이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Appendix B. Custom Resource API Reference
B.1. Kafka
schema reference
Property | Description |
---|---|
spec | The specification of the Kafka and ZooKeeper clusters, and Topic Operator. |
status | The status of the Kafka and ZooKeeper clusters, and Topic Operator. |
B.2. KafkaSpec
schema reference
Used in: Kafka
Property | Description |
---|---|
kafka | Configuration of the Kafka cluster. |
zookeeper | Configuration of the ZooKeeper cluster. |
topicOperator |
The property |
entityOperator | Configuration of the Entity Operator. |
clusterCa | Configuration of the cluster certificate authority. |
clientsCa | Configuration of the clients certificate authority. |
cruiseControl | Configuration for Cruise Control deployment. Deploys a Cruise Control instance when specified. |
kafkaExporter | Configuration of the Kafka Exporter. Kafka Exporter can provide additional metrics, for example lag of consumer group at topic/partition. |
maintenanceTimeWindows | A list of time windows for maintenance tasks (that is, certificates renewal). Each time window is defined by a cron expression. |
string array |
B.3. KafkaClusterSpec
schema reference
Used in: KafkaSpec
Property | Description |
---|---|
replicas | The number of pods in the cluster. |
integer | |
image |
The docker image for the pods. The default value depends on the configured |
string | |
storage |
Storage configuration (disk). Cannot be updated. The type depends on the value of the |
listeners | Configures listeners of Kafka brokers. |
authorization |
Authorization configuration for Kafka brokers. The type depends on the value of the |
| |
config | Kafka broker config properties with the following prefixes cannot be set: listeners, advertised., broker., listener., host.name, port, inter.broker.listener.name, sasl., ssl., security., password., principal.builder.class, log.dir, zookeeper.connect, zookeeper.set.acl, authorizer., super.user, cruise.control.metrics.topic, cruise.control.metrics.reporter.bootstrap.servers (with the exception of: zookeeper.connection.timeout.ms, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols,cruise.control.metrics.topic.num.partitions, cruise.control.metrics.topic.replication.factor, cruise.control.metrics.topic.retention.ms). |
map | |
rack |
Configuration of the |
brokerRackInitImage |
The image of the init container used for initializing the |
string | |
affinity |
The property |
tolerations |
The property |
Toleration array | |
livenessProbe | Pod liveness checking. |
readinessProbe | Pod readiness checking. |
jvmOptions | JVM Options for pods. |
jmxOptions | JMX Options for Kafka brokers. |
resources | CPU and memory resources to reserve. See external documentation of core/v1 resourcerequirements. |
metrics | The Prometheus JMX Exporter configuration. See https://github.com/prometheus/jmx_exporter for details of the structure of this configuration. |
map | |
logging |
Logging configuration for Kafka. The type depends on the value of the |
tlsSidecar | TLS sidecar configuration. |
template |
Template for Kafka cluster resources. The template allows users to specify how are the |
version | The kafka broker version. Defaults to 2.5.0. Consult the user documentation to understand the process required to upgrade or downgrade the version. |
string |
B.4. EphemeralStorage
schema reference
Used in: JbodStorage
, KafkaClusterSpec
, ZookeeperClusterSpec
The type
property is a discriminator that distinguishes the use of the type EphemeralStorage
from PersistentClaimStorage
. It must have the value ephemeral
for the type EphemeralStorage
.
Property | Description |
---|---|
id | Storage identification number. It is mandatory only for storage volumes defined in a storage of type 'jbod'. |
integer | |
sizeLimit | When type=ephemeral, defines the total amount of local storage required for this EmptyDir volume (for example 1Gi). |
string | |
type |
Must be |
string |
B.5. PersistentClaimStorage
schema reference
Used in: JbodStorage
, KafkaClusterSpec
, ZookeeperClusterSpec
The type
property is a discriminator that distinguishes the use of the type PersistentClaimStorage
from EphemeralStorage
. It must have the value persistent-claim
for the type PersistentClaimStorage
.
Property | Description |
---|---|
type |
Must be |
string | |
size | When type=persistent-claim, defines the size of the persistent volume claim (i.e 1Gi). Mandatory when type=persistent-claim. |
string | |
selector | Specifies a specific persistent volume to use. It contains key:value pairs representing labels for selecting such a volume. |
map | |
deleteClaim | Specifies if the persistent volume claim has to be deleted when the cluster is un-deployed. |
boolean | |
class | The storage class to use for dynamic volume allocation. |
string | |
id | Storage identification number. It is mandatory only for storage volumes defined in a storage of type 'jbod'. |
integer | |
overrides |
Overrides for individual brokers. The |
B.6. PersistentClaimStorageOverride
schema reference
Used in: PersistentClaimStorage
Property | Description |
---|---|
class | The storage class to use for dynamic volume allocation for this broker. |
string | |
broker | Id of the kafka broker (broker identifier). |
integer |
B.7. JbodStorage
schema reference
Used in: KafkaClusterSpec
The type
property is a discriminator that distinguishes the use of the type JbodStorage
from EphemeralStorage
, PersistentClaimStorage
. It must have the value jbod
for the type JbodStorage
.
Property | Description |
---|---|
type |
Must be |
string | |
volumes | List of volumes as Storage objects representing the JBOD disks array. |
B.8. KafkaListeners
schema reference
Used in: KafkaClusterSpec
Property | Description |
---|---|
plain | Configures plain listener on port 9092. |
tls | Configures TLS listener on port 9093. |
external |
Configures external listener on port 9094. The type depends on the value of the |
|
B.9. KafkaListenerPlain
schema reference
Used in: KafkaListeners
Property | Description |
---|---|
authentication |
Authentication configuration for this listener. Since this listener does not use TLS transport you cannot configure an authentication with |
| |
networkPolicyPeers | List of peers which should be able to connect to this listener. Peers in this list are combined using a logical OR operation. If this field is empty or missing, all connections will be allowed for this listener. If this field is present and contains at least one item, the listener only allows the traffic which matches at least one item in this list. See external documentation of networking.k8s.io/v1 networkpolicypeer. |
NetworkPolicyPeer array |
B.10. KafkaListenerAuthenticationTls
schema reference
Used in: KafkaListenerExternalIngress
, KafkaListenerExternalLoadBalancer
, KafkaListenerExternalNodePort
, KafkaListenerExternalRoute
, KafkaListenerPlain
, KafkaListenerTls
The type
property is a discriminator that distinguishes the use of the type KafkaListenerAuthenticationTls
from KafkaListenerAuthenticationScramSha512
, KafkaListenerAuthenticationOAuth
. It must have the value tls
for the type KafkaListenerAuthenticationTls
.
Property | Description |
---|---|
type |
Must be |
string |
B.11. KafkaListenerAuthenticationScramSha512
schema reference
Used in: KafkaListenerExternalIngress
, KafkaListenerExternalLoadBalancer
, KafkaListenerExternalNodePort
, KafkaListenerExternalRoute
, KafkaListenerPlain
, KafkaListenerTls
The type
property is a discriminator that distinguishes the use of the type KafkaListenerAuthenticationScramSha512
from KafkaListenerAuthenticationTls
, KafkaListenerAuthenticationOAuth
. It must have the value scram-sha-512
for the type KafkaListenerAuthenticationScramSha512
.
Property | Description |
---|---|
type |
Must be |
string |
B.12. KafkaListenerAuthenticationOAuth
schema reference
Used in: KafkaListenerExternalIngress
, KafkaListenerExternalLoadBalancer
, KafkaListenerExternalNodePort
, KafkaListenerExternalRoute
, KafkaListenerPlain
, KafkaListenerTls
The type
property is a discriminator that distinguishes the use of the type KafkaListenerAuthenticationOAuth
from KafkaListenerAuthenticationTls
, KafkaListenerAuthenticationScramSha512
. It must have the value oauth
for the type KafkaListenerAuthenticationOAuth
.
Property | Description |
---|---|
accessTokenIsJwt |
Configure whether the access token is treated as JWT. This must be set to |
boolean | |
checkAccessTokenType |
Configure whether the access token type check is performed or not. This should be set to |
boolean | |
checkIssuer |
Enable or disable issuer checking. By default issuer is checked using the value configured by |
boolean | |
clientId | OAuth Client ID which the Kafka broker can use to authenticate against the authorization server and use the introspect endpoint URI. |
string | |
clientSecret | Link to OpenShift Secret containing the OAuth client secret which the Kafka broker can use to authenticate against the authorization server and use the introspect endpoint URI. |
disableTlsHostnameVerification |
Enable or disable TLS hostname verification. Default value is |
boolean | |
enableECDSA |
Enable or disable ECDSA support by installing BouncyCastle crypto provider. Default value is |
boolean | |
fallbackUserNameClaim |
The fallback username claim to be used for the user id if the claim specified by |
string | |
fallbackUserNamePrefix |
The prefix to use with the value of |
string | |
introspectionEndpointUri | URI of the token introspection endpoint which can be used to validate opaque non-JWT tokens. |
string | |
jwksEndpointUri | URI of the JWKS certificate endpoint, which can be used for local JWT validation. |
string | |
jwksExpirySeconds |
Configures how often are the JWKS certificates considered valid. The expiry interval has to be at least 60 seconds longer then the refresh interval specified in |
integer | |
jwksRefreshSeconds |
Configures how often are the JWKS certificates refreshed. The refresh interval has to be at least 60 seconds shorter then the expiry interval specified in |
integer | |
tlsTrustedCertificates | Trusted certificates for TLS connection to the OAuth server. |
| |
type |
Must be |
string | |
userInfoEndpointUri | URI of the User Info Endpoint to use as a fallback to obtaining the user id when the Introspection Endpoint does not return information that can be used for the user id. |
string | |
userNameClaim |
Name of the claim from the JWT authentication token, Introspection Endpoint response or User Info Endpoint response which will be used to extract the user id. Defaults to |
string | |
validIssuerUri | URI of the token issuer used for authentication. |
string | |
validTokenType |
Valid value for the |
string |
B.13. GenericSecretSource
schema reference
Used in: KafkaClientAuthenticationOAuth
, KafkaListenerAuthenticationOAuth
Property | Description |
---|---|
key | The key under which the secret value is stored in the OpenShift Secret. |
string | |
secretName | The name of the OpenShift Secret containing the secret value. |
string |
B.14. CertSecretSource
schema reference
Used in: KafkaAuthorizationKeycloak
, KafkaBridgeTls
, KafkaClientAuthenticationOAuth
, KafkaConnectTls
, KafkaListenerAuthenticationOAuth
, KafkaMirrorMaker2Tls
, KafkaMirrorMakerTls
Property | Description |
---|---|
certificate | The name of the file certificate in the Secret. |
string | |
secretName | The name of the Secret containing the certificate. |
string |
B.15. KafkaListenerTls
schema reference
Used in: KafkaListeners
Property | Description |
---|---|
authentication |
Authentication configuration for this listener. The type depends on the value of the |
| |
configuration | Configuration of TLS listener. |
networkPolicyPeers | List of peers which should be able to connect to this listener. Peers in this list are combined using a logical OR operation. If this field is empty or missing, all connections will be allowed for this listener. If this field is present and contains at least one item, the listener only allows the traffic which matches at least one item in this list. See external documentation of networking.k8s.io/v1 networkpolicypeer. |
NetworkPolicyPeer array |
B.16. TlsListenerConfiguration
schema reference
Used in: KafkaListenerTls
Property | Description |
---|---|
brokerCertChainAndKey |
Reference to the |
B.17. CertAndKeySecretSource
schema reference
Used in: IngressListenerConfiguration
, KafkaClientAuthenticationTls
, KafkaListenerExternalConfiguration
, NodePortListenerConfiguration
, TlsListenerConfiguration
Property | Description |
---|---|
certificate | The name of the file certificate in the Secret. |
string | |
key | The name of the private key in the Secret. |
string | |
secretName | The name of the Secret containing the certificate. |
string |
B.18. KafkaListenerExternalRoute
schema reference
Used in: KafkaListeners
The type
property is a discriminator that distinguishes the use of the type KafkaListenerExternalRoute
from KafkaListenerExternalLoadBalancer
, KafkaListenerExternalNodePort
, KafkaListenerExternalIngress
. It must have the value route
for the type KafkaListenerExternalRoute
.
