMakerSpec

Property	Description
deployment	Template for Kafka Mirror Maker `Deployment`.
`ResourceTemplate`	Template for Kafka Mirror Maker `Deployment`.
pod	Template for Kafka Mirror Maker `Pods`.
`PodTemplate`	Template for Kafka Mirror Maker `Pods`.
mirrorMakerContainer	Template for Kafka Mirror Maker container.
`ContainerTemplate`	Template for Kafka Mirror Maker container.
podDisruptionBudget	Template for Kafka Mirror Maker `PodDisruptionBudget`.
`PodDisruptionBudgetTemplate`	Template for Kafka Mirror Maker `PodDisruptionBudget`.

C.101. `KafkaMirrorMakerStatus` schema reference

Used in: KafkaMirrorMaker

Property	Description
conditions	List of status conditions.
`Condition` array	List of status conditions.
observedGeneration	The generation of the CRD that was last reconciled by the operator.
integer

C.102. `KafkaBridge` schema reference

Property	Description
spec	The specification of the Kafka Bridge.
`KafkaBridgeSpec`	The specification of the Kafka Bridge.
status	The status of the Kafka Bridge.
`KafkaBridgeStatus`	The status of the Kafka Bridge.

C.103. `KafkaBridgeSpec` schema reference

Used in: KafkaBridge

Property	Description
replicas	The number of pods in the `Deployment`.
integer	The number of pods in the `Deployment`.
image	The docker image for the pods.
string	The docker image for the pods.
bootstrapServers	A list of host:port pairs for establishing the initial connection to the Kafka cluster.
string
tls	TLS configuration for connecting Kafka Bridge to the cluster.
`KafkaBridgeTls`
authentication	Authentication configuration for connecting to the cluster. The type depends on the value of the `authentication.type` property within the given object, which must be one of [tls, scram-sha-512, plain, oauth].
`KafkaClientAuthenticationTls`, `KafkaClientAuthenticationScramSha512`, `KafkaClientAuthenticationPlain`, `KafkaClientAuthenticationOAuth`
http	The HTTP related configuration.
`KafkaBridgeHttpConfig`	The HTTP related configuration.
consumer	Kafka consumer related configuration.
`KafkaBridgeConsumerSpec`	Kafka consumer related configuration.
producer	Kafka producer related configuration.
`KafkaBridgeProducerSpec`	Kafka producer related configuration.
resources	CPU and memory resources to reserve (limits and requests).
`ResourceRequirements`	CPU and memory resources to reserve (limits and requests).
jvmOptions	Currently not supported JVM Options for pods.
`JvmOptions`	Currently not supported JVM Options for pods.
logging	Logging configuration for Kafka Bridge. The type depends on the value of the `logging.type` property within the given object, which must be one of [inline, external].
`InlineLogging`, `ExternalLogging`
metrics	Currently not supported The Prometheus JMX Exporter configuration. See JMX Exporter documentation for details of the structure of this configuration.
map
livenessProbe	Pod liveness checking.
`Probe`	Pod liveness checking.
readinessProbe	Pod readiness checking.
`Probe`	Pod readiness checking.
template	Template for Kafka Bridge resources. The template allows users to specify how is the `Deployment` and `Pods` generated.
`KafkaBridgeTemplate`

C.104. `KafkaBridgeTls` schema reference

Used in: KafkaBridgeSpec

Property	Description
trustedCertificates	Trusted certificates for TLS connection.
`CertSecretSource` array	Trusted certificates for TLS connection.

C.105. `KafkaBridgeHttpConfig` schema reference

Used in: KafkaBridgeSpec

Property	Description
port	The port which is the server listening on.
integer	The port which is the server listening on.

C.106. `KafkaBridgeConsumerSpec` schema reference

Used in: KafkaBridgeSpec

Property	Description
config	The Kafka consumer configuration used for consumer instances created by the bridge. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, group.id, sasl., security.
map

C.107. `KafkaBridgeProducerSpec` schema reference

Used in: KafkaBridgeSpec

Property	Description
config	The Kafka producer configuration used for producer instances created by the bridge. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, sasl., security.
map

C.108. `KafkaBridgeTemplate` schema reference

Used in: KafkaBridgeSpec

Property	Description
deployment	Template for Kafka Bridge `Deployment`.
`ResourceTemplate`	Template for Kafka Bridge `Deployment`.
pod	Template for Kafka Bridge `Pods`.
`PodTemplate`	Template for Kafka Bridge `Pods`.
apiService	Template for Kafka Bridge API `Service`.
`ResourceTemplate`	Template for Kafka Bridge API `Service`.
bridgeContainer	Template for the Kafka Bridge container.
`ContainerTemplate`	Template for the Kafka Bridge container.
podDisruptionBudget	Template for Kafka Bridge `PodDisruptionBudget`.
`PodDisruptionBudgetTemplate`	Template for Kafka Bridge `PodDisruptionBudget`.

