skewer.yaml

title: Accessing Kafka using Skupper
subtitle: Use public cloud resources to process data from a private Kafka cluster
overview: |
  This example is a simple Kafka application that shows how you can
  use Skupper to access a Kafka cluster at a remote site without
  exposing it to the public internet.

  It contains two services:

  * A Kafka cluster named "cluster1" running in a private data center.
    The cluster has a topic named "topic1".

  * A Kafka client running in the public cloud.  It sends 10 messages
    to "topic1" and then receives them back.

  To set up the Kafka cluster, this example uses the Kubernetes
  operator from the [Strimzi][strimzi] project.  The Kafka client is a
  Java application built using [Quarkus][quarkus].

  The example uses two Kubernetes namespaces, "private" and "public",
  to represent the private data center and public cloud.

  [strimzi]: https://strimzi.io/
  [quarkus]: https://quarkus.io/
sites:
  public:
    title: Public
    platform: kubernetes
    namespace: public
    env:
      KUBECONFIG: ~/.kube/config-public
  private:
    title: Private
    platform: kubernetes
    namespace: private
    env:
      KUBECONFIG: ~/.kube/config-private
steps:
  - standard: install_the_skupper_command_line_tool
  - standard: kubernetes/set_up_your_namespaces
  - title: Deploy the Kafka cluster
    preamble: |
      In Private, use the `kubectl create` and `kubectl apply`
      commands with the listed YAML files to install the operator and
      deploy the cluster and topic.
    commands:
      private:
        - run: kubectl create -f server/strimzi.yaml
          output: |
            customresourcedefinition.apiextensions.k8s.io/kafkas.kafka.strimzi.io created
            rolebinding.rbac.authorization.k8s.io/strimzi-cluster-operator-entity-operator-delegation created
            clusterrolebinding.rbac.authorization.k8s.io/strimzi-cluster-operator created
            rolebinding.rbac.authorization.k8s.io/strimzi-cluster-operator-topic-operator-delegation created
            customresourcedefinition.apiextensions.k8s.io/kafkausers.kafka.strimzi.io created
            customresourcedefinition.apiextensions.k8s.io/kafkarebalances.kafka.strimzi.io created
            deployment.apps/strimzi-cluster-operator created
            customresourcedefinition.apiextensions.k8s.io/kafkamirrormaker2s.kafka.strimzi.io created
            clusterrole.rbac.authorization.k8s.io/strimzi-entity-operator created
            clusterrole.rbac.authorization.k8s.io/strimzi-cluster-operator-global created
            clusterrolebinding.rbac.authorization.k8s.io/strimzi-cluster-operator-kafka-broker-delegation created
            rolebinding.rbac.authorization.k8s.io/strimzi-cluster-operator created
            clusterrole.rbac.authorization.k8s.io/strimzi-cluster-operator-namespaced created
            clusterrole.rbac.authorization.k8s.io/strimzi-topic-operator created
            clusterrolebinding.rbac.authorization.k8s.io/strimzi-cluster-operator-kafka-client-delegation created
            clusterrole.rbac.authorization.k8s.io/strimzi-kafka-client created
            serviceaccount/strimzi-cluster-operator created
            clusterrole.rbac.authorization.k8s.io/strimzi-kafka-broker created
            customresourcedefinition.apiextensions.k8s.io/kafkatopics.kafka.strimzi.io created
            customresourcedefinition.apiextensions.k8s.io/kafkabridges.kafka.strimzi.io created
            customresourcedefinition.apiextensions.k8s.io/kafkaconnectors.kafka.strimzi.io created
            customresourcedefinition.apiextensions.k8s.io/kafkaconnects2is.kafka.strimzi.io created
            customresourcedefinition.apiextensions.k8s.io/kafkaconnects.kafka.strimzi.io created
            customresourcedefinition.apiextensions.k8s.io/kafkamirrormakers.kafka.strimzi.io created
            configmap/strimzi-cluster-operator created
        - run: kubectl apply -f server/cluster1.yaml
          output: |
            kafka.kafka.strimzi.io/cluster1 created
            kafkatopic.kafka.strimzi.io/topic1 created
        - await_resource: kafka/cluster1
        - run: kubectl wait --for condition=ready --timeout 900s kafka/cluster1
          output: |
            kafka.kafka.strimzi.io/cluster1 condition met
    postamble: |
      **Note:**

      By default, the Kafka bootstrap server returns broker addresses
      that include the Kubernetes namespace in their domain name.
      When, as in this example, the Kafka client is running in a
      namespace with a different name from that of the Kafka cluster,
      this prevents the client from resolving the Kafka brokers.

      To make the Kafka brokers reachable, set the `advertisedHost`
      property of each broker to a domain name that the Kafka client
      can resolve at the remote site.  In this example, this is
      achieved with the following listener configuration:

      ~~~ yaml
      spec:
        kafka:
          listeners:
            - name: plain
              port: 9092
              type: internal
              tls: false
              configuration:
                brokers:
                  - broker: 0
                    advertisedHost: cluster1-kafka-0.cluster1-kafka-brokers
      ~~~

      See [Advertised addresses for brokers][advertised-addresses] for
      more information.

      [advertised-addresses]: https://strimzi.io/docs/operators/in-development/configuring.html#property-listener-config-broker-reference
  - standard: kubernetes/create_your_sites
  - standard: kubernetes/link_your_sites
  - title: Expose the Kafka cluster
    preamble: |
      In Private, use `skupper expose` with the `--headless` option to
      expose the Kafka cluster as a headless service on the Skupper
      network.

      Then, in Public, use the `kubectl get service` command to check
      that the `cluster1-kafka-brokers` service appears after a
      moment.
    commands:
      private:
        - await_resource: statefulset/cluster1-kafka
        - run: skupper expose statefulset/cluster1-kafka --headless --port 9092
          output: |
            statefulset cluster1-kafka exposed as cluster1-kafka-brokers
      public:
        - await_resource: service/cluster1-kafka-brokers
        - run: kubectl get service/cluster1-kafka-brokers
          output: |
            NAME                     TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)    AGE
            cluster1-kafka-brokers   ClusterIP   None         <none>        9092/TCP   2s
  - title: Run the client
    preamble: |
      Use the `kubectl run` command to execute the client program in
      Public.
    commands:
      public:
        - await_resource: service/cluster1-kafka-brokers
        - run: kubectl run client --attach --rm --restart Never --image quay.io/skupper/kafka-example-client --env BOOTSTRAP_SERVERS=cluster1-kafka-brokers:9092
          output: |
            [...]
            Received message 1
            Received message 2
            Received message 3
            Received message 4
            Received message 5
            Received message 6
            Received message 7
            Received message 8
            Received message 9
            Received message 10
            Result: OK
            [...]
    postamble: |
      To see the client code, look in the [client directory](client)
      of this project.
  - standard: cleaning_up
    commands:
      private:
        - run: skupper delete
        - run: kubectl delete -f server/cluster1.yaml
        - run: kubectl delete -f server/strimzi.yaml
      public:
        - run: skupper delete