spec

The specification of the Kafka and Zookeeper clusters, and Topic Operator.

KafkaSpec

kafka

Configuration of the Kafka cluster.

KafkaClusterSpec

zookeeper

Configuration of the Zookeeper cluster.

ZookeeperClusterSpec

topicOperator

Configuration of the Topic Operator.

TopicOperatorSpec

entityOperator

Configuration of the Entity Operator.

EntityOperatorSpec

clusterCa

Configuration of the cluster certificate authority.

CertificateAuthority

clientsCa

Configuration of the clients certificate authority.

CertificateAuthority

maintenanceTimeWindows

A list of time windows for the maintenance tasks (that is, certificates renewal). Each time window is defined by a cron expression.

string array

replicas

The number of pods in the cluster.

integer

image

The docker image for the pods.

string

storage

Storage configuration (disk). Cannot be updated. The type depends on the value of the storage.type property within the given object, which must be one of [ephemeral, persistent-claim].

EphemeralStorage, PersistentClaimStorage

listeners

Configures listeners of Kafka brokers.

KafkaListeners

authorization

Authorization configuration for Kafka brokers. The type depends on the value of the authorization.type property within the given object, which must be one of [simple].

KafkaAuthorizationSimple

config

The kafka broker config. Properties with the following prefixes cannot be set: listeners, advertised., broker., listener., host.name, port, inter.broker.listener.name, sasl., ssl., security., password., principal.builder.class, log.dir, zookeeper.connect, zookeeper.set.acl, authorizer., super.user.

map

rack

Configuration of the broker.rack broker config.

Rack

brokerRackInitImage

The image of the init container used for initializing the broker.rack.

string

affinity

Pod affinity rules.See external documentation of core/v1 affinity.

Affinity

tolerations

Pod’s tolerations.See external documentation of core/v1 tolerations.

Toleration array

livenessProbe

Pod liveness checking.

Probe

readinessProbe

Pod readiness checking.

Probe

jvmOptions

JVM Options for pods.

JvmOptions

resources

Resource constraints (limits and requests).

Resources

metrics

The Prometheus JMX Exporter configuration. See https://github.com/prometheus/jmx_exporter for details of the structure of this configuration.

map

logging

Logging configuration for Kafka. The type depends on the value of the logging.type property within the given object, which must be one of [inline, external].

InlineLogging, ExternalLogging

tlsSidecar

TLS sidecar configuration.

TlsSidecar

type

Must be ephemeral.

string

type

Must be persistent-claim.

string

size

When type=persistent-claim, defines the size of the persistent volume claim (i.e 1Gi). Mandatory when type=persistent-claim.

string

selector

Specifies a specific persistent volume to use. It contains a matchLabels field which defines an inner JSON object with key:value representing labels for selecting such a volume.

map

deleteClaim

Specifies if the persistent volume claim has to be deleted when the cluster is un-deployed.

boolean

class

The storage class to use for dynamic volume allocation.

string

plain

Configures plain listener on port 9092.

KafkaListenerPlain

tls

Configures TLS listener on port 9093.

KafkaListenerTls

external

Configures external listener on port 9094. The type depends on the value of the external.type property within the given object, which must be one of [route, loadbalancer, nodeport].

KafkaListenerExternalRoute, KafkaListenerExternalLoadBalancer, KafkaListenerExternalNodePort

authentication

Authentication configuration for this listener. Since this listener does not use TLS transport you cannot configure an authentication with type: tls. The type depends on the value of the authentication.type property within the given object, which must be one of [tls, scram-sha-512].

KafkaListenerAuthenticationTls, KafkaListenerAuthenticationScramSha512

type

Must be tls.

string

type

Must be scram-sha-512.

string

authentication

Authentication configuration for this listener. The type depends on the value of the authentication.type property within the given object, which must be one of [tls, scram-sha-512].

KafkaListenerAuthenticationTls, KafkaListenerAuthenticationScramSha512

type

Must be route.

string

authentication

Authentication configuration for Kafka brokers. The type depends on the value of the authentication.type property within the given object, which must be one of [tls, scram-sha-512].

KafkaListenerAuthenticationTls, KafkaListenerAuthenticationScramSha512

type

Must be loadbalancer.

string

authentication

Authentication configuration for Kafka brokers. The type depends on the value of the authentication.type property within the given object, which must be one of [tls, scram-sha-512].

KafkaListenerAuthenticationTls, KafkaListenerAuthenticationScramSha512

tls

Enables TLS encryption on the listener. By default set to true for enabled TLS encryption.

boolean

type

Must be nodeport.

string

authentication

Authentication configuration for Kafka brokers. The type depends on the value of the authentication.type property within the given object, which must be one of [tls, scram-sha-512].

