KafkaBridge
kafka.strimzi.io / v1
apiVersion: kafka.strimzi.io/v1
kind: KafkaBridge
metadata:
name: example
apiVersion
string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
object
spec object required
The specification of the HTTP Bridge.
adminClient object
Kafka AdminClient related configuration.
config
object
The Kafka AdminClient configuration used for AdminClient instances created by the bridge.
authentication object
Authentication configuration for connecting to the cluster.
certificateAndKey object
Reference to the `Secret` which holds the certificate and private key pair.
certificate
string required
The name of the file certificate in the Secret.
key
string required
The name of the private key in the secret. The private key must be in unencrypted PKCS #8 format. For more information, see RFC 5208: https://datatracker.ietf.org/doc/html/rfc5208.
secretName
string required
The name of the Secret containing the certificate.
config
object
Configuration for the custom authentication mechanism. Only properties with the `sasl.` and `ssl.keystore.` prefixes are allowed. Specify other options in the regular configuration section of the custom resource.
passwordSecret object
Reference to the `Secret` which holds the password.
password
string required
The name of the key in the Secret under which the password is stored.
secretName
string required
The name of the Secret containing the password.
sasl
boolean
Enable or disable SASL on this authentication mechanism.
type
string required
Specifies the authentication type. Supported types are `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, 'oauth', and `custom`. `tls` uses TLS client authentication and is supported only over TLS connections. `scram-sha-256` and `scram-sha-512` use SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 authentication, respectively. `plain` uses SASL PLAIN authentication. `oauth` uses SASL OAUTHBEARER authentication. `custom` allows you to configure a custom authentication mechanism. As of Strimzi 0.49.0, `oauth` type is deprecated and will be removed in the `v1` API version. Please use `custom` type instead.
enum:
tls, scram-sha-256, scram-sha-512, plain, custom
username
string
Username used for the authentication.
bootstrapServers
string required
A list of host:port pairs for establishing the initial connection to the Kafka cluster.
clientRackInitImage
string
The image of the init container used for initializing the `client.rack`.
config
object
Additional configuration for the HTTP bridge. The following prefixes cannot be set: kafka., http., bridge.metrics. The following options cannot be set: bridge.id, bridge.tracing, bridge.metrics.
consumer object
Kafka consumer related configuration.
config
object
The Kafka consumer configuration used for consumer instances created by the bridge. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, group.id, sasl., security. (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols).
enabled
boolean
Whether the HTTP consumer should be enabled or disabled. The default is enabled (`true`).
timeoutSeconds
integer
The timeout in seconds for deleting inactive consumers, default is -1 (disabled).
http object
The HTTP related configuration.
cors object
CORS configuration for the HTTP Bridge.
allowedMethods
[]string required
List of allowed HTTP methods.
allowedOrigins
[]string required
List of allowed origins. Java regular expressions can be used.
port
integer
Port the server listens on.
minimum:
1023tls object
TLS configuration for clients connections to the HTTP Bridge.
certificateAndKey object required
Reference to the `Secret` which holds the certificate and private key pair.
certificate
string required
The name of the file certificate in the Secret.
key
string required
The name of the private key in the secret. The private key must be in unencrypted PKCS #8 format. For more information, see RFC 5208: https://datatracker.ietf.org/doc/html/rfc5208.
secretName
string required
The name of the Secret containing the certificate.
config
object
Additional configuration for the HTTP server TLS. Properties with the following prefixes cannot be set: ssl. (with the exception of: ssl.enabled.cipher.suites, ssl.enabled.protocols).
image
string
The container image used for HTTP Bridge pods. If no image name is explicitly specified, the image name corresponds to the image specified in the Cluster Operator configuration. If an image name is not defined in the Cluster Operator configuration, a default value is used.
jvmOptions object
JVM Options for pods.
-XX
object
A map of -XX options to the JVM.
-Xms
string
-Xms option to to the JVM.
pattern:
^[0-9]+[mMgG]?$
-Xmx
string
-Xmx option to to the JVM.
pattern:
^[0-9]+[mMgG]?$
gcLoggingEnabled
boolean
Specifies whether the Garbage Collection logging is enabled. The default is false.
javaSystemProperties []object
A map of additional system properties which will be passed using the `-D` option to the JVM.
name
string
The system property name.
value
string
The system property value.
livenessProbe object
Pod liveness checking.
failureThreshold
integer
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
minimum:
1
initialDelaySeconds
integer
The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
minimum:
0
periodSeconds
integer
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
minimum:
1
successThreshold
integer
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
minimum:
1
timeoutSeconds
integer
The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
minimum:
1logging object
Logging configuration for HTTP Bridge.
loggers
object
A Map from logger name to logger level.
type
string required
Logging type, must be either 'inline' or 'external'.