Property | Description |
---|---|
type |
Must be |
string | |
authentication |
Authentication configuration for Kafka brokers. The type depends on the value of the |
| |
overrides | Overrides for external bootstrap and broker services and externally advertised addresses. |
configuration | External listener configuration. |
networkPolicyPeers | List of peers which should be able to connect to this listener. Peers in this list are combined using a logical OR operation. If this field is empty or missing, all connections will be allowed for this listener. If this field is present and contains at least one item, the listener only allows the traffic which matches at least one item in this list. See external documentation of networking.k8s.io/v1 networkpolicypeer. |
NetworkPolicyPeer array |
B.19. RouteListenerOverride
schema reference
Used in: KafkaListenerExternalRoute
Property | Description |
---|---|
bootstrap | External bootstrap service configuration. |
brokers | External broker services configuration. |
B.20. RouteListenerBootstrapOverride
schema reference
Used in: RouteListenerOverride
Property | Description |
---|---|
address | Additional address name for the bootstrap service. The address will be added to the list of subject alternative names of the TLS certificates. |
string | |
host |
Host for the bootstrap route. This field will be used in the |
string |
B.21. RouteListenerBrokerOverride
schema reference
Used in: RouteListenerOverride
Property | Description |
---|---|
broker | Id of the kafka broker (broker identifier). |
integer | |
advertisedHost |
The host name which will be used in the brokers' |
string | |
advertisedPort |
The port number which will be used in the brokers' |
integer | |
host |
Host for the broker route. This field will be used in the |
string |
B.22. KafkaListenerExternalConfiguration
schema reference
Used in: KafkaListenerExternalLoadBalancer
, KafkaListenerExternalRoute
Property | Description |
---|---|
brokerCertChainAndKey |
Reference to the |
B.23. KafkaListenerExternalLoadBalancer
schema reference
Used in: KafkaListeners
The type
property is a discriminator that distinguishes the use of the type KafkaListenerExternalLoadBalancer
from KafkaListenerExternalRoute
, KafkaListenerExternalNodePort
, KafkaListenerExternalIngress
. It must have the value loadbalancer
for the type KafkaListenerExternalLoadBalancer
.
Property | Description |
---|---|
type |
Must be |
string | |
authentication |
Authentication configuration for Kafka brokers. The type depends on the value of the |
| |
overrides | Overrides for external bootstrap and broker services and externally advertised addresses. |
configuration | External listener configuration. |
networkPolicyPeers | List of peers which should be able to connect to this listener. Peers in this list are combined using a logical OR operation. If this field is empty or missing, all connections will be allowed for this listener. If this field is present and contains at least one item, the listener only allows the traffic which matches at least one item in this list. See external documentation of networking.k8s.io/v1 networkpolicypeer. |
NetworkPolicyPeer array | |
tls |
Enables TLS encryption on the listener. By default set to |
boolean |
B.24. LoadBalancerListenerOverride
schema reference
Used in: KafkaListenerExternalLoadBalancer
Property | Description |
---|---|
bootstrap | External bootstrap service configuration. |
brokers | External broker services configuration. |
B.25. LoadBalancerListenerBootstrapOverride
schema reference
Used in: LoadBalancerListenerOverride
Property | Description |
---|---|
address | Additional address name for the bootstrap service. The address will be added to the list of subject alternative names of the TLS certificates. |
string | |
dnsAnnotations |
Annotations that will be added to the |
map | |
loadBalancerIP |
The loadbalancer is requested with the IP address specified in this field. This feature depends on whether the underlying cloud provider supports specifying the |
string |
B.26. LoadBalancerListenerBrokerOverride
schema reference
Used in: LoadBalancerListenerOverride
Property | Description |
---|---|
broker | Id of the kafka broker (broker identifier). |
integer | |
advertisedHost |
The host name which will be used in the brokers' |
string | |
advertisedPort |
The port number which will be used in the brokers' |
integer | |
dnsAnnotations |
Annotations that will be added to the |
map | |
loadBalancerIP |
The loadbalancer is requested with the IP address specified in this field. This feature depends on whether the underlying cloud provider supports specifying the |
string |
B.27. KafkaListenerExternalNodePort
schema reference
Used in: KafkaListeners
The type
property is a discriminator that distinguishes the use of the type KafkaListenerExternalNodePort
from KafkaListenerExternalRoute
, KafkaListenerExternalLoadBalancer
, KafkaListenerExternalIngress
. It must have the value nodeport
for the type KafkaListenerExternalNodePort
.
Property | Description |
---|---|
type |
Must be |
string | |
authentication |
Authentication configuration for Kafka brokers. The type depends on the value of the |
| |
overrides | Overrides for external bootstrap and broker services and externally advertised addresses. |
configuration | External listener configuration. |
networkPolicyPeers | List of peers which should be able to connect to this listener. Peers in this list are combined using a logical OR operation. If this field is empty or missing, all connections will be allowed for this listener. If this field is present and contains at least one item, the listener only allows the traffic which matches at least one item in this list. See external documentation of networking.k8s.io/v1 networkpolicypeer. |
NetworkPolicyPeer array | |
tls |
Enables TLS encryption on the listener. By default set to |
boolean |
B.28. NodePortListenerOverride
schema reference
Used in: KafkaListenerExternalNodePort
Property | Description |
---|---|
bootstrap | External bootstrap service configuration. |
brokers | External broker services configuration. |
B.29. NodePortListenerBootstrapOverride
schema reference
Used in: NodePortListenerOverride
Property | Description |
---|---|
address | Additional address name for the bootstrap service. The address will be added to the list of subject alternative names of the TLS certificates. |
string | |
dnsAnnotations |
Annotations that will be added to the |
map | |
nodePort | Node port for the bootstrap service. |
integer |
B.30. NodePortListenerBrokerOverride
schema reference
Used in: NodePortListenerOverride
Property | Description |
---|---|
broker | Id of the kafka broker (broker identifier). |
integer | |
advertisedHost |
The host name which will be used in the brokers' |
string | |
advertisedPort |
The port number which will be used in the brokers' |
integer | |
nodePort | Node port for the broker service. |
integer | |
dnsAnnotations |
Annotations that will be added to the |
map |
B.31. NodePortListenerConfiguration
schema reference
Used in: KafkaListenerExternalNodePort
Property | Description |
---|---|
brokerCertChainAndKey |
Reference to the |
preferredAddressType |
Defines which address type should be used as the node address. Available types are: This field can be used to select the address type which will be used as the preferred type and checked first. In case no address will be found for this address type, the other types will be used in the default order.. |
string (one of [ExternalDNS, ExternalIP, Hostname, InternalIP, InternalDNS]) |
B.32. KafkaListenerExternalIngress
schema reference
Used in: KafkaListeners
The type
property is a discriminator that distinguishes the use of the type KafkaListenerExternalIngress
from KafkaListenerExternalRoute
, KafkaListenerExternalLoadBalancer
, KafkaListenerExternalNodePort
. It must have the value ingress
for the type KafkaListenerExternalIngress
.
Property | Description |
---|---|
type |
Must be |
string | |
authentication |
Authentication configuration for Kafka brokers. The type depends on the value of the |
| |
class |
Configures the |
string | |
configuration | External listener configuration. |
networkPolicyPeers | List of peers which should be able to connect to this listener. Peers in this list are combined using a logical OR operation. If this field is empty or missing, all connections will be allowed for this listener. If this field is present and contains at least one item, the listener only allows the traffic which matches at least one item in this list. See external documentation of networking.k8s.io/v1 networkpolicypeer. |
NetworkPolicyPeer array |
B.33. IngressListenerConfiguration
schema reference
Used in: KafkaListenerExternalIngress
Property | Description |
---|---|
bootstrap | External bootstrap ingress configuration. |
brokers | External broker ingress configuration. |
brokerCertChainAndKey |
Reference to the |
B.34. IngressListenerBootstrapConfiguration
schema reference
Used in: IngressListenerConfiguration
Property | Description |
---|---|
address | Additional address name for the bootstrap service. The address will be added to the list of subject alternative names of the TLS certificates. |
string | |
dnsAnnotations |
Annotations that will be added to the |
map | |
host | Host for the bootstrap route. This field will be used in the Ingress resource. |
string |
B.35. IngressListenerBrokerConfiguration
schema reference
Used in: IngressListenerConfiguration
Property | Description |
---|---|
broker | Id of the kafka broker (broker identifier). |
integer | |
advertisedHost |
The host name which will be used in the brokers' |
string | |
advertisedPort |
The port number which will be used in the brokers' |
integer | |
host | Host for the broker ingress. This field will be used in the Ingress resource. |
string | |
dnsAnnotations |
Annotations that will be added to the |
map |
B.36. KafkaAuthorizationSimple
schema reference
Used in: KafkaClusterSpec
The type
property is a discriminator that distinguishes the use of the type KafkaAuthorizationSimple
from KafkaAuthorizationOpa
, KafkaAuthorizationKeycloak
. It must have the value simple
for the type KafkaAuthorizationSimple
.