KafkaListenerAuthenticationTls, KafkaListenerAuthenticationScramSha512

tls

Enables TLS encryption on the listener. By default set to true for enabled TLS encryption.

boolean

type

Must be simple.

string

superUsers

List of super users. Should contain list of user principals which should get unlimited access rights.

string array

topologyKey

A key that matches labels assigned to the OpenShift or Kubernetes cluster nodes. The value of the label is used to set the broker’s broker.rack config.

string

initialDelaySeconds

The initial delay before first the health is first checked.

integer

timeoutSeconds

The timeout for each attempted health check.

integer

-XX

A map of -XX options to the JVM.

map

-Xms

-Xms option to to the JVM.

string

-Xmx

-Xmx option to to the JVM.

string

limits

Resource limits applied at runtime.

CpuMemory

requests

Resource requests applied during pod scheduling.

CpuMemory

cpu

CPU.

string

memory

Memory.

string

type

Must be inline.

string

loggers

A Map from logger name to logger level.

map

type

Must be external.

string

name

The name of the ConfigMap from which to get the logging configuration.

string

image

The docker image for the container.

string

logLevel

The log level for the TLS sidecar.Default value is notice.

string (one of [emerg, debug, crit, err, alert, warning, notice, info])

resources

Resource constraints (limits and requests).

Resources

replicas

The number of pods in the cluster.

integer

image

The docker image for the pods.

string

storage

Storage configuration (disk). Cannot be updated. The type depends on the value of the storage.type property within the given object, which must be one of [ephemeral, persistent-claim].

EphemeralStorage, PersistentClaimStorage

config

The zookeeper broker config. Properties with the following prefixes cannot be set: server., dataDir, dataLogDir, clientPort, authProvider, quorum.auth, requireClientAuthScheme.

map

affinity

Pod affinity rules.See external documentation of core/v1 affinity.

Affinity

tolerations

Pod’s tolerations.See external documentation of core/v1 tolerations.

Toleration array

livenessProbe

Pod liveness checking.

Probe

readinessProbe

Pod readiness checking.

Probe

jvmOptions

JVM Options for pods.

JvmOptions

resources

Resource constraints (limits and requests).

Resources

metrics

The Prometheus JMX Exporter configuration. See https://github.com/prometheus/jmx_exporter for details of the structure of this configuration.

map

logging

Logging configuration for Zookeeper. The type depends on the value of the logging.type property within the given object, which must be one of [inline, external].

InlineLogging, ExternalLogging

tlsSidecar

TLS sidecar configuration.

TlsSidecar

watchedNamespace

The namespace the Topic Operator should watch.

string

image

The image to use for the Topic Operator.

string

reconciliationIntervalSeconds

Interval between periodic reconciliations.

integer

zookeeperSessionTimeoutSeconds

Timeout for the Zookeeper session.

integer

affinity

Pod affinity rules.See external documentation of core/v1 affinity.

Affinity

resources

Resource constraints (limits and requests).

Resources

topicMetadataMaxAttempts

The number of attempts at getting topic metadata.

integer

tlsSidecar

TLS sidecar configuration.

TlsSidecar

logging

Logging configuration. The type depends on the value of the logging.type property within the given object, which must be one of [inline, external].

InlineLogging, ExternalLogging

topicOperator

Configuration of the Topic Operator.

EntityTopicOperatorSpec

userOperator

Configuration of the User Operator.

EntityUserOperatorSpec

affinity

Pod affinity rules.See external documentation of core/v1 affinity.

Affinity

tolerations

Pod’s tolerations.See external documentation of core/v1 tolerations.

Toleration array

tlsSidecar

TLS sidecar configuration.

TlsSidecar

watchedNamespace

The namespace the Topic Operator should watch.

string

image

The image to use for the Topic Operator.

string

reconciliationIntervalSeconds

Interval between periodic reconciliations.

integer

zookeeperSessionTimeoutSeconds

Timeout for the Zookeeper session.

integer

resources

Resource constraints (limits and requests).

Resources

topicMetadataMaxAttempts

The number of attempts at getting topic metadata.

integer

logging

Logging configuration. The type depends on the value of the logging.type property within the given object, which must be one of [inline, external].

InlineLogging, ExternalLogging

watchedNamespace

The namespace the User Operator should watch.

string

image

The image to use for the User Operator.

string

reconciliationIntervalSeconds

Interval between periodic reconciliations.

integer

zookeeperSessionTimeoutSeconds

Timeout for the Zookeeper session.

integer

resources

Resource constraints (limits and requests).

Resources

logging

Logging configuration. The type depends on the value of the logging.type property within the given object, which must be one of [inline, external].

