Apache Kafka - K8s

Channel Revision Published Runs on
latest/stable 5 09 Mar 2022
Ubuntu 20.04
latest/edge 27 25 Apr 2023
Ubuntu 22.04 Ubuntu 20.04
latest/edge 13 21 Oct 2022
Ubuntu 22.04 Ubuntu 20.04
3/stable 56 27 Feb 2024
Ubuntu 22.04
3/candidate 56 27 Feb 2024
Ubuntu 22.04
3/beta 56 27 Feb 2024
Ubuntu 22.04
3/edge 76 11 Dec 2024
Ubuntu 22.04
juju deploy kafka-k8s --channel 3/stable
Show information

Platform:

Apache Kafka listeners

Charmed Apache Kafka comes with a set of listeners that can be enabled to allow for inter- and intra-cluster communication.

  • Internal listeners are used for internal traffic and exchange of information between Apache Kafka brokers
  • Client listeners are used for clients within the Kubernetes cluster,
  • External listeners are used for clients outside the Kubernetes cluster.

Listeners are optionally enabled based on the relations created on particular charm endpoints. Each listener is characterized by a specific port, scope, security protocol and authentication mechanism.

In the following table, we summarize the protocols, the port, and the relation that each listener is bound to. Note that based on whether a certificates relation is present, one of two mutually exclusive types of listeners can be opened.

Security protocol Authentication mechanism Driving endpoints Port Scope Listener name
SASL_PLAINTEXT SCRAM-SHA-512 cluster 19092 INTERNAL INTERNAL_SASL_PLAINTEXT_SCRAM_SHA_512
SASL_SSL SCRAM-SHA-512 cluster + certificates 19093 INTERNAL INTERNAL_SASL_SSL_SCRAM_SHA_512
SASL_PLAINTEXT SCRAM-SHA-512 kafka-client 9092 CLIENT CLIENT_SASL_PLAINTEXT_SCRAM_SHA_512
SASL_SSL SCRAM-SHA-512 kafka-client + certificates 9093 CLIENT CLIENT_SASL_SSL_SCRAM_SHA_512
SSL SSL (trusted-certificate|trusted-ca) + certificates 9094 CLIENT CLIENT_SSL_SSL
SASL_PLAINTEXT OAUTHBEARER kafka-client + oauth 9095 CLIENT CLIENT_SASL_PLAINTEXT_OAUTHBEARER
SASL_SSL OAUTHBEARER kafka-client + oauth + certificates 9096 CLIENT CLIENT_SASL_SSL_OAUTHBEARER
SASL_PLAINTEXT SCRAM-SHA-512 kafka-client 29092 EXTERNAL EXTERNAL_SASL_PLAINTEXT_SCRAM_SHA_512
SASL_SSL SCRAM-SHA-512 kafka-client + certificates 29093 EXTERNAL EXTERNAL_SASL_SSL_SCRAM_SHA_512
SSL SSL (trusted-certificate|trusted-ca) + certificates 29094 EXTERNAL EXTERNAL_SSL_SSL
SASL_PLAINTEXT OAUTHBEARER kafka-client + oauth 29095 EXTERNAL EXTERNAL_SASL_PLAINTEXT_OAUTHBEARER
SASL_SSL OAUTHBEARER kafka-client + oauth + certificates 29096 EXTERNAL EXTERNAL_SASL_SSL_OAUTHBEARER

Since cluster is a peer relation, one of the two INTERNAL_* listeners is always enabled.