Property | Description |
---|---|
type |
Must be |
string | |
superUsers | List of super users. Should contain list of user principals which should get unlimited access rights. |
string array |
B.37. KafkaAuthorizationOpa
schema reference
Used in: KafkaClusterSpec
To use Open Policy Agent authorization, set the type
property in the authorization
section to the value opa
. The Open Policy Agent authorizer has several configuration options:
url
- The URL used to connect to the Open Policy Agent server. The URL has to include the policy which will be queried by the authorizer. Required.
allowOnError
-
Defines whether a Kafka client should be allowed or denied by default when the authorizer fails to query the Open Policy Agent, for example, when it is temporarily unavailable. Defaults to
false
- all actions will be denied. initialCacheCapacity
-
Initial capacity of the local cache used by the authorizer to avoid querying the Open Policy Agent for every request. Defaults to
5000
. maximumCacheSize
-
Maximum capacity of the local cache used by the authorizer to avoid querying the Open Policy Agent for every request. Defaults to
50000
. expireAfterMs
-
The expiration of the records kept in the local cache to avoid querying the Open Policy Agent for every request. Defines how often the cached authorization decisions are reloaded from the Open Policy Agent server. In milliseconds. Defaults to
3600000
milliseconds (1 hour). superUsers
- A list of user principals treated as super users, so that they are always allowed without querying the open Policy Agent policy. For more information see Super users.
An example of Open Policy Agent authorizer configuration
authorization: type: opa url: http://opa:8181/v1/data/kafka/allow allowOnError: false initialCacheCapacity: 1000 maximumCacheSize: 10000 expireAfterMs: 60000 superUsers: - CN=fred - sam - CN=edward
The type
property is a discriminator that distinguishes the use of the type KafkaAuthorizationOpa
from KafkaAuthorizationSimple
, KafkaAuthorizationKeycloak
. It must have the value opa
for the type KafkaAuthorizationOpa
.
Property | Description |
---|---|
type |
Must be |
string | |
url | The URL used to connect to the Open Policy Agent server. The URL has to include the policy which will be queried by the authorizer. This option is required. |
string | |
allowOnError |
Defines whether a Kafka client should be allowed or denied by default when the authorizer fails to query the Open Policy Agent, for example, when it is temporarily unavailable). Defaults to |
boolean | |
initialCacheCapacity |
Initial capacity of the local cache used by the authorizer to avoid querying the Open Policy Agent for every request Defaults to |
integer | |
maximumCacheSize |
Maximum capacity of the local cache used by the authorizer to avoid querying the Open Policy Agent for every request. Defaults to |
integer | |
expireAfterMs |
The expiration of the records kept in the local cache to avoid querying the Open Policy Agent for every request. Defines how often the cached authorization decisions are reloaded from the Open Policy Agent server. In milliseconds. Defaults to |
integer | |
superUsers | List of super users, which is specifically a list of user principals that have unlimited access rights. |
string array |
B.38. KafkaAuthorizationKeycloak
schema reference
Used in: KafkaClusterSpec
The type
property is a discriminator that distinguishes the use of the type KafkaAuthorizationKeycloak
from KafkaAuthorizationSimple
, KafkaAuthorizationOpa
. It must have the value keycloak
for the type KafkaAuthorizationKeycloak
.
Property | Description |
---|---|
type |
Must be |
string | |
clientId | OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. |
string | |
tokenEndpointUri | Authorization server token endpoint URI. |
string | |
tlsTrustedCertificates | Trusted certificates for TLS connection to the OAuth server. |
| |
disableTlsHostnameVerification |
Enable or disable TLS hostname verification. Default value is |
boolean | |
delegateToKafkaAcls |
Whether authorization decision should be delegated to the 'Simple' authorizer if DENIED by Red Hat Single Sign-On Authorization Services policies.Default value is |
boolean | |
superUsers | List of super users. Should contain list of user principals which should get unlimited access rights. |
string array |
B.39. Rack
schema reference
Used in: KafkaClusterSpec
Property | Description |
---|---|
topologyKey |
A key that matches labels assigned to the OpenShift cluster nodes. The value of the label is used to set the broker’s |
string |
B.40. Probe
schema reference
Used in: CruiseControlSpec
, EntityTopicOperatorSpec
, EntityUserOperatorSpec
, KafkaBridgeSpec
, KafkaClusterSpec
, KafkaConnectS2ISpec
, KafkaConnectSpec
, KafkaExporterSpec
, KafkaMirrorMaker2Spec
, KafkaMirrorMakerSpec
, TlsSidecar
, TopicOperatorSpec
, ZookeeperClusterSpec
Property | Description |
---|---|
failureThreshold | Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
integer | |
initialDelaySeconds | The initial delay before first the health is first checked. |
integer | |
periodSeconds | How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. |
integer | |
successThreshold | Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. |
integer | |
timeoutSeconds | The timeout for each attempted health check. |
integer |
B.41. JvmOptions
schema reference
Used in: CruiseControlSpec
, EntityTopicOperatorSpec
, EntityUserOperatorSpec
, KafkaBridgeSpec
, KafkaClusterSpec
, KafkaConnectS2ISpec
, KafkaConnectSpec
, KafkaMirrorMaker2Spec
, KafkaMirrorMakerSpec
, TopicOperatorSpec
, ZookeeperClusterSpec
Property | Description |
---|---|
-XX | A map of -XX options to the JVM. |
map | |
-Xms | -Xms option to to the JVM. |
string | |
-Xmx | -Xmx option to to the JVM. |
string | |
gcLoggingEnabled | Specifies whether the Garbage Collection logging is enabled. The default is false. |
boolean | |
javaSystemProperties |
A map of additional system properties which will be passed using the |
|
B.42. SystemProperty
schema reference
Used in: JvmOptions
Property | Description |
---|---|
name | The system property name. |
string | |
value | The system property value. |
string |
B.43. KafkaJmxOptions
schema reference
Used in: KafkaClusterSpec
Property | Description |
---|---|
authentication |
Authentication configuration for connecting to the Kafka JMX port. The type depends on the value of the |
B.44. KafkaJmxAuthenticationPassword
schema reference
Used in: KafkaJmxOptions
The type
property is a discriminator that distinguishes the use of the type KafkaJmxAuthenticationPassword
from other subtypes which may be added in the future. It must have the value password
for the type KafkaJmxAuthenticationPassword
.
Property | Description |
---|---|
type |
Must be |
string |
B.45. InlineLogging
schema reference
Used in: CruiseControlSpec
, EntityTopicOperatorSpec
, EntityUserOperatorSpec
, KafkaBridgeSpec
, KafkaClusterSpec
, KafkaConnectS2ISpec
, KafkaConnectSpec
, KafkaMirrorMaker2Spec
, KafkaMirrorMakerSpec
, TopicOperatorSpec
, ZookeeperClusterSpec
The type
property is a discriminator that distinguishes the use of the type InlineLogging
from ExternalLogging
. It must have the value inline
for the type InlineLogging
.
Property | Description |
---|---|
type |
Must be |
string | |
loggers | A Map from logger name to logger level. |
map |
B.46. ExternalLogging
schema reference
Used in: CruiseControlSpec
, EntityTopicOperatorSpec
, EntityUserOperatorSpec
, KafkaBridgeSpec
, KafkaClusterSpec
, KafkaConnectS2ISpec
, KafkaConnectSpec
, KafkaMirrorMaker2Spec
, KafkaMirrorMakerSpec
, TopicOperatorSpec
, ZookeeperClusterSpec
The type
property is a discriminator that distinguishes the use of the type ExternalLogging
from InlineLogging
. It must have the value external
for the type ExternalLogging
.
