Test external Kafka access in London

Owned by Andreas Geißler
Last updated: Apr 13, 2023
7 min read

Prerequisites:

  • In London release the Kafka ports are exposed through ingress.

  • Istio and Istio-Ingress is used

  • In the istio-ingress configuration the required ports (9010, 9000,9001, 9002) need to be exposed → see ONAP on ServiceMesh setup guide

  • Helm settings are configured to enable the Ingress exposure of Kafka Interfaces by:

    • global values (global.ingress.enable_all)

      global: ingress: enabled: true # enable all component's Ingress interfaces enable_all: true



    • or local setting in onap-strimzi (ingress.enabled)

      ingress: enabled: true service: - baseaddr: "kafka-bootstrap-api" name: "onap-strimzi-kafka-external-bootstrap" port: 9094 exposedPort: 9010 exposedProtocol: TLS



After the deployment the TCP interfaces are exposed through ingress and can be accessed via the following URLs and ports:

kafka-bootstrap-api.simpledemo.onap.org:9010 kafka-api.simpledemo.onap.org:9000 kafka-api.simpledemo.onap.org:9001 kafka-api.simpledemo.onap.org:9002



Test preparation

Add Kafka User for external Access

  • Login to the cluster control node

  • Create kafka-user.yaml file

tls-user.yaml

  • Apply kafka-user.yaml

Create user

  • List kafka users

Check/List new user

  • List strimzi secrets

List user secrets

  • Get the user password

For each KafkaUser resource with scram-sha-512 auth, there will be a corresponding secret:

Get the user secret

Test the external client access to Kafka



  • Add hostnames to DNS (or /etc/hosts) by using the IP Address of the istio-ingressgateway LB 



  • Install KafkaCat

  • Get the Metadata (use an existing Kafka User, here "external-strimzi-kafka-user") using the sasl.password exported above:

  • Get Metadata (use an existing Kafka User, here "external-strimzi-kafka-user"):

  • Get Topic Data (use an existing Kafka User, here "external-strimzi-kafka-user"):