C.109. `KafkaBridgeStatus` schema reference

Used in: KafkaBridge

Property	Description
conditions	List of status conditions.
`Condition` array	List of status conditions.
observedGeneration	The generation of the CRD that was last reconciled by the operator.
integer
url	The URL at which external client applications can access the Kafka Bridge.
string

このコンテンツは選択した言語では利用できません。

C.1. Kafka schema reference

C.2. KafkaSpec schema reference

C.3. KafkaClusterSpec schema reference

C.4. EphemeralStorage schema reference

C.5. PersistentClaimStorage schema reference

C.6. PersistentClaimStorageOverride schema reference

C.7. JbodStorage schema reference

C.8. KafkaListeners schema reference

C.9. KafkaListenerPlain schema reference

C.10. KafkaListenerAuthenticationTls schema reference

C.11. KafkaListenerAuthenticationScramSha512 schema reference

C.12. KafkaListenerAuthenticationOAuth schema reference

C.13. GenericSecretSource schema reference

C.14. CertSecretSource schema reference

C.15. KafkaListenerTls schema reference

C.16. KafkaListenerExternalRoute schema reference

C.17. RouteListenerOverride schema reference

C.18. RouteListenerBootstrapOverride schema reference

C.19. RouteListenerBrokerOverride schema reference

C.20. KafkaListenerExternalLoadBalancer schema reference

C.21. LoadBalancerListenerOverride schema reference

C.22. LoadBalancerListenerBootstrapOverride schema reference

C.23. LoadBalancerListenerBrokerOverride schema reference

C.24. KafkaListenerExternalNodePort schema reference

C.25. NodePortListenerOverride schema reference

C.26. NodePortListenerBootstrapOverride schema reference

C.27. NodePortListenerBrokerOverride schema reference

C.28. KafkaListenerExternalIngress schema reference

C.29. IngressListenerConfiguration schema reference

C.30. IngressListenerBootstrapConfiguration schema reference

C.31. IngressListenerBrokerConfiguration schema reference

C.32. KafkaAuthorizationSimple schema reference

C.33. Rack schema reference

C.34. Probe schema reference

C.35. JvmOptions schema reference

C.36. ResourceRequirements schema reference

C.37. InlineLogging schema reference

C.38. ExternalLogging schema reference

C.39. TlsSidecar schema reference

C.40. KafkaClusterTemplate schema reference

C.41. ResourceTemplate schema reference

C.42. MetadataTemplate schema reference

C.43. PodTemplate schema reference

C.44. PodDisruptionBudgetTemplate schema reference

C.45. ContainerTemplate schema reference

C.46. ContainerEnvVar schema reference

C.47. ZookeeperClusterSpec schema reference

C.48. ZookeeperClusterTemplate schema reference

C.49. TopicOperatorSpec schema reference

C.50. EntityOperatorJvmOptions schema reference

C.51. EntityOperatorSpec schema reference

C.52. EntityTopicOperatorSpec schema reference

C.53. EntityUserOperatorSpec schema reference

C.54. EntityOperatorTemplate schema reference

C.55. CertificateAuthority schema reference

C.56. KafkaExporterSpec schema reference

C.57. KafkaExporterTemplate schema reference

C.58. KafkaStatus schema reference

C.59. Condition schema reference

C.60. ListenerStatus schema reference

C.61. ListenerAddress schema reference

C.62. KafkaConnect schema reference

C.63. KafkaConnectSpec schema reference

C.64. JaegerTracing schema reference

C.65. KafkaConnectTemplate schema reference

C.66. KafkaClientAuthenticationTls schema reference

C.67. CertAndKeySecretSource schema reference

C.68. KafkaClientAuthenticationScramSha512 schema reference

C.69. PasswordSecretSource schema reference

C.70. KafkaClientAuthenticationPlain schema reference

C.71. KafkaClientAuthenticationOAuth schema reference

C.72. ExternalConfiguration schema reference

C.73. ExternalConfigurationEnv schema reference

C.74. ExternalConfigurationEnvVarSource schema reference

C.75. ExternalConfigurationVolumeSource schema reference

C.76. KafkaConnectTls schema reference