Property | Description |
---|---|
type |
Must be |
string | |
name |
The name of the |
string |
B.47. TlsSidecar
schema reference
Used in: CruiseControlSpec
, EntityOperatorSpec
, KafkaClusterSpec
, TopicOperatorSpec
, ZookeeperClusterSpec
Property | Description |
---|---|
image | The docker image for the container. |
string | |
livenessProbe | Pod liveness checking. |
logLevel |
The log level for the TLS sidecar. Default value is |
string (one of [emerg, debug, crit, err, alert, warning, notice, info]) | |
readinessProbe | Pod readiness checking. |
resources | CPU and memory resources to reserve. See external documentation of core/v1 resourcerequirements. |
B.48. KafkaClusterTemplate
schema reference
Used in: KafkaClusterSpec
Property | Description |
---|---|
statefulset |
Template for Kafka |
pod |
Template for Kafka |
bootstrapService |
Template for Kafka bootstrap |
brokersService |
Template for Kafka broker |
externalBootstrapService |
Template for Kafka external bootstrap |
perPodService |
Template for Kafka per-pod |
externalBootstrapRoute |
Template for Kafka external bootstrap |
perPodRoute |
Template for Kafka per-pod |
externalBootstrapIngress |
Template for Kafka external bootstrap |
perPodIngress |
Template for Kafka per-pod |
persistentVolumeClaim |
Template for all Kafka |
podDisruptionBudget |
Template for Kafka |
kafkaContainer | Template for the Kafka broker container. |
tlsSidecarContainer | Template for the Kafka broker TLS sidecar container. |
initContainer | Template for the Kafka init container. |
B.49. StatefulSetTemplate
schema reference
Used in: KafkaClusterTemplate
, ZookeeperClusterTemplate
Property | Description |
---|---|
metadata | Metadata which should be applied to the resource. |
podManagementPolicy |
PodManagementPolicy which will be used for this StatefulSet. Valid values are |
string (one of [OrderedReady, Parallel]) |
B.50. MetadataTemplate
schema reference
Used in: ExternalServiceTemplate
, PodDisruptionBudgetTemplate
, PodTemplate
, ResourceTemplate
, StatefulSetTemplate
Property | Description |
---|---|
labels |
Labels which should be added to the resource template. Can be applied to different resources such as |
map | |
annotations |
Annotations which should be added to the resource template. Can be applied to different resources such as |
map |
B.51. PodTemplate
schema reference
Used in: CruiseControlTemplate
, EntityOperatorTemplate
, KafkaBridgeTemplate
, KafkaClusterTemplate
, KafkaConnectTemplate
, KafkaExporterTemplate
, KafkaMirrorMakerTemplate
, ZookeeperClusterTemplate
Property | Description |
---|---|
metadata | Metadata applied to the resource. |
imagePullSecrets | List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. See external documentation of core/v1 localobjectreference. |
LocalObjectReference array | |
securityContext | Configures pod-level security attributes and common container settings. See external documentation of core/v1 podsecuritycontext. |
terminationGracePeriodSeconds | The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process.Value must be non-negative integer. The value zero indicates delete immediately. Defaults to 30 seconds. |
integer | |
affinity | The pod’s affinity rules. See external documentation of core/v1 affinity. |
priorityClassName | The name of the Priority Class to which these pods will be assigned. |
string | |
schedulerName |
The name of the scheduler used to dispatch this |
string | |
tolerations | The pod’s tolerations. See external documentation of core/v1 toleration. |
Toleration array |
B.52. ResourceTemplate
schema reference
Used in: CruiseControlTemplate
, EntityOperatorTemplate
, KafkaBridgeTemplate
, KafkaClusterTemplate
, KafkaConnectTemplate
, KafkaExporterTemplate
, KafkaMirrorMakerTemplate
, ZookeeperClusterTemplate
Property | Description |
---|---|
metadata | Metadata which should be applied to the resource. |
B.53. ExternalServiceTemplate
schema reference
Used in: KafkaClusterTemplate
Property | Description |
---|---|
metadata | Metadata which should be applied to the resource. |
externalTrafficPolicy |
Specifies whether the service routes external traffic to node-local or cluster-wide endpoints. |
string (one of [Local, Cluster]) | |
loadBalancerSourceRanges |
A list of CIDR ranges (for example |
string array |
B.54. PodDisruptionBudgetTemplate
schema reference
Used in: CruiseControlTemplate
, KafkaBridgeTemplate
, KafkaClusterTemplate
, KafkaConnectTemplate
, KafkaMirrorMakerTemplate
, ZookeeperClusterTemplate
Property | Description |
---|---|
metadata |
Metadata to apply to the |
maxUnavailable |
Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the |
integer |
B.55. ContainerTemplate
schema reference
Used in: CruiseControlTemplate
, EntityOperatorTemplate
, KafkaBridgeTemplate
, KafkaClusterTemplate
, KafkaConnectTemplate
, KafkaExporterTemplate
, KafkaMirrorMakerTemplate
, ZookeeperClusterTemplate
Property | Description |
---|---|
env | Environment variables which should be applied to the container. |
| |
securityContext | Security context for the container. See external documentation of core/v1 securitycontext. |
B.56. ContainerEnvVar
schema reference
Used in: ContainerTemplate
Property | Description |
---|---|
name | The environment variable key. |
string | |
value | The environment variable value. |
string |
B.57. ZookeeperClusterSpec
schema reference
Used in: KafkaSpec
Property | Description |
---|---|
replicas | The number of pods in the cluster. |
integer | |
image | The docker image for the pods. |
string | |
storage |
Storage configuration (disk). Cannot be updated. The type depends on the value of the |
config | The ZooKeeper broker config. Properties with the following prefixes cannot be set: server., dataDir, dataLogDir, clientPort, authProvider, quorum.auth, requireClientAuthScheme, snapshot.trust.empty, standaloneEnabled, reconfigEnabled, 4lw.commands.whitelist, secureClientPort, ssl., serverCnxnFactory, sslQuorum (with the exception of: ssl.protocol, ssl.quorum.protocol, ssl.enabledProtocols, ssl.quorum.enabledProtocols, ssl.ciphersuites, ssl.quorum.ciphersuites, ssl.hostnameVerification, ssl.quorum.hostnameVerification). |
map | |
affinity |
The property |
tolerations |
The property |
Toleration array | |
livenessProbe | Pod liveness checking. |
readinessProbe | Pod readiness checking. |
jvmOptions | JVM Options for pods. |
resources | CPU and memory resources to reserve. See external documentation of core/v1 resourcerequirements. |
metrics | The Prometheus JMX Exporter configuration. See https://github.com/prometheus/jmx_exporter for details of the structure of this configuration. |
map | |
logging |
Logging configuration for ZooKeeper. The type depends on the value of the |
template |
Template for ZooKeeper cluster resources. The template allows users to specify how are the |
tlsSidecar |
The property |
B.58. ZookeeperClusterTemplate
schema reference
Used in: ZookeeperClusterSpec
Property | Description |
---|---|
statefulset |
Template for ZooKeeper |
pod |
Template for ZooKeeper |
clientService |
Template for ZooKeeper client |
nodesService |
Template for ZooKeeper nodes |
persistentVolumeClaim |
Template for all ZooKeeper |
podDisruptionBudget |
Template for ZooKeeper |
zookeeperContainer | Template for the ZooKeeper container. |
tlsSidecarContainer |
The property |
B.59. TopicOperatorSpec
schema reference
Used in: KafkaSpec
Property | Description |
---|---|
watchedNamespace | The namespace the Topic Operator should watch. |
string | |
image | The image to use for the Topic Operator. |
string | |
reconciliationIntervalSeconds | Interval between periodic reconciliations. |
integer | |
zookeeperSessionTimeoutSeconds | Timeout for the ZooKeeper session. |
integer | |
affinity | Pod affinity rules. See external documentation of core/v1 affinity. |
resources | CPU and memory resources to reserve. See external documentation of core/v1 resourcerequirements. |
topicMetadataMaxAttempts | The number of attempts at getting topic metadata. |
integer | |
tlsSidecar | TLS sidecar configuration. |
logging |
Logging configuration. The type depends on the value of the |
jvmOptions | JVM Options for pods. |
livenessProbe | Pod liveness checking. |
readinessProbe | Pod readiness checking. |
B.60. EntityOperatorSpec
schema reference
Used in: KafkaSpec
Property | Description |
---|---|
topicOperator | Configuration of the Topic Operator. |
userOperator | Configuration of the User Operator. |
affinity |
The property |
tolerations |
The property |
Toleration array | |
tlsSidecar | TLS sidecar configuration. |
template |
Template for Entity Operator resources. The template allows users to specify how is the |
B.61. EntityTopicOperatorSpec
schema reference
Used in: EntityOperatorSpec
Property | Description |
---|---|
watchedNamespace | The namespace the Topic Operator should watch. |
string | |
image | The image to use for the Topic Operator. |
string | |
reconciliationIntervalSeconds | Interval between periodic reconciliations. |
integer | |
zookeeperSessionTimeoutSeconds | Timeout for the ZooKeeper session. |
integer | |
livenessProbe | Pod liveness checking. |
readinessProbe | Pod readiness checking. |
resources | CPU and memory resources to reserve. See external documentation of core/v1 resourcerequirements. |
topicMetadataMaxAttempts | The number of attempts at getting topic metadata. |
integer | |
logging |
Logging configuration. The type depends on the value of the |
jvmOptions | JVM Options for pods. |
B.62. EntityUserOperatorSpec
schema reference
Used in: EntityOperatorSpec
Property | Description |
---|---|
watchedNamespace | The namespace the User Operator should watch. |
string | |
image | The image to use for the User Operator. |
string | |
reconciliationIntervalSeconds | Interval between periodic reconciliations. |
integer | |
zookeeperSessionTimeoutSeconds | Timeout for the ZooKeeper session. |
integer | |
livenessProbe | Pod liveness checking. |
readinessProbe | Pod readiness checking. |
resources | CPU and memory resources to reserve. See external documentation of core/v1 resourcerequirements. |
logging |
Logging configuration. The type depends on the value of the |
jvmOptions | JVM Options for pods. |
B.63. EntityOperatorTemplate
schema reference
Used in: EntityOperatorSpec
Property | Description |
---|---|
deployment |
Template for Entity Operator |
pod |
Template for Entity Operator |
tlsSidecarContainer | Template for the Entity Operator TLS sidecar container. |
topicOperatorContainer | Template for the Entity Topic Operator container. |
userOperatorContainer | Template for the Entity User Operator container. |
B.64. CertificateAuthority
schema reference
Used in: KafkaSpec
Configuration of how TLS certificates are used within the cluster. This applies to certificates used for both internal communication within the cluster and to certificates used for client access via Kafka.spec.kafka.listeners.tls
.