enum:
inline, externalvalueFrom object
`ConfigMap` entry where the logging configuration is stored.
configMapKeyRef object
Reference to the key in the ConfigMap containing the configuration.
key
string
name
string
optional
boolean
metricsConfig object
Metrics configuration.
type
string required
Metrics type. The supported types are `jmxPrometheusExporter` and `strimziMetricsReporter`. Type `jmxPrometheusExporter` uses the Prometheus JMX Exporter to expose Kafka JMX metrics in Prometheus format through an HTTP endpoint. Type `strimziMetricsReporter` uses the Strimzi Metrics Reporter to directly expose Kafka metrics in Prometheus format through an HTTP endpoint.
enum:
jmxPrometheusExporter, strimziMetricsReportervalueFrom object
ConfigMap entry where the Prometheus JMX Exporter configuration is stored.
configMapKeyRef object
Reference to the key in the ConfigMap containing the configuration.
key
string
name
string
optional
boolean
values object
Configuration values for the Strimzi Metrics Reporter.
allowList
[]string
A list of regex patterns to filter the metrics to collect. Should contain at least one element.
producer object
Kafka producer related configuration.
config
object
The Kafka producer configuration used for producer instances created by the bridge. Properties with the following prefixes cannot be set: ssl., bootstrap.servers, sasl., security. (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols).
enabled
boolean
Whether the HTTP producer should be enabled or disabled. The default is enabled (`true`).
rack object
Configuration of the node label which will be used as the client.rack consumer configuration.
envVarName
string
The name of the environment variable that defines the rack ID. Its value sets the `broker.rack` configuration for Kafka brokers and the `client.rack` configuration for Kafka Connect or MirrorMaker 2.
topologyKey
string
A key that matches labels assigned to the Kubernetes cluster nodes. The value of the label is used to set a broker's `broker.rack` config, and the `client.rack` config for Kafka Connect or MirrorMaker 2.
type
string
Specifies the rack awareness type. Supported types are `topology-label` and `environment-variable`. `topology-label` uses a Kubernetes worker node label to set the `broker.rack` configuration for Kafka brokers and the `client.rack` configuration for Kafka Connect and MirrorMaker 2. `environment-variable` uses an environment variable to set the `broker.rack` configuration for Kafka brokers and the `client.rack` configuration for Kafka Connect and MirrorMaker 2. When not specified, `topology-label` type is used by default.
enum:
topology-label, environment-variablereadinessProbe object
Pod readiness checking.
failureThreshold
integer
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
minimum:
1
initialDelaySeconds
integer
The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
minimum:
0
periodSeconds
integer
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
minimum:
1
successThreshold
integer
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
minimum:
1
timeoutSeconds
integer
The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
minimum:
1
replicas
integer required
The number of pods in the `Deployment`. Required in the `v1` version of the Strimzi API. Defaults to `1` in the `v1beta2` version of the Strimzi API.
minimum:
0resources object
CPU and memory resources to reserve.
claims []object
name
string
request
string
limits
object
requests
object
template object
Template for HTTP Bridge resources. The template allows users to specify how a `Deployment` and `Pod` is generated.
apiService object
Template for HTTP Bridge API `Service`.
ipFamilies
[]string
Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting.
ipFamilyPolicy
string
Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type.
enum:
SingleStack, PreferDualStack, RequireDualStackmetadata object
Metadata applied to the resource.
annotations
object
Annotations added to the Kubernetes resource.
labels
object
Labels added to the Kubernetes resource.
bridgeContainer object
Template for the HTTP Bridge container.
env []object
Environment variables which should be applied to the container.
name
string
The environment variable key.
value
string
The environment variable value.
valueFrom object
Reference to the secret or config map property to which the environment variable is set.
configMapKeyRef object
Reference to a key in a config map.
key
string
name
string
optional
boolean
secretKeyRef object
Reference to a key in a secret.
key
string
name
string
optional
boolean
securityContext object
Security context for the container.
allowPrivilegeEscalation
boolean
appArmorProfile object
localhostProfile
string
type
string
capabilities object
add
[]string
drop
[]string
privileged
boolean
procMount
string
readOnlyRootFilesystem
boolean
runAsGroup
integer
runAsNonRoot
boolean
runAsUser
integer
seLinuxOptions object
level
string
role
string
type
string
user
string
seccompProfile object
localhostProfile
string
type
string
windowsOptions object
gmsaCredentialSpec
string
gmsaCredentialSpecName
string
hostProcess
boolean
runAsUserName
string
volumeMounts []object
Additional volume mounts which should be applied to the container.
mountPath
string
mountPropagation
string
name
string
readOnly
boolean
recursiveReadOnly
string
subPath
string
subPathExpr
string
clusterRoleBinding object
Template for the HTTP Bridge ClusterRoleBinding.
