Chapter 2. Managed broker configuration

When you deploy AMQ Streams on OpenShift, you specify broker configuration through the config property of the Kafka custom resource. However, certain broker configuration options are managed directly by AMQ Streams.

As such, if you are using AMQ Streams on OpenShift, you cannot configure the following options:

  • broker.id to specify the ID of the Kafka broker
  • log.dirs directories for log data
  • zookeeper.connect configuration to connect Kafka with ZooKeeper
  • listeners to expose the Kafka cluster to clients
  • authorization mechanisms to allow or decline actions executed by users
  • authentication mechanisms to prove the identity of users requiring access to Kafka

Broker IDs start from 0 (zero) and correspond to the number of broker replicas. Log directories are mounted to /var/lib/kafka/data/kafka-logIDX based on the spec.kafka.storage configuration in the Kafka custom resource. IDX is the Kafka broker pod index.

For a list of exclusions, see the KafkaClusterSpec schema reference.

These exclusions don’t apply when using AMQ Streams on RHEL. In this case, you need to add these properties in your basic broker configuration to identify your brokers and provide secure access.

Example broker configuration for AMQ Streams on RHEL

# ...
broker.id = 1
log.dirs = /var/lib/kafka
zookeeper.connect = zoo1.my-domain.com:2181,zoo2.my-domain.com:2181,zoo3.my-domain.com:2181
listeners = internal-1://:9092
authorizer.class.name = kafka.security.auth.SimpleAclAuthorizer
ssl.truststore.location = /path/to/truststore.jks
ssl.truststore.password = 123456
ssl.client.auth = required
# ...