Property | Description |
---|---|
generateCertificateAuthority | If true then Certificate Authority certificates will be generated automatically. Otherwise the user will need to provide a Secret with the CA certificate. Default is true. |
boolean | |
validityDays | The number of days generated certificates should be valid for. The default is 365. |
integer | |
renewalDays |
The number of days in the certificate renewal period. This is the number of days before the a certificate expires during which renewal actions may be performed. When |
integer | |
certificateExpirationPolicy |
How should CA certificate expiration be handled when |
string (one of [replace-key, renew-certificate]) |
B.65. CruiseControlSpec
schema reference
Used in: KafkaSpec
Property | Description |
---|---|
image | The docker image for the pods. |
string | |
config | The Cruise Control configuration. For a full list of configuration options refer to https://github.com/linkedin/cruise-control/wiki/Configurations. Note that properties with the following prefixes cannot be set: bootstrap.servers, client.id, zookeeper., network., security., failed.brokers.zk.path,webserver.http., webserver.api.urlprefix, webserver.session.path, webserver.accesslog., two.step., request.reason.required,metric.reporter.sampler.bootstrap.servers, metric.reporter.topic, partition.metric.sample.store.topic, broker.metric.sample.store.topic,capacity.config.file, self.healing., anomaly.detection., ssl. |
map | |
livenessProbe | Pod liveness checking for the Cruise Control container. |
readinessProbe | Pod readiness checking for the Cruise Control container. |
jvmOptions | JVM Options for the Cruise Control container. |
resources | CPU and memory resources to reserve for the Cruise Control container. See external documentation of core/v1 resourcerequirements. |
logging |
Logging configuration (log4j1) for Cruise Control. The type depends on the value of the |
tlsSidecar | TLS sidecar configuration. |
template |
Template to specify how Cruise Control resources, |
brokerCapacity |
The Cruise Control |
B.66. CruiseControlTemplate
schema reference
Used in: CruiseControlSpec
Property | Description |
---|---|
deployment |
Template for Cruise Control |
pod |
Template for Cruise Control |
apiService |
Template for Cruise Control API |
podDisruptionBudget |
Template for Cruise Control |
cruiseControlContainer | Template for the Cruise Control container. |
tlsSidecarContainer | Template for the Cruise Control TLS sidecar container. |
B.67. BrokerCapacity
schema reference
Used in: CruiseControlSpec
Property | Description |
---|---|
disk | Broker capacity for disk in bytes, for example, 100Gi. |
string | |
cpuUtilization | Broker capacity for CPU resource utilization as a percentage (0 - 100). |
integer | |
inboundNetwork | Broker capacity for inbound network throughput in bytes per second, for example, 10000KB/s. |
string | |
outboundNetwork | Broker capacity for outbound network throughput in bytes per second, for example 10000KB/s. |
string |
B.68. KafkaExporterSpec
schema reference
Used in: KafkaSpec
Property | Description |
---|---|
image | The docker image for the pods. |
string | |
groupRegex |
Regular expression to specify which consumer groups to collect. Default value is |
string | |
topicRegex |
Regular expression to specify which topics to collect. Default value is |
string | |
resources | CPU and memory resources to reserve. See external documentation of core/v1 resourcerequirements. |
logging |
Only log messages with the given severity or above. Valid levels: [ |
string | |
enableSaramaLogging | Enable Sarama logging, a Go client library used by the Kafka Exporter. |
boolean | |
template | Customization of deployment templates and pods. |
livenessProbe | Pod liveness check. |
readinessProbe | Pod readiness check. |
B.69. KafkaExporterTemplate
schema reference
Used in: KafkaExporterSpec
Property | Description |
---|---|
deployment |
Template for Kafka Exporter |
pod |
Template for Kafka Exporter |
service |
Template for Kafka Exporter |
container | Template for the Kafka Exporter container. |
B.70. KafkaStatus
schema reference
Used in: Kafka
Property | Description |
---|---|
conditions | List of status conditions. |
| |
observedGeneration | The generation of the CRD that was last reconciled by the operator. |
integer | |
listeners | Addresses of the internal and external listeners. |
|
B.71. Condition
schema reference
Used in: KafkaBridgeStatus
, KafkaConnectorStatus
, KafkaConnectS2IStatus
, KafkaConnectStatus
, KafkaMirrorMaker2Status
, KafkaMirrorMakerStatus
, KafkaRebalanceStatus
, KafkaStatus
, KafkaTopicStatus
, KafkaUserStatus
Property | Description |
---|---|
type | The unique identifier of a condition, used to distinguish between other conditions in the resource. |
string | |
status | The status of the condition, either True, False or Unknown. |
string | |
lastTransitionTime | Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone. |
string | |
reason | The reason for the condition’s last transition (a single word in CamelCase). |
string | |
message | Human-readable message indicating details about the condition’s last transition. |
string |
B.72. ListenerStatus
schema reference
Used in: KafkaStatus
Property | Description |
---|---|
type |
The type of the listener. Can be one of the following three types: |
string | |
addresses | A list of the addresses for this listener. |
| |
bootstrapServers |
A comma-separated list of |
string | |
certificates |
A list of TLS certificates which can be used to verify the identity of the server when connecting to the given listener. Set only for |
string array |
B.73. ListenerAddress
schema reference
Used in: ListenerStatus
Property | Description |
---|---|
host | The DNS name or IP address of the Kafka bootstrap service. |
string | |
port | The port of the Kafka bootstrap service. |
integer |
B.74. KafkaConnect
schema reference
Property | Description |
---|---|
spec | The specification of the Kafka Connect cluster. |
status | The status of the Kafka Connect cluster. |
B.75. KafkaConnectSpec
schema reference
Used in: KafkaConnect
Property | Description |
---|---|
replicas | The number of pods in the Kafka Connect group. |
integer | |
version | The Kafka Connect version. Defaults to 2.5.0. Consult the user documentation to understand the process required to upgrade or downgrade the version. |
string | |
image | The docker image for the pods. |
string | |
bootstrapServers | Bootstrap servers to connect to. This should be given as a comma separated list of <hostname>:<port> pairs. |
string | |
tls | TLS configuration. |
authentication |
Authentication configuration for Kafka Connect. The type depends on the value of the |
| |
config | The Kafka Connect configuration. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). |
map | |
resources | The maximum limits for CPU and memory resources and the requested initial resources. See external documentation of core/v1 resourcerequirements. |
livenessProbe | Pod liveness checking. |
readinessProbe | Pod readiness checking. |
jvmOptions | JVM Options for pods. |
affinity |
The property |
tolerations |
The property |
Toleration array | |
logging |
Logging configuration for Kafka Connect. The type depends on the value of the |
metrics | The Prometheus JMX Exporter configuration. See https://github.com/prometheus/jmx_exporter for details of the structure of this configuration. |
map | |
tracing |
The configuration of tracing in Kafka Connect. The type depends on the value of the |
template |
Template for Kafka Connect and Kafka Connect S2I resources. The template allows users to specify how the |
externalConfiguration | Pass data from Secrets or ConfigMaps to the Kafka Connect pods and use them to configure connectors. |
B.76. KafkaConnectTls
schema reference
Used in: KafkaConnectS2ISpec
, KafkaConnectSpec
Property | Description |
---|---|
trustedCertificates | Trusted certificates for TLS connection. |
|
B.77. KafkaClientAuthenticationTls
schema reference
Used in: KafkaBridgeSpec
, KafkaConnectS2ISpec
, KafkaConnectSpec
, KafkaMirrorMaker2ClusterSpec
, KafkaMirrorMakerConsumerSpec
, KafkaMirrorMakerProducerSpec
To use TLS client authentication, set the type
property to the value tls
. TLS client authentication uses a TLS certificate to authenticate. The certificate is specified in the certificateAndKey
property and is always loaded from an OpenShift secret. In the secret, the certificate must be stored in X509 format under two different keys: public and private.
TLS client authentication can only be used with TLS connections.
An example TLS client authentication configuration
authentication: type: tls certificateAndKey: secretName: my-secret certificate: public.crt key: private.key
The type
property is a discriminator that distinguishes the use of the type KafkaClientAuthenticationTls
from KafkaClientAuthenticationScramSha512
, KafkaClientAuthenticationPlain
, KafkaClientAuthenticationOAuth
. It must have the value tls
for the type KafkaClientAuthenticationTls
.
Property | Description |
---|---|
certificateAndKey |
Reference to the |
type |
Must be |
string |
B.78. KafkaClientAuthenticationScramSha512
schema reference
Used in: KafkaBridgeSpec
, KafkaConnectS2ISpec
, KafkaConnectSpec
, KafkaMirrorMaker2ClusterSpec
, KafkaMirrorMakerConsumerSpec
, KafkaMirrorMakerProducerSpec
To configure SASL-based SCRAM-SHA-512 authentication, set the type
property to scram-sha-512
. The SCRAM-SHA-512 authentication mechanism requires a username and password.
-
Specify the username in the
username
property. -
In the
passwordSecret
property, specify a link to aSecret
containing the password. ThesecretName
property contains the name of theSecret
and thepassword
property contains the name of the key under which the password is stored inside theSecret
.
Do not specify the actual password in the password
field.
An example SASL based SCRAM-SHA-512 client authentication configuration
authentication: type: scram-sha-512 username: my-connect passwordSecret: secretName: my-connect password: password
The type
property is a discriminator that distinguishes the use of the type KafkaClientAuthenticationScramSha512
from KafkaClientAuthenticationTls
, KafkaClientAuthenticationPlain
, KafkaClientAuthenticationOAuth
. It must have the value scram-sha-512
for the type KafkaClientAuthenticationScramSha512
.
Property | Description |
---|---|
passwordSecret |
Reference to the |
type |
Must be |
string | |
username | Username used for the authentication. |
string |
B.79. PasswordSecretSource
schema reference
Used in: KafkaClientAuthenticationPlain
, KafkaClientAuthenticationScramSha512
Property | Description |
---|---|
password | The name of the key in the Secret under which the password is stored. |
string | |
secretName | The name of the Secret containing the password. |
string |
B.80. KafkaClientAuthenticationPlain
schema reference
Used in: KafkaBridgeSpec
, KafkaConnectS2ISpec
, KafkaConnectSpec
, KafkaMirrorMaker2ClusterSpec
, KafkaMirrorMakerConsumerSpec
, KafkaMirrorMakerProducerSpec
To configure SASL-based PLAIN authentication, set the type
property to plain
. SASL PLAIN authentication mechanism requires a username and password.
The SASL PLAIN mechanism will transfer the username and password across the network in cleartext. Only use SASL PLAIN authentication if TLS encryption is enabled.
-
Specify the username in the
username
property. -
In the
passwordSecret
property, specify a link to aSecret
containing the password. ThesecretName
property contains the name of such aSecret
and thepassword
property contains the name of the key under which the password is stored inside theSecret
.
Do not specify the actual password in the password
field.
An example SASL based PLAIN client authentication configuration
authentication: type: plain username: my-connect passwordSecret: secretName: my-connect password: password
The type
property is a discriminator that distinguishes the use of the type KafkaClientAuthenticationPlain
from KafkaClientAuthenticationTls
, KafkaClientAuthenticationScramSha512
, KafkaClientAuthenticationOAuth
. It must have the value plain
for the type KafkaClientAuthenticationPlain
.
Property | Description |
---|---|
passwordSecret |
Reference to the |
type |
Must be |
string | |
username | Username used for the authentication. |
string |
B.81. KafkaClientAuthenticationOAuth
schema reference
Used in: KafkaBridgeSpec
, KafkaConnectS2ISpec
, KafkaConnectSpec
, KafkaMirrorMaker2ClusterSpec
, KafkaMirrorMakerConsumerSpec
, KafkaMirrorMakerProducerSpec
To use OAuth client authentication, set the type
property to the value oauth
. OAuth authentication can be configured using:
- Client ID and secret
- Client ID and refresh token
- Access token
- TLS
Client ID and secret
You can configure the address of your authorization server in the tokenEndpointUri
property together with the client ID and client secret used in authentication. The OAuth client will connect to the OAuth server, authenticate using the client ID and secret and get an access token which it will use to authenticate with the Kafka broker. In the clientSecret
property, specify a link to a Secret
containing the client secret.
An example of OAuth client authentication using client ID and client secret
authentication: type: oauth tokenEndpointUri: https://sso.myproject.svc:8443/auth/realms/internal/protocol/openid-connect/token clientId: my-client-id clientSecret: secretName: my-client-oauth-secret key: client-secret
Client ID and refresh token
You can configure the address of your OAuth server in the tokenEndpointUri
property together with the OAuth client ID and refresh token. The OAuth client will connect to the OAuth server, authenticate using the client ID and refresh token and get an access token which it will use to authenticate with the Kafka broker. In the refreshToken
property, specify a link to a Secret
containing the refresh token.
An example of OAuth client authentication using client ID and refresh token
authentication: type: oauth tokenEndpointUri: https://sso.myproject.svc:8443/auth/realms/internal/protocol/openid-connect/token clientId: my-client-id refreshToken: secretName: my-refresh-token-secret key: refresh-token
Access token
You can configure the access token used for authentication with the Kafka broker directly. In this case, you do not specify the tokenEndpointUri
. In the accessToken
property, specify a link to a Secret
containing the access token.