metadata object
Metadata applied to the resource.
annotations
object
Annotations added to the Kubernetes resource.
labels
object
Labels added to the Kubernetes resource.
deployment object
Template for HTTP Bridge `Deployment`.
deploymentStrategy
string
Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`.
enum:
RollingUpdate, Recreatemetadata object
Metadata applied to the resource.
annotations
object
Annotations added to the Kubernetes resource.
labels
object
Labels added to the Kubernetes resource.
initContainer object
Template for the HTTP Bridge init container.
env []object
Environment variables which should be applied to the container.
name
string
The environment variable key.
value
string
The environment variable value.
valueFrom object
Reference to the secret or config map property to which the environment variable is set.
configMapKeyRef object
Reference to a key in a config map.
key
string
name
string
optional
boolean
secretKeyRef object
Reference to a key in a secret.
key
string
name
string
optional
boolean
securityContext object
Security context for the container.
allowPrivilegeEscalation
boolean
appArmorProfile object
localhostProfile
string
type
string
capabilities object
add
[]string
drop
[]string
privileged
boolean
procMount
string
readOnlyRootFilesystem
boolean
runAsGroup
integer
runAsNonRoot
boolean
runAsUser
integer
seLinuxOptions object
level
string
role
string
type
string
user
string
seccompProfile object
localhostProfile
string
type
string
windowsOptions object
gmsaCredentialSpec
string
gmsaCredentialSpecName
string
hostProcess
boolean
runAsUserName
string
volumeMounts []object
Additional volume mounts which should be applied to the container.
mountPath
string
mountPropagation
string
name
string
readOnly
boolean
recursiveReadOnly
string
subPath
string
subPathExpr
string
pod object
Template for HTTP Bridge `Pods`.
affinity object
The pod's affinity rules.
nodeAffinity object
preferredDuringSchedulingIgnoredDuringExecution []object
preference object
matchExpressions []object
key
string
operator
string
values
[]string
matchFields []object
key
string
operator
string
values
[]string
weight
integer
requiredDuringSchedulingIgnoredDuringExecution object
nodeSelectorTerms []object
matchExpressions []object
key
string
operator
string
values
[]string
matchFields []object
key
string
operator
string
values
[]string
podAffinity object
preferredDuringSchedulingIgnoredDuringExecution []object
podAffinityTerm object
labelSelector object
matchExpressions []object
key
string
operator
string
values
[]string
matchLabels
object
matchLabelKeys
[]string
mismatchLabelKeys
[]string
namespaceSelector object
matchExpressions []object
key
string
operator
string
values
[]string
matchLabels
object
namespaces
[]string
topologyKey
string
weight
integer
requiredDuringSchedulingIgnoredDuringExecution []object
labelSelector object
matchExpressions []object
key
string
operator
string
values
[]string
matchLabels
object
matchLabelKeys
[]string
mismatchLabelKeys
[]string
namespaceSelector object
matchExpressions []object
key
string
operator
string
values
[]string
matchLabels
object
namespaces
[]string
topologyKey
string
podAntiAffinity object
preferredDuringSchedulingIgnoredDuringExecution []object
podAffinityTerm object
labelSelector object
matchExpressions []object
key
string
operator
string
values
[]string
matchLabels
object
matchLabelKeys
[]string
mismatchLabelKeys
[]string
namespaceSelector object
matchExpressions []object
key
string
operator
string
values
[]string
matchLabels
object
namespaces
[]string
topologyKey
string
weight
integer
requiredDuringSchedulingIgnoredDuringExecution []object
labelSelector object
matchExpressions []object
key
string
operator
string
values
[]string
matchLabels
object
matchLabelKeys
[]string
mismatchLabelKeys
[]string
namespaceSelector object
matchExpressions []object
key
string
operator
string
values
[]string
matchLabels
object
namespaces
[]string
topologyKey
string
dnsConfig object
The pod's DNSConfig. If specified, it will be merged to the generated DNS configuration based on the DNSPolicy.
nameservers
[]string
options []object
name
string
value
string
searches
[]string
dnsPolicy
string
The pod's DNSPolicy. Defaults to `ClusterFirst`. Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`.
enum:
ClusterFirst, ClusterFirstWithHostNet, Default, None
enableServiceLinks
boolean
Indicates whether information about services should be injected into Pod's environment variables.
hostAliases []object
The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
hostnames
[]string
ip
string
hostUsers
boolean
Use the host user namespace. Optional. Defaults to `true`. When `true` or not set, the pod runs in the host user namespace. This is required when the pod needs features available only in the host namespace, such as loading kernel modules with `CAP_SYS_MODULE`.When set to `false`, the pod runs in a new user namespace. Setting `false` helps mitigate container breakout vulnerabilities and allows containers to run as `root` without granting `root` privileges on the host. This property is alpha-level in Kubernetes and is supported only by Kubernetes clusters that enable the `UserNamespacesSupport` feature.