C.77. KafkaConnectStatus schema reference

C.78. KafkaConnectS2I schema reference

C.1. `Kafka` schema reference

C.2. `KafkaSpec` schema reference

C.3. `KafkaClusterSpec` schema reference

C.4. `EphemeralStorage` schema reference

C.5. `PersistentClaimStorage` schema reference

C.6. `PersistentClaimStorageOverride` schema reference

C.7. `JbodStorage` schema reference

C.8. `KafkaListeners` schema reference

C.9. `KafkaListenerPlain` schema reference

C.10. `KafkaListenerAuthenticationTls` schema reference

C.11. `KafkaListenerAuthenticationScramSha512` schema reference

C.12. `KafkaListenerAuthenticationOAuth` schema reference

C.13. `GenericSecretSource` schema reference

C.14. `CertSecretSource` schema reference

C.15. `KafkaListenerTls` schema reference

C.16. `KafkaListenerExternalRoute` schema reference

C.17. `RouteListenerOverride` schema reference

C.18. `RouteListenerBootstrapOverride` schema reference

C.19. `RouteListenerBrokerOverride` schema reference

C.20. `KafkaListenerExternalLoadBalancer` schema reference

C.21. `LoadBalancerListenerOverride` schema reference

C.22. `LoadBalancerListenerBootstrapOverride` schema reference

C.23. `LoadBalancerListenerBrokerOverride` schema reference

C.24. `KafkaListenerExternalNodePort` schema reference

C.25. `NodePortListenerOverride` schema reference

C.26. `NodePortListenerBootstrapOverride` schema reference

C.27. `NodePortListenerBrokerOverride` schema reference

C.28. `KafkaListenerExternalIngress` schema reference

C.29. `IngressListenerConfiguration` schema reference

C.30. `IngressListenerBootstrapConfiguration` schema reference

C.31. `IngressListenerBrokerConfiguration` schema reference

C.32. `KafkaAuthorizationSimple` schema reference

C.33. `Rack` schema reference

C.34. `Probe` schema reference

C.35. `JvmOptions` schema reference

C.36. `ResourceRequirements` schema reference

C.37. `InlineLogging` schema reference

C.38. `ExternalLogging` schema reference

C.39. `TlsSidecar` schema reference

C.40. `KafkaClusterTemplate` schema reference

C.41. `ResourceTemplate` schema reference

C.42. `MetadataTemplate` schema reference

C.43. `PodTemplate` schema reference

C.44. `PodDisruptionBudgetTemplate` schema reference

C.45. `ContainerTemplate` schema reference

C.46. `ContainerEnvVar` schema reference

C.47. `ZookeeperClusterSpec` schema reference

C.48. `ZookeeperClusterTemplate` schema reference

C.49. `TopicOperatorSpec` schema reference

C.50. `EntityOperatorJvmOptions` schema reference

C.51. `EntityOperatorSpec` schema reference

C.52. `EntityTopicOperatorSpec` schema reference

C.53. `EntityUserOperatorSpec` schema reference

C.54. `EntityOperatorTemplate` schema reference

C.55. `CertificateAuthority` schema reference

C.56. `KafkaExporterSpec` schema reference

C.57. `KafkaExporterTemplate` schema reference

C.58. `KafkaStatus` schema reference

C.59. `Condition` schema reference

C.60. `ListenerStatus` schema reference

C.61. `ListenerAddress` schema reference

C.62. `KafkaConnect` schema reference

C.63. `KafkaConnectSpec` schema reference

C.64. `JaegerTracing` schema reference

C.65. `KafkaConnectTemplate` schema reference

C.66. `KafkaClientAuthenticationTls` schema reference

C.67. `CertAndKeySecretSource` schema reference

C.68. `KafkaClientAuthenticationScramSha512` schema reference

C.69. `PasswordSecretSource` schema reference

C.70. `KafkaClientAuthenticationPlain` schema reference

C.71. `KafkaClientAuthenticationOAuth` schema reference

C.72. `ExternalConfiguration` schema reference

C.73. `ExternalConfigurationEnv` schema reference

C.74. `ExternalConfigurationEnvVarSource` schema reference

C.75. `ExternalConfigurationVolumeSource` schema reference

C.76. `KafkaConnectTls` schema reference

C.77. `KafkaConnectStatus` schema reference

C.78. `KafkaConnectS2I` schema reference

C.79. `KafkaConnectS2ISpec` schema reference

C.80. `KafkaConnectS2Istatus` schema reference