An example of OAuth client authentication using only an access token
authentication: type: oauth accessToken: secretName: my-access-token-secret key: access-token
TLS
Accessing the OAuth server using the HTTPS protocol does not require any additional configuration as long as the TLS certificates used by it are signed by a trusted certification authority and its hostname is listed in the certificate.
If your OAuth server is using certificates which are self-signed or are signed by a certification authority which is not trusted, you can configure a list of trusted certificates in the custom resoruce. The tlsTrustedCertificates
property contains a list of secrets with key names under which the certificates are stored. The certificates must be stored in X509 format.
An example of TLS certificates provided
authentication: type: oauth tokenEndpointUri: https://sso.myproject.svc:8443/auth/realms/internal/protocol/openid-connect/token clientId: my-client-id refreshToken: secretName: my-refresh-token-secret key: refresh-token tlsTrustedCertificates: - secretName: oauth-server-ca certificate: tls.crt
The OAuth client will by default verify that the hostname of your OAuth server matches either the certificate subject or one of the alternative DNS names. If it is not required, you can disable the hostname verification.
An example of disabled TLS hostname verification
authentication: type: oauth tokenEndpointUri: https://sso.myproject.svc:8443/auth/realms/internal/protocol/openid-connect/token clientId: my-client-id refreshToken: secretName: my-refresh-token-secret key: refresh-token disableTlsHostnameVerification: true
The type
property is a discriminator that distinguishes the use of the type KafkaClientAuthenticationOAuth
from KafkaClientAuthenticationTls
, KafkaClientAuthenticationScramSha512
, KafkaClientAuthenticationPlain
. It must have the value oauth
for the type KafkaClientAuthenticationOAuth
.
Property | Description |
---|---|
accessToken | Link to OpenShift Secret containing the access token which was obtained from the authorization server. |
accessTokenIsJwt |
Configure whether access token should be treated as JWT. This should be set to |
boolean | |
clientId | OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. |
string | |
clientSecret | Link to OpenShift Secret containing the OAuth client secret which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI. |
disableTlsHostnameVerification |
Enable or disable TLS hostname verification. Default value is |
boolean | |
maxTokenExpirySeconds | Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens. |
integer | |
refreshToken | Link to OpenShift Secret containing the refresh token which can be used to obtain access token from the authorization server. |
scope |
OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default |
string | |
tlsTrustedCertificates | Trusted certificates for TLS connection to the OAuth server. |
| |
tokenEndpointUri | Authorization server token endpoint URI. |
string | |
type |
Must be |
string |
B.82. JaegerTracing
schema reference
Used in: KafkaBridgeSpec
, KafkaConnectS2ISpec
, KafkaConnectSpec
, KafkaMirrorMaker2Spec
, KafkaMirrorMakerSpec
The type
property is a discriminator that distinguishes the use of the type JaegerTracing
from other subtypes which may be added in the future. It must have the value jaeger
for the type JaegerTracing
.
Property | Description |
---|---|
type |
Must be |
string |
B.83. KafkaConnectTemplate
schema reference
Used in: KafkaConnectS2ISpec
, KafkaConnectSpec
, KafkaMirrorMaker2Spec
Property | Description |
---|---|
deployment |
Template for Kafka Connect |
pod |
Template for Kafka Connect |
apiService |
Template for Kafka Connect API |
connectContainer | Template for the Kafka Connect container. |
podDisruptionBudget |
Template for Kafka Connect |
B.84. ExternalConfiguration
schema reference
Used in: KafkaConnectS2ISpec
, KafkaConnectSpec
, KafkaMirrorMaker2Spec
Property | Description |
---|---|
env | Allows to pass data from Secret or ConfigMap to the Kafka Connect pods as environment variables. |
| |
volumes | Allows to pass data from Secret or ConfigMap to the Kafka Connect pods as volumes. |
B.85. ExternalConfigurationEnv
schema reference
Used in: ExternalConfiguration
Property | Description |
---|---|
name |
Name of the environment variable which will be passed to the Kafka Connect pods. The name of the environment variable cannot start with |
string | |
valueFrom | Value of the environment variable which will be passed to the Kafka Connect pods. It can be passed either as a reference to Secret or ConfigMap field. The field has to specify exactly one Secret or ConfigMap. |
B.86. ExternalConfigurationEnvVarSource
schema reference
Used in: ExternalConfigurationEnv
Property | Description |
---|---|
configMapKeyRef | Refernce to a key in a ConfigMap. See external documentation of core/v1 configmapkeyselector. |
secretKeyRef | Reference to a key in a Secret. See external documentation of core/v1 secretkeyselector. |
B.87. ExternalConfigurationVolumeSource
schema reference
Used in: ExternalConfiguration
Property | Description |
---|---|
configMap | Reference to a key in a ConfigMap. Exactly one Secret or ConfigMap has to be specified. See external documentation of core/v1 configmapvolumesource. |
name | Name of the volume which will be added to the Kafka Connect pods. |
string | |
secret | Reference to a key in a Secret. Exactly one Secret or ConfigMap has to be specified. See external documentation of core/v1 secretvolumesource. |
B.88. KafkaConnectStatus
schema reference
Used in: KafkaConnect
Property | Description |
---|---|
conditions | List of status conditions. |
| |
observedGeneration | The generation of the CRD that was last reconciled by the operator. |
integer | |
url | The URL of the REST API endpoint for managing and monitoring Kafka Connect connectors. |
string | |
connectorPlugins | The list of connector plugins available in this Kafka Connect deployment. |
| |
podSelector | Label selector for pods providing this resource. See external documentation of meta/v1 labelselector. |
replicas | The current number of pods being used to provide this resource. |
integer |
B.89. ConnectorPlugin
schema reference
Used in: KafkaConnectS2IStatus
, KafkaConnectStatus
, KafkaMirrorMaker2Status
Property | Description |
---|---|
type |
The type of the connector plugin. The available types are |
string | |
version | The version of the connector plugin. |
string | |
class | The class of the connector plugin. |
string |
B.90. KafkaConnectS2I
schema reference
Property | Description |
---|---|
spec | The specification of the Kafka Connect Source-to-Image (S2I) cluster. |
status | The status of the Kafka Connect Source-to-Image (S2I) cluster. |
B.91. KafkaConnectS2ISpec
schema reference
Used in: KafkaConnectS2I
Property | Description |
---|---|
replicas | The number of pods in the Kafka Connect group. |
integer | |
image | The docker image for the pods. |
string | |
buildResources | CPU and memory resources to reserve. See external documentation of core/v1 resourcerequirements. |
livenessProbe | Pod liveness checking. |
readinessProbe | Pod readiness checking. |
jvmOptions | JVM Options for pods. |
affinity |
The property |
logging |
Logging configuration for Kafka Connect. The type depends on the value of the |
metrics | The Prometheus JMX Exporter configuration. See https://github.com/prometheus/jmx_exporter for details of the structure of this configuration. |
map | |
template |
Template for Kafka Connect and Kafka Connect S2I resources. The template allows users to specify how the |
authentication |
Authentication configuration for Kafka Connect. The type depends on the value of the |
| |
bootstrapServers | Bootstrap servers to connect to. This should be given as a comma separated list of <hostname>:<port> pairs. |
string | |
config | The Kafka Connect configuration. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). |
map | |
externalConfiguration | Pass data from Secrets or ConfigMaps to the Kafka Connect pods and use them to configure connectors. |
insecureSourceRepository | When true this configures the source repository with the 'Local' reference policy and an import policy that accepts insecure source tags. |
boolean | |
resources | The maximum limits for CPU and memory resources and the requested initial resources. See external documentation of core/v1 resourcerequirements. |
tls | TLS configuration. |
tolerations |
The property |
Toleration array | |
tracing |
The configuration of tracing in Kafka Connect. The type depends on the value of the |
version | The Kafka Connect version. Defaults to 2.5.0. Consult the user documentation to understand the process required to upgrade or downgrade the version. |
string |
B.92. KafkaConnectS2IStatus
schema reference
Used in: KafkaConnectS2I
Property | Description |
---|---|
conditions | List of status conditions. |
| |
observedGeneration | The generation of the CRD that was last reconciled by the operator. |
integer | |
url | The URL of the REST API endpoint for managing and monitoring Kafka Connect connectors. |
string | |
connectorPlugins | The list of connector plugins available in this Kafka Connect deployment. |
| |
buildConfigName | The name of the build configuration. |
string | |
podSelector | Label selector for pods providing this resource. See external documentation of meta/v1 labelselector. |
replicas | The current number of pods being used to provide this resource. |
integer |
B.93. KafkaTopic
schema reference
Property | Description |
---|---|
spec | The specification of the topic. |
status | The status of the topic. |
B.94. KafkaTopicSpec
schema reference
Used in: KafkaTopic
Property | Description |
---|---|
partitions | The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. |
integer | |
replicas | The number of replicas the topic should have. |
integer | |
config | The topic configuration. |
map | |
topicName | The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid OpenShift resource name. |
string |
B.95. KafkaTopicStatus
schema reference
Used in: KafkaTopic
Property | Description |
---|---|
conditions | List of status conditions. |
| |
observedGeneration | The generation of the CRD that was last reconciled by the operator. |
integer |
B.96. KafkaUser
schema reference
Property | Description |
---|---|
spec | The specification of the user. |
status | The status of the Kafka User. |
B.97. KafkaUserSpec
schema reference
Used in: KafkaUser
Property | Description |
---|---|
authentication |
Authentication mechanism enabled for this Kafka user. The type depends on the value of the |
| |
authorization |
Authorization rules for this Kafka user. The type depends on the value of the |
quotas | Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced.Kafka documentation for Kafka User quotas can be found at http://kafka.apache.org/documentation/#design_quotas. |
B.98. KafkaUserTlsClientAuthentication
schema reference
Used in: KafkaUserSpec
The type
property is a discriminator that distinguishes the use of the type KafkaUserTlsClientAuthentication
from KafkaUserScramSha512ClientAuthentication
. It must have the value tls
for the type KafkaUserTlsClientAuthentication
.
Property | Description |
---|---|
type |
Must be |
string |
B.99. KafkaUserScramSha512ClientAuthentication
schema reference
Used in: KafkaUserSpec
The type
property is a discriminator that distinguishes the use of the type KafkaUserScramSha512ClientAuthentication
from KafkaUserTlsClientAuthentication
. It must have the value scram-sha-512
for the type KafkaUserScramSha512ClientAuthentication
.
