Chapter 2. Managed broker configuration
When you deploy AMQ Streams on OpenShift, you specify broker configuration through the config property of the Kafka custom resource. However, certain broker configuration options are managed directly by AMQ Streams.
As such, if you are using AMQ Streams on OpenShift, you cannot configure the following options:
-
broker.idto specify the ID of the Kafka broker -
log.dirsdirectories for log data -
zookeeper.connectconfiguration to connect Kafka with ZooKeeper -
listenersto expose the Kafka cluster to clients -
authorizationmechanisms to allow or decline actions executed by users -
authenticationmechanisms to prove the identity of users requiring access to Kafka
Broker IDs start from 0 (zero) and correspond to the number of broker replicas. Log directories are mounted to /var/lib/kafka/data/kafka-logIDX based on the spec.kafka.storage configuration in the Kafka custom resource. IDX is the Kafka broker pod index.
For a list of exclusions, see the KafkaClusterSpec schema reference.
These exclusions don’t apply when using AMQ Streams on RHEL. In this case, you need to add these properties in your basic broker configuration to identify your brokers and provide secure access.
Example broker configuration for AMQ Streams on RHEL
# ... broker.id = 1 log.dirs = /var/lib/kafka zookeeper.connect = zoo1.my-domain.com:2181,zoo2.my-domain.com:2181,zoo3.my-domain.com:2181 listeners = internal-1://:9092 authorizer.class.name = kafka.security.auth.SimpleAclAuthorizer ssl.truststore.location = /path/to/truststore.jks ssl.truststore.password = 123456 ssl.client.auth = required # ...
Additional resources