InlineLogging, ExternalLogging

generateCertificateAuthority

If true then Certificate Authority certificates will be generated automatically. Otherwise the user will need to provide a Secret with the CA certificate. Default is true.

boolean

validityDays

The number of days generated certificates should be valid for. Default is 365.

integer

renewalDays

The number of days in the certificate renewal period. This is the number of days before the a certificate expires during which renewal actions may be performed.When generateCertificateAuthority is true, this will cause the generation of a new certificate. When generateCertificateAuthority is true, this will cause extra logging at WARN level about the pending certificate expiry. Default is 30.

integer

spec

The specification of the Kafka Connect deployment.

KafkaConnectSpec

replicas

The number of pods in the Kafka Connect group.

integer

image

The docker image for the pods.

string

livenessProbe

Pod liveness checking.

Probe

readinessProbe

Pod readiness checking.

Probe

jvmOptions

JVM Options for pods.

JvmOptions

affinity

Pod affinity rules.See external documentation of core/v1 affinity.

Affinity

tolerations

Pod’s tolerations.See external documentation of core/v1 tolerations.

Toleration array

logging

Logging configuration for Kafka Connect. The type depends on the value of the logging.type property within the given object, which must be one of [inline, external].

InlineLogging, ExternalLogging

metrics

The Prometheus JMX Exporter configuration. See https://github.com/prometheus/jmx_exporter for details of the structure of this configuration.

map

authentication

Authentication configuration for Kafka Connect. The type depends on the value of the authentication.type property within the given object, which must be one of [tls, scram-sha-512].

KafkaConnectAuthenticationTls, KafkaConnectAuthenticationScramSha512

bootstrapServers

Bootstrap servers to connect to. This should be given as a comma separated list of <hostname>:‍<port> pairs.

string

config

The Kafka Connect configuration. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers.

map

resources

Resource constraints (limits and requests).

Resources

tls

TLS configuration.

KafkaConnectTls

certificateAndKey

Certificate and private key pair for TLS authentication.

CertAndKeySecretSource

type

Must be tls.

string

certificate

The name of the file certificate in the Secret.

string

key

The name of the private key in the Secret.

string

secretName

The name of the Secret containing the certificate.

string

passwordSecret

Password used for the authentication.

PasswordSecretSource

type

Must be scram-sha-512.

string

username

Username used for the authentication.

string

password

The name of the key in the Secret under which the password is stored.

string

secretName

The name of the Secret containing the password.

string

trustedCertificates

Trusted certificates for TLS connection.

CertSecretSource array

certificate

The name of the file certificate in the Secret.

string

secretName

The name of the Secret containing the certificate.

string

spec

The specification of the Kafka Connect deployment.

KafkaConnectS2ISpec

replicas

The number of pods in the Kafka Connect group.

integer

image

The docker image for the pods.

string

livenessProbe

Pod liveness checking.

Probe

readinessProbe

Pod readiness checking.

Probe

jvmOptions

JVM Options for pods.

JvmOptions

affinity

Pod affinity rules.See external documentation of core/v1 affinity.

Affinity

metrics

The Prometheus JMX Exporter configuration. See https://github.com/prometheus/jmx_exporter for details of the structure of this configuration.

map

authentication

Authentication configuration for Kafka Connect. The type depends on the value of the authentication.type property within the given object, which must be one of [tls, scram-sha-512].

KafkaConnectAuthenticationTls, KafkaConnectAuthenticationScramSha512

bootstrapServers

Bootstrap servers to connect to. This should be given as a comma separated list of <hostname>:‍<port> pairs.

string

config

The Kafka Connect configuration. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers.

map

insecureSourceRepository

When true this configures the source repository with the 'Local' reference policy and an import policy that accepts insecure source tags.

boolean

logging

Logging configuration for Kafka Connect. The type depends on the value of the logging.type property within the given object, which must be one of [inline, external].

InlineLogging, ExternalLogging

resources

Resource constraints (limits and requests).

Resources

tls

TLS configuration.

KafkaConnectTls

tolerations

Pod’s tolerations.See external documentation of core/v1 tolerations.

Toleration array

spec

The specification of the topic.

KafkaTopicSpec

partitions

The number of partitions the topic should have. This cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. If unspecified this will default to the broker’s num.partitions config.

integer

replicas

The number of replicas the topic should have. If unspecified this will default to the broker’s default.replication.factor config.

integer

config

The topic configuration.

map

topicName

The name of the topic. When absent this will default to the metadata.name of the topic. It is recommended to not set this unless the topic name is not a valid Kubernetes resource name.

string

spec

The specification of the user.