Property | Description |
---|---|
type |
Must be |
string |
B.100. KafkaUserAuthorizationSimple
schema reference
Used in: KafkaUserSpec
The type
property is a discriminator that distinguishes the use of the type KafkaUserAuthorizationSimple
from other subtypes which may be added in the future. It must have the value simple
for the type KafkaUserAuthorizationSimple
.
Property | Description |
---|---|
type |
Must be |
string | |
acls | List of ACL rules which should be applied to this user. |
|
B.101. AclRule
schema reference
Used in: KafkaUserAuthorizationSimple
Property | Description |
---|---|
host | The host from which the action described in the ACL rule is allowed or denied. |
string | |
operation | Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. |
string (one of [Read, Write, Delete, Alter, Describe, All, IdempotentWrite, ClusterAction, Create, AlterConfigs, DescribeConfigs]) | |
resource |
Indicates the resource for which given ACL rule applies. The type depends on the value of the |
| |
type |
The type of the rule. Currently the only supported type is |
string (one of [allow, deny]) |
B.102. AclRuleTopicResource
schema reference
Used in: AclRule
The type
property is a discriminator that distinguishes the use of the type AclRuleTopicResource
from AclRuleGroupResource
, AclRuleClusterResource
, AclRuleTransactionalIdResource
. It must have the value topic
for the type AclRuleTopicResource
.
Property | Description |
---|---|
type |
Must be |
string | |
name |
Name of resource for which given ACL rule applies. Can be combined with |
string | |
patternType |
Describes the pattern used in the resource field. The supported types are |
string (one of [prefix, literal]) |
B.103. AclRuleGroupResource
schema reference
Used in: AclRule
The type
property is a discriminator that distinguishes the use of the type AclRuleGroupResource
from AclRuleTopicResource
, AclRuleClusterResource
, AclRuleTransactionalIdResource
. It must have the value group
for the type AclRuleGroupResource
.
Property | Description |
---|---|
type |
Must be |
string | |
name |
Name of resource for which given ACL rule applies. Can be combined with |
string | |
patternType |
Describes the pattern used in the resource field. The supported types are |
string (one of [prefix, literal]) |
B.104. AclRuleClusterResource
schema reference
Used in: AclRule
The type
property is a discriminator that distinguishes the use of the type AclRuleClusterResource
from AclRuleTopicResource
, AclRuleGroupResource
, AclRuleTransactionalIdResource
. It must have the value cluster
for the type AclRuleClusterResource
.
Property | Description |
---|---|
type |
Must be |
string |
B.105. AclRuleTransactionalIdResource
schema reference
Used in: AclRule
The type
property is a discriminator that distinguishes the use of the type AclRuleTransactionalIdResource
from AclRuleTopicResource
, AclRuleGroupResource
, AclRuleClusterResource
. It must have the value transactionalId
for the type AclRuleTransactionalIdResource
.
Property | Description |
---|---|
type |
Must be |
string | |
name |
Name of resource for which given ACL rule applies. Can be combined with |
string | |
patternType |
Describes the pattern used in the resource field. The supported types are |
string (one of [prefix, literal]) |
B.106. KafkaUserQuotas
schema reference
Used in: KafkaUserSpec
Kafka allows a user to enforce certain quotas to control usage of resources by clients. Quotas split into two categories:
- Network usage quotas, which are defined as the byte rate threshold for each group of clients sharing a quota
- CPU utilization quotas, which are defined as the percentage of time a client can utilize on request handler I/O threads and network threads of each broker within a quota window
Using quotas for Kafka clients might be useful in a number of situations. Consider a wrongly configured Kafka producer which is sending requests at too high a rate. Such misconfiguration can cause a denial of service to other clients, so the problematic client ought to be blocked. By using a network limiting quota, it is possible to prevent this situation from significantly impacting other clients.
AMQ Streams supports user-level quotas, but not client-level quotas.
An example Kafka user quotas
spec: quotas: producerByteRate: 1048576 consumerByteRate: 2097152 requestPercentage: 55
For more info about Kafka user quotas visit Apache Kafka documentation.
Property | Description |
---|---|
consumerByteRate | A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis. |
integer | |
producerByteRate | A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis. |
integer | |
requestPercentage | A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads. |
integer |
B.107. KafkaUserStatus
schema reference
Used in: KafkaUser
Property | Description |
---|---|
conditions | List of status conditions. |
| |
observedGeneration | The generation of the CRD that was last reconciled by the operator. |
integer | |
username | Username. |
string | |
secret |
The name of |
string |
B.108. KafkaMirrorMaker
schema reference
Property | Description |
---|---|
spec | The specification of Kafka MirrorMaker. |
status | The status of Kafka MirrorMaker. |
B.109. KafkaMirrorMakerSpec
schema reference
Used in: KafkaMirrorMaker
Property | Description |
---|---|
replicas |
The number of pods in the |
integer | |
image | The docker image for the pods. |
string | |
whitelist |
List of topics which are included for mirroring. This option allows any regular expression using Java-style regular expressions. Mirroring two topics named A and B is achieved by using the whitelist |
string | |
consumer | Configuration of source cluster. |
producer | Configuration of target cluster. |
resources | CPU and memory resources to reserve. See external documentation of core/v1 resourcerequirements. |
affinity |
The property |
tolerations |
The property |
Toleration array | |
jvmOptions | JVM Options for pods. |
logging |
Logging configuration for MirrorMaker. The type depends on the value of the |
metrics | The Prometheus JMX Exporter configuration. See JMX Exporter documentation for details of the structure of this configuration. |
map | |
tracing |
The configuration of tracing in Kafka MirrorMaker. The type depends on the value of the |
template |
Template to specify how Kafka MirrorMaker resources, |
livenessProbe | Pod liveness checking. |
readinessProbe | Pod readiness checking. |
version | The Kafka MirrorMaker version. Defaults to 2.5.0. Consult the documentation to understand the process required to upgrade or downgrade the version. |
string |
B.110. KafkaMirrorMakerConsumerSpec
schema reference
Used in: KafkaMirrorMakerSpec
Use the three allowed ssl
configuration options to run external listeners with a specific cipher suite for a TLS version. A cipher suite combines algorithms for secure connection and data transfer.
Example SSL configuration
spec: consumer: config: ssl.cipher.suites: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" 1 ssl.enabled.protocols: "TLSv1.2" 2 ssl.protocol: "TLSv1.2" 3
- 1
- The cipher suite for TLS using a combination of
ECDHE
key exchange mechanism,RSA
authentication algorithm,AES
bulk encyption algorithm andSHA384
MAC algorithm. - 2
- The SSl protocol
TLSv1.2
is enabled. - 3
- Specifies the
TLSv1.2
protocol to generate the SSL context. Allowed values areTLSv1.1
andTLSv1.2
.
Property | Description |
---|---|
numStreams | Specifies the number of consumer stream threads to create. |
integer | |
offsetCommitInterval | Specifies the offset auto-commit interval in ms. Default value is 60000. |
integer | |
groupId | A unique string that identifies the consumer group this consumer belongs to. |
string | |
bootstrapServers | A list of host:port pairs for establishing the initial connection to the Kafka cluster. |
string | |
authentication |
Authentication configuration for connecting to the cluster. The type depends on the value of the |
| |
config | The MirrorMaker consumer config. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, group.id, sasl., security., interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). |
map | |
tls | TLS configuration for connecting MirrorMaker to the cluster. |
B.111. KafkaMirrorMakerTls
schema reference
Used in: KafkaMirrorMakerConsumerSpec
, KafkaMirrorMakerProducerSpec
Use the tls
property to configure TLS encryption. Provide a list of secrets with key names under which the certificates are stored in X.509 format.
An example TLS encryption configuration
tls: trustedCertificates: - secretName: my-cluster-cluster-ca-cert certificate: ca.crt
Property | Description |
---|---|
trustedCertificates | Trusted certificates for TLS connection. |
|
B.112. KafkaMirrorMakerProducerSpec
schema reference
Used in: KafkaMirrorMakerSpec
Use the three allowed ssl
configuration options to run external listeners with a specific cipher suite for a TLS version. A cipher suite combines algorithms for secure connection and data transfer.
Example SSL configuration
spec: producer: config: ssl.cipher.suites: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" 1 ssl.enabled.protocols: "TLSv1.2" 2 ssl.protocol: "TLSv1.2" 3
- 1
- The cipher suite for TLS using a combination of
ECDHE
key exchange mechanism,RSA
authentication algorithm,AES
bulk encyption algorithm andSHA384
MAC algorithm. - 2
- The SSl protocol
TLSv1.2
is enabled. - 3
- Specifies the
TLSv1.2
protocol to generate the SSL context. Allowed values areTLSv1.1
andTLSv1.2
.
