夜雨聆风
Kafka 4.0 集群部署文档(K8S模式)
一、文档介绍
本文档介绍 K8S 集群中部署 Kafka 4.0 集群过程,包含认证配置。
二、部署说明
-
K8S 版本: 1.30.8 -
Kafka 版本: 4.0.0
三、部署配置
注意:以下配置中,关于namespace和volumeClaimTemplates部分,需要根据实际情况调整。
apiVersion: v1kind: Secretmetadata:name: kafka-kraft-cluster-idnamespace: middlewaretype: OpaquestringData:kraft-cluster-id: "Kafka-Middleware"---apiVersion: v1kind: Secretmetadata:name: kafka-jaasnamespace: middlewaretype: OpaquestringData:kafka_server_jaas.conf: |KafkaServer {org.apache.kafka.common.security.plain.PlainLoginModule requiredusername="admin"password="VGliaFdMNVFrSg"user_admin="VGliaFdMNVFrSg"user_alice="UTFNbWxuN2xTaA";};kafka_client_jaas.conf: |security.protocol=SASL_PLAINTEXTsasl.mechanism=PLAINsasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="alice" password="UTFNbWxuN2xTaA";---apiVersion: v1kind: Servicemetadata:name: kafka-headlessnamespace: middlewarespec:clusterIP: Noneports:- name: tcp-interbrokerport: 9094protocol: TCPtargetPort: interbroker- name: tcp-clientport: 9092protocol: TCPtargetPort: client- name: tcp-controllerprotocol: TCPport: 9093targetPort: controllerselector:app: kafkatype: ClusterIP---apiVersion: v1kind: Servicemetadata:name: kafkanamespace: middlewarespec:ports:- name: tcp-clientport: 9092protocol: TCPtargetPort: clientselector:app: kafkatype: ClusterIP---apiVersion: apps/v1kind: StatefulSetmetadata:namespace: middlewarename: kafkalabels:app.kubernetes.io/version: 4.0.0spec:replicas: 3serviceName: kafka-headlessselector:matchLabels:app: kafkatemplate:metadata:labels:app: kafkaspec:containers:- name: kafkaimage: apache/kafka:4.0.0imagePullPolicy: IfNotPresentcommand:- /bin/shargs:- -ec- |export KAFKA_NODE_ID=${KAFKA_NODE_NAME##*-}exec /__cacert_entrypoint.sh /etc/kafka/docker/runports:- name: controllercontainerPort: 9093- name: clientcontainerPort: 9092- name: interbrokercontainerPort: 9094resources:limits:cpu: 1000mmemory: 2Girequests:cpu: 100mmemory: 1Gienv:- name: KAFKA_NODE_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: CLUSTER_IDvalueFrom:secretKeyRef:name: kafka-kraft-cluster-idkey: kraft-cluster-id- name: KAFKA_PROCESS_ROLESvalue: "controller,broker"- name: KAFKA_CONTROLLER_QUORUM_VOTERSvalue: "0@kafka-0.kafka-headless.middleware.svc.cluster.local:9093,1@kafka-1.kafka-headless.middleware.svc.cluster.local:9093,2@kafka-2.kafka-headless.middleware.svc.cluster.local:9093"- name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAPvalue: "CLIENT:SASL_PLAINTEXT,INTERNAL:SASL_PLAINTEXT,CONTROLLER:PLAINTEXT"- name: KAFKA_CONTROLLER_LISTENER_NAMESvalue: "CONTROLLER"- name: KAFKA_INTER_BROKER_LISTENER_NAMEvalue: "INTERNAL"- name: KAFKA_LISTENERSvalue: "CLIENT://:9092,INTERNAL://:9094,CONTROLLER://:9093"- name: KAFKA_ADVERTISED_LISTENERSvalue: "CLIENT://:9092,INTERNAL://:9094"# SASL- name: KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHMvalue:- name: KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOLvalue: PLAIN- name: KAFKA_SASL_ENABLED_MECHANISMSvalue: PLAIN# Clustering- name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTORvalue: "3"- name: KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTORvalue: "3"- name: KAFKA_TRANSACTION_STATE_LOG_MIN_ISRvalue: "2"- name: KAFKA_DEFAULT_REPLICATION_FACTORvalue: "3"- name: KAFKA_MIN_INSYNC_REPLICASvalue: "2"- name: KAFKA_NUM_PARTITIONSvalue: "3"- name: KAFKA_LOG_DIRSvalue: "/opt/kafka/data"## 禁用自动创建 Topic- name: KAFKA_AUTO_CREATE_TOPICS_ENABLEvalue: "false"- name: KAFKA_OPTSvalue: "-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf"- name: KAFKA_HEAP_OPTSvalue: "-Xmx2G -Xms2G"volumeMounts:- name: kafka-jaas-volumemountPath: /opt/kafka/config/kafka_server_jaas.confsubPath: kafka_server_jaas.confreadOnly: true- name: kafka-jaas-volumemountPath: /opt/kafka/config/kafka_client_jaas.confsubPath: kafka_client_jaas.confreadOnly: truevolumes:- name: kafka-jaas-volumesecret:secretName: kafka-jaasoptional: falsedefaultMode: 0644volumeClaimTemplates:- metadata:name: kafka-dataannotations:volume.beta.kubernetes.io/storage-class: csi-s3spec:accessModes:- ReadWriteOnceresources:requests:storage: 100Gi