KafkaUserSpec

authentication

Authentication mechanism enabled for this Kafka user. The type depends on the value of the authentication.type property within the given object, which must be one of [tls, scram-sha-512].

KafkaUserTlsClientAuthentication, KafkaUserScramSha512ClientAuthentication

authorization

Authorization rules for this Kafka user. The type depends on the value of the authorization.type property within the given object, which must be one of [simple].

KafkaUserAuthorizationSimple

type

Must be tls.

string

type

Must be scram-sha-512.

string

type

Must be simple.

string

acls

List of ACL rules which should be applied to this user.

AclRule array

host

The host from which the action described in the ACL rule is allowed or denied.

string

operation

Operation which will be allowed or denied. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All.

string (one of [Read, Write, Delete, Alter, Describe, All, IdempotentWrite, ClusterAction, Create, AlterConfigs, DescribeConfigs])

resource

Indicates the resource for which given ACL rule applies. The type depends on the value of the resource.type property within the given object, which must be one of [topic, group, cluster].

AclRuleTopicResource, AclRuleGroupResource, AclRuleClusterResource

type

The type of the rule.Currently the only supported type is allow.ACL rules with type allow are used to allow user to execute the specified operations. Default value is allow.

string (one of [allow, deny])

type

Must be topic.

string

name

Name of resource for which given ACL rule applies. Can be combined with patternType field to use prefix pattern.

string

patternType

Describes the pattern used in the resource field. The supported types are literal and prefix. With literal pattern type, the resource field will be used as a definition of a full topic name. With prefix pattern type, the resource name will be used only as a prefix. Default value is literal.

string (one of [prefix, literal])

type

Must be group.

string

name

Name of resource for which given ACL rule applies. Can be combined with patternType field to use prefix pattern.

string

patternType

Describes the pattern used in the resource field. The supported types are literal and prefix. With literal pattern type, the resource field will be used as a definition of a full topic name. With prefix pattern type, the resource name will be used only as a prefix. Default value is literal.

string (one of [prefix, literal])

type

Must be cluster.

string

spec

The specification of the mirror maker.

KafkaMirrorMakerSpec

replicas

The number of pods in the Deployment.

integer

image

The docker image for the pods.

string

whitelist

List of topics which are included for mirroring. This option allows any regular expression using Java-style regular expressions.Mirroring two topics named A and B can be achieved by using the whitelist 'A|B'. Or, as a special case, you can mirror all topics using the whitelist '*'. Multiple regular expressions separated by commas can be specified as well.

string

consumer

Configuration of source cluster.

KafkaMirrorMakerConsumerSpec

producer

Configuration of target cluster.

KafkaMirrorMakerProducerSpec

resources

Resource constraints (limits and requests).

Resources

affinity

Pod affinity rules.See external documentation of core/v1 affinity.

Affinity

tolerations

Pod’s tolerations.See external documentation of core/v1 tolerations.

Toleration array

jvmOptions

JVM Options for pods.

JvmOptions

logging

Logging configuration for Mirror Maker. The type depends on the value of the logging.type property within the given object, which must be one of [inline, external].

InlineLogging, ExternalLogging

metrics

The Prometheus JMX Exporter configuration. See JMX Exporter documentation for details of the structure of this configuration.

map

numStreams

Specifies the number of consumer stream threads to create.

integer

groupId

A unique string that identifies the consumer group this consumer belongs to.

string

bootstrapServers

A list of host:port pairs to use for establishing the initial connection to the Kafka cluster.

string

authentication

Authentication configuration for connecting to the cluster. The type depends on the value of the authentication.type property within the given object, which must be one of [tls, scram-sha-512].

KafkaMirrorMakerAuthenticationTls, KafkaMirrorMakerAuthenticationScramSha512

config

The mirror maker consumer config. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, group.id, sasl., security.

map

tls

TLS configuration for connecting to the cluster.

KafkaMirrorMakerTls

certificateAndKey

Reference to the Secret which holds the certificate and private key pair.

CertAndKeySecretSource

type

Must be tls.

string

passwordSecret

Reference to the Secret which holds the password.

PasswordSecretSource

type

Must be scram-sha-512.

string

username

Username used for the authentication.

string

trustedCertificates

Trusted certificates for TLS connection.

CertSecretSource array

bootstrapServers

A list of host:port pairs to use for establishing the initial connection to the Kafka cluster.

string

authentication

Authentication configuration for connecting to the cluster. The type depends on the value of the authentication.type property within the given object, which must be one of [tls, scram-sha-512].

KafkaMirrorMakerAuthenticationTls, KafkaMirrorMakerAuthenticationScramSha512

config

The mirror maker producer config. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, sasl., security.

map

tls

TLS configuration for connecting to the cluster.

KafkaMirrorMakerTls