Property | Description |
---|---|
bootstrapServers | A list of host:port pairs for establishing the initial connection to the Kafka cluster. |
string | |
abortOnSendFailure |
Flag to set the MirrorMaker to exit on a failed send. Default value is |
boolean | |
authentication |
Authentication configuration for connecting to the cluster. The type depends on the value of the |
| |
config | The MirrorMaker producer config. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, sasl., security., interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). |
map | |
tls | TLS configuration for connecting MirrorMaker to the cluster. |
B.113. KafkaMirrorMakerTemplate
schema reference
Used in: KafkaMirrorMakerSpec
Property | Description |
---|---|
deployment |
Template for Kafka MirrorMaker |
pod |
Template for Kafka MirrorMaker |
mirrorMakerContainer | Template for Kafka MirrorMaker container. |
podDisruptionBudget |
Template for Kafka MirrorMaker |
B.114. KafkaMirrorMakerStatus
schema reference
Used in: KafkaMirrorMaker
Property | Description |
---|---|
conditions | List of status conditions. |
| |
observedGeneration | The generation of the CRD that was last reconciled by the operator. |
integer | |
podSelector | Label selector for pods providing this resource. See external documentation of meta/v1 labelselector. |
replicas | The current number of pods being used to provide this resource. |
integer |
B.115. KafkaBridge
schema reference
Property | Description |
---|---|
spec | The specification of the Kafka Bridge. |
status | The status of the Kafka Bridge. |
B.116. KafkaBridgeSpec
schema reference
Used in: KafkaBridge
Property | Description |
---|---|
replicas |
The number of pods in the |
integer | |
image | The docker image for the pods. |
string | |
bootstrapServers | A list of host:port pairs for establishing the initial connection to the Kafka cluster. |
string | |
tls | TLS configuration for connecting Kafka Bridge to the cluster. |
authentication |
Authentication configuration for connecting to the cluster. The type depends on the value of the |
| |
http | The HTTP related configuration. |
consumer | Kafka consumer related configuration. |
producer | Kafka producer related configuration. |
resources | CPU and memory resources to reserve. See external documentation of core/v1 resourcerequirements. |
jvmOptions | Currently not supported JVM Options for pods. |
logging |
Logging configuration for Kafka Bridge. The type depends on the value of the |
metrics | Currently not supported The Prometheus JMX Exporter configuration. See JMX Exporter documentation for details of the structure of this configuration. |
map | |
livenessProbe | Pod liveness checking. |
readinessProbe | Pod readiness checking. |
template |
Template for Kafka Bridge resources. The template allows users to specify how is the |
tracing |
The configuration of tracing in Kafka Bridge. The type depends on the value of the |
B.117. KafkaBridgeTls
schema reference
Used in: KafkaBridgeSpec
Property | Description |
---|---|
trustedCertificates | Trusted certificates for TLS connection. |
|
B.118. KafkaBridgeHttpConfig
schema reference
Used in: KafkaBridgeSpec
Property | Description |
---|---|
port | The port which is the server listening on. |
integer | |
cors | CORS configuration for the HTTP Bridge. |
B.119. KafkaBridgeHttpCors
schema reference
Used in: KafkaBridgeHttpConfig
Property | Description |
---|---|
allowedOrigins | List of allowed origins. Java regular expressions can be used. |
string array | |
allowedMethods | List of allowed HTTP methods. |
string array |
B.120. KafkaBridgeConsumerSpec
schema reference
Used in: KafkaBridgeSpec
Property | Description |
---|---|
config | The Kafka consumer configuration used for consumer instances created by the bridge. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, group.id, sasl., security. (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). |
map |
B.121. KafkaBridgeProducerSpec
schema reference
Used in: KafkaBridgeSpec
Property | Description |
---|---|
config | The Kafka producer configuration used for producer instances created by the bridge. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, sasl., security. (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). |
map |
B.122. KafkaBridgeTemplate
schema reference
Used in: KafkaBridgeSpec
Property | Description |
---|---|
deployment |
Template for Kafka Bridge |
pod |
Template for Kafka Bridge |
apiService |
Template for Kafka Bridge API |
bridgeContainer | Template for the Kafka Bridge container. |
podDisruptionBudget |
Template for Kafka Bridge |
B.123. KafkaBridgeStatus
schema reference
Used in: KafkaBridge
Property | Description |
---|---|
conditions | List of status conditions. |
| |
observedGeneration | The generation of the CRD that was last reconciled by the operator. |
integer | |
url | The URL at which external client applications can access the Kafka Bridge. |
string | |
podSelector | Label selector for pods providing this resource. See external documentation of meta/v1 labelselector. |
replicas | The current number of pods being used to provide this resource. |
integer |
B.124. KafkaConnector
schema reference
Property | Description |
---|---|
spec | The specification of the Kafka Connector. |
status | The status of the Kafka Connector. |
B.125. KafkaConnectorSpec
schema reference
Used in: KafkaConnector
Property | Description |
---|---|
class | The Class for the Kafka Connector. |
string | |
tasksMax | The maximum number of tasks for the Kafka Connector. |
integer | |
config | The Kafka Connector configuration. The following properties cannot be set: connector.class, tasks.max. |
map | |
pause | Whether the connector should be paused. Defaults to false. |
boolean |
B.126. KafkaConnectorStatus
schema reference
Used in: KafkaConnector
Property | Description |
---|---|
conditions | List of status conditions. |
| |
observedGeneration | The generation of the CRD that was last reconciled by the operator. |
integer | |
connectorStatus | The connector status, as reported by the Kafka Connect REST API. |
map | |
tasksMax | The maximum number of tasks for the Kafka Connector. |
integer |
B.127. KafkaMirrorMaker2
schema reference
Property | Description |
---|---|
spec | The specification of the Kafka MirrorMaker 2.0 cluster. |
status | The status of the Kafka MirrorMaker 2.0 cluster. |
B.128. KafkaMirrorMaker2Spec
schema reference
Used in: KafkaMirrorMaker2
Property | Description |
---|---|
replicas | The number of pods in the Kafka Connect group. |
integer | |
version | The Kafka Connect version. Defaults to 2.5.0. Consult the user documentation to understand the process required to upgrade or downgrade the version. |
string | |
image | The docker image for the pods. |
string | |
connectCluster |
The cluster alias used for Kafka Connect. The alias must match a cluster in the list at |
string | |
clusters | Kafka clusters for mirroring. |
mirrors | Configuration of the MirrorMaker 2.0 connectors. |
resources | The maximum limits for CPU and memory resources and the requested initial resources. See external documentation of core/v1 resourcerequirements. |
livenessProbe | Pod liveness checking. |
readinessProbe | Pod readiness checking. |
jvmOptions | JVM Options for pods. |
affinity |
The property |
tolerations |
The property |
Toleration array | |
logging |
Logging configuration for Kafka Connect. The type depends on the value of the |
metrics | The Prometheus JMX Exporter configuration. See https://github.com/prometheus/jmx_exporter for details of the structure of this configuration. |
map | |
tracing |
The configuration of tracing in Kafka Connect. The type depends on the value of the |
template |
Template for Kafka Connect and Kafka Connect S2I resources. The template allows users to specify how the |
externalConfiguration | Pass data from Secrets or ConfigMaps to the Kafka Connect pods and use them to configure connectors. |
B.129. KafkaMirrorMaker2ClusterSpec
schema reference
Used in: KafkaMirrorMaker2Spec
Use the three allowed ssl
configuration options to run external listeners with a specific cipher suite for a TLS version. A cipher suite combines algorithms for secure connection and data transfer.
Example SSL configuration
spec: clusters: config: ssl.cipher.suites: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" 1 ssl.enabled.protocols: "TLSv1.2" 2 ssl.protocol: "TLSv1.2" 3
- 1
- The cipher suite for TLS using a combination of
ECDHE
key exchange mechanism,RSA
authentication algorithm,AES
bulk encyption algorithm andSHA384
MAC algorithm. - 2
- The SSl protocol
TLSv1.2
is enabled. - 3
- Specifies the
TLSv1.2
protocol to generate the SSL context. Allowed values areTLSv1.1
andTLSv1.2
.
Property | Description |
---|---|
alias | Alias used to reference the Kafka cluster. |
string | |
bootstrapServers |
A comma-separated list of |
string | |
config | The MirrorMaker 2.0 cluster config. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols). |
map | |
tls | TLS configuration for connecting MirrorMaker 2.0 connectors to a cluster. |
authentication |
Authentication configuration for connecting to the cluster. The type depends on the value of the |
|
B.130. KafkaMirrorMaker2Tls
schema reference
Used in: KafkaMirrorMaker2ClusterSpec
Property | Description |
---|---|
trustedCertificates | Trusted certificates for TLS connection. |
|
B.131. KafkaMirrorMaker2MirrorSpec
schema reference
Used in: KafkaMirrorMaker2Spec
Property | Description |
---|---|
sourceCluster |
The alias of the source cluster used by the Kafka MirrorMaker 2.0 connectors. The alias must match a cluster in the list at |
string | |
targetCluster |
The alias of the target cluster used by the Kafka MirrorMaker 2.0 connectors. The alias must match a cluster in the list at |
string | |
sourceConnector | The specification of the Kafka MirrorMaker 2.0 source connector. |
checkpointConnector | The specification of the Kafka MirrorMaker 2.0 checkpoint connector. |
heartbeatConnector | The specification of the Kafka MirrorMaker 2.0 heartbeat connector. |
topicsPattern | A regular expression matching the topics to be mirrored, for example, "topic1|topic2|topic3". Comma-separated lists are also supported. |
string | |
topicsBlacklistPattern | A regular expression matching the topics to exclude from mirroring. Comma-separated lists are also supported. |
string | |
groupsPattern | A regular expression matching the consumer groups to be mirrored. Comma-separated lists are also supported. |
string | |
groupsBlacklistPattern | A regular expression matching the consumer groups to exclude from mirroring. Comma-separated lists are also supported. |
string |
B.132. KafkaMirrorMaker2ConnectorSpec
schema reference
Used in: KafkaMirrorMaker2MirrorSpec
Property | Description |
---|---|
tasksMax | The maximum number of tasks for the Kafka Connector. |
integer | |
config | The Kafka Connector configuration. The following properties cannot be set: connector.class, tasks.max. |
map | |
pause | Whether the connector should be paused. Defaults to false. |
boolean |
B.133. KafkaMirrorMaker2Status
schema reference
Used in: KafkaMirrorMaker2
Property | Description |
---|---|
conditions | List of status conditions. |
| |
observedGeneration | The generation of the CRD that was last reconciled by the operator. |
integer | |
url | The URL of the REST API endpoint for managing and monitoring Kafka Connect connectors. |
string | |
connectorPlugins | The list of connector plugins available in this Kafka Connect deployment. |
| |
connectors | List of MirrorMaker 2.0 connector statuses, as reported by the Kafka Connect REST API. |
map array | |
podSelector | Label selector for pods providing this resource. See external documentation of meta/v1 labelselector. |
replicas | The current number of pods being used to provide this resource. |
integer |
B.134. KafkaRebalance
schema reference
Property | Description |
---|---|
spec | The specification of the Kafka rebalance. |
status | The status of the Kafka rebalance. |
B.135. KafkaRebalanceSpec
schema reference
Used in: KafkaRebalance
Property | Description |
---|---|
goals | A list of goals, ordered by decreasing priority, to use for generating and executing the rebalance proposal. The supported goals are available at https://github.com/linkedin/cruise-control#goals. If an empty goals list is provided, the goals declared in the default.goals Cruise Control configuration parameter are used. |
string array | |
skipHardGoalCheck | Whether to allow the hard goals specified in the Kafka CR to be skipped in rebalance proposal generation. This can be useful when some of those hard goals are preventing a balance solution being found. Default is false. |
boolean |
B.136. KafkaRebalanceStatus
schema reference
Used in: KafkaRebalance
Property | Description |
---|---|
conditions | List of status conditions. |
| |
observedGeneration | The generation of the CRD that was last reconciled by the operator. |
integer | |
sessionId | The session identifier for requests to Cruise Control pertaining to this KafkaRebalance resource. This is used by the Kafka Rebalance operator to track the status of ongoing rebalancing operations. |
string | |
optimizationResult | A JSON object describing the optimization result. |
map |