Confluent for Kubernetes (CfK) Examples
Simple Broker and Zookeeper
Start the confluent-operator
pod (see the quick start guide for more information):
kubectl create namespace confluent
kubectl config set-context --current --namespace confluent
helm repo add confluentinc https://packages.confluent.io/helm
helm repo update
helm upgrade --install confluent-operator confluentinc/confluent-for-kubernetes
Start Zookeeper and the broker:
cd simple-broker-and-zookeeper
kubectl apply -f zookeeper.yaml
kubectl apply -f broker.yaml
Confirm the pods (kafka-0
and zookeeper-0
) are up:
kubectl get pods
You should see:
NAME READY STATUS RESTARTS AGE
confluent-operator-64c5c5756d-66f4m 1/1 Running 0 101m
kafka-0 0/1 Running 0 6s
zookeeper-0 1/1 Running 0 58s
Sanity check for Zookeeper
To test zookeeper we will ssh into the instance and run zookeeper-shell
:
kubectl --namespace=confluent exec -it zookeeper-0 -- bash
zookeeper-shell localhost:2181
ls /
ls /kafka-confluent/brokers
get /kafka-confluent/controller
You should see evidence of a controller broker:
{"version":1,"brokerid":0,"timestamp":"1653049092079"}
Sanity check for the Kafka broker
kubectl --namespace=confluent exec -it kafka-0 -- bash
kafka-console-producer --bootstrap-server localhost:9092 --topic test
Produce some content and Ctrl+C when done.
Check the test
topic:
kafka-topics --bootstrap-server localhost:9092 --describe --topic test
Consume from the test
topic:
kafka-console-consumer --bootstrap-server localhost:9092 --topic test
Tail the logs on the broker / zookeeper
kubectl logs --follow kafka-0
kubectl logs --follow zookeeper-0
Create the example topic
kubectl apply -f example-topic.yaml
Confirm on the broker that the topic was created
kubectl --namespace=confluent exec -it kafka-0 -- bash
kafka-topics --bootstrap-server localhost:9092 --describe --topic example-topic
You should see:
Topic: example-topic PartitionCount: 4 ReplicationFactor: 1 Configs: min.insync.replicas=1,segment.bytes=1073741824,retention.ms=86400000,message.format.version=2.6-IV0
Topic: example-topic Partition: 0 Leader: 0 Replicas: 0 Isr: 0 Offline:
Topic: example-topic Partition: 1 Leader: 0 Replicas: 0 Isr: 0 Offline:
Topic: example-topic Partition: 2 Leader: 0 Replicas: 0 Isr: 0 Offline:
Topic: example-topic Partition: 3 Leader: 0 Replicas: 0 Isr: 0 Offline:
Adding mTLS
Create the secret from secret.txt
in the single-broker-with-tls-and-zookeeper
directory:
cd single-broker-with-tls-and-zookeeper
kubectl create secret generic credential \
--from-file=my_credentials=secret.txt
Create the CA
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=foo.bar.com"
then:
kubectl create secret tls ca-pair-sslcerts --key="tls.key" --cert="tls.crt"
Or:
cat tls.crt | base64
cat tls.key | base64
And add the output into tls.yaml
and apply to create the secret
Spin up the broker (and Zookeeper if needed):
kubectl apply -f ../simple-broker-and-zookeeper/zookeeper.yaml
kubectl apply -f broker.yaml
Older pieces
kubectl create secret tls ca-pair-sslcerts \
--cert=/path/to/ca.pem \
--key=/path/to/ca-key.pem
kubectl get secret confluent-operator-licensing -o jsonpath='{.data}'
Debugging
kubectl --namespace=confluent exec -it kafka-0 -- bash
more /opt/confluentinc/etc/kafka/kafka.properties
Something failed? Check the Operator!
kubectl logs confluent-operator-64c5c5756d-vwb9s
List recent events in time order
kubectl get events --sort-by=.metadata.creationTimestamp
Nuke Minikube
minikube delete && minikube start --vm-driver kvm2
get rolebindings
kubectl get confluentrolebindings
kubectl api-resources | grep bindings