imagePullSecrets []object
List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored.
name
string
metadata object
Metadata applied to the resource.
annotations
object
Annotations added to the Kubernetes resource.
labels
object
Labels added to the Kubernetes resource.
priorityClassName
string
The name of the priority class used to assign priority to the pods.
schedulerName
string
The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used.
securityContext object
Configures pod-level security attributes and common container settings.
appArmorProfile object
localhostProfile
string
type
string
fsGroup
integer
fsGroupChangePolicy
string
runAsGroup
integer
runAsNonRoot
boolean
runAsUser
integer
seLinuxChangePolicy
string
seLinuxOptions object
level
string
role
string
type
string
user
string
seccompProfile object
localhostProfile
string
type
string
supplementalGroups
[]integer
supplementalGroupsPolicy
string
sysctls []object
name
string
value
string
windowsOptions object
gmsaCredentialSpec
string
gmsaCredentialSpecName
string
hostProcess
boolean
runAsUserName
string
terminationGracePeriodSeconds
integer
The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds.
minimum:
0
tmpDirSizeLimit
string
Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources.
pattern:
^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$tolerations []object
The pod's tolerations.
effect
string
key
string
operator
string
tolerationSeconds
integer
value
string
topologySpreadConstraints []object
The pod's topology spread constraints.
labelSelector object
matchExpressions []object
key
string
operator
string
values
[]string
matchLabels
object
matchLabelKeys
[]string
maxSkew
integer
minDomains
integer
nodeAffinityPolicy
string
nodeTaintsPolicy
string
topologyKey
string
whenUnsatisfiable
string
volumes []object
Additional volumes that can be mounted to the pod.
configMap object
`ConfigMap` to use to populate the volume.
defaultMode
integer
items []object
key
string
mode
integer
path
string
name
string
optional
boolean
csi object
`CSIVolumeSource` object to use to populate the volume.
driver
string
fsType
string
nodePublishSecretRef object
name
string
readOnly
boolean
volumeAttributes
object
emptyDir object
`EmptyDir` to use to populate the volume.
medium
string
Medium represents the type of storage medium should back this volume. Valid values are unset or `Memory`. When not set, it will use the node's default medium.
enum:
Memory
sizeLimit
string
The total amount of local storage required for this EmptyDir volume (for example 1Gi).
pattern:
^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$image object
`ImageVolumeSource` object to use to populate the volume.
pullPolicy
string
reference
string
name
string
Name to use for the volume. Required.
persistentVolumeClaim object
`PersistentVolumeClaim` object to use to populate the volume.
claimName
string
readOnly
boolean
secret object
`Secret` to use to populate the volume.
defaultMode
integer
items []object
key
string
mode
integer
path
string
optional
boolean
secretName
string
podDisruptionBudget object
Template for HTTP Bridge `PodDisruptionBudget`.
maxUnavailable
integer
Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1.
minimum:
0metadata object
Metadata to apply to the `PodDisruptionBudgetTemplate` resource.
annotations
object
Annotations added to the Kubernetes resource.
labels
object
Labels added to the Kubernetes resource.
serviceAccount object
Template for the HTTP Bridge service account.
metadata object
Metadata applied to the resource.
annotations
object
Annotations added to the Kubernetes resource.
labels
object
Labels added to the Kubernetes resource.
tls object
TLS configuration for connecting HTTP Bridge to the cluster.
trustedCertificates []object
Trusted certificates for TLS connection.
certificate
string
The name of the file certificate in the secret.
pattern
string
Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used.
secretName
string required
The name of the Secret containing the certificate.
tracing object
The configuration of tracing in HTTP Bridge.
type
string required
Type of the tracing used. Currently the only supported type is `opentelemetry` for OpenTelemetry tracing. As of Strimzi 0.37.0, `jaeger` type is not supported anymore and this option is ignored.
enum:
opentelemetrystatus object
The status of the HTTP Bridge.
conditions []object
List of status conditions.
lastTransitionTime
string
Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone.
message
string
Human-readable message indicating details about the condition's last transition.
reason
string
The reason for the condition's last transition (a single word in CamelCase).
status
string
The status of the condition, either True, False or Unknown.
type
string
The unique identifier of a condition, used to distinguish between other conditions in the resource.
labelSelector
string
Label selector for pods providing this resource.
observedGeneration
integer
The generation of the CRD that was last reconciled by the operator.
replicas
integer
The current number of pods being used to provide this resource.
url
string
The URL at which external client applications can access the HTTP Bridge.
No matches. Try .spec.adminClient for an exact path