Deploying and Upgrading Strimzi

Strimzi uses the Cluster Operator to deploy and manage clusters for:

Custom resources are used to deploy the clusters.

For example, to deploy a Kafka cluster:

The Cluster Operator can also deploy (through configuration of the Kafka resource):

The Topic Operator and User Operator function within the Entity Operator on deployment.

The Topic Operator provides a way of managing topics in a Kafka cluster through Kubernetes resources.

The role of the Topic Operator is to keep a set of KafkaTopic Kubernetes resources describing Kafka topics in-sync with corresponding Kafka topics.

Specifically, if a KafkaTopic is:

Working in the other direction, if a topic is:

This allows you to declare a KafkaTopic as part of your application’s deployment and the Topic Operator will take care of creating the topic for you. Your application just needs to deal with producing or consuming from the necessary topics.

The Topic Operator maintains information about each topic in a topic store, which is continually synchronized with updates from Kafka topics or Kubernetes KafkaTopic custom resources. Updates from operations applied to a local in-memory topic store are persisted to a backup topic store on disk. If a topic is reconfigured or reassigned to other brokers, the KafkaTopic will always be up to date.

The User Operator manages Kafka users for a Kafka cluster by watching for KafkaUser resources that describe Kafka users, and ensuring that they are configured properly in the Kafka cluster.

For example, if a KafkaUser is:

Unlike the Topic Operator, the User Operator does not sync any changes from the Kafka cluster with the Kubernetes resources. Kafka topics can be created by applications directly in Kafka, but it is not expected that the users will be managed directly in the Kafka cluster in parallel with the User Operator.

The User Operator allows you to declare a KafkaUser resource as part of your application’s deployment. You can specify the authentication and authorization mechanism for the user. You can also configure user quotas that control usage of Kafka resources to ensure, for example, that a user does not monopolize access to a broker.

When the user is created, the user credentials are created in a Secret. Your application needs to use the user and its credentials for authentication and to produce or consume messages.

In addition to managing credentials for authentication, the User Operator also manages authorization rules by including a description of the user’s access rights in the KafkaUser declaration.

CRDs require a one-time installation in a cluster to define the schemas used to instantiate and manage Strimzi-specific resources.

After a new custom resource type is added to your cluster by installing a CRD, you can create instances of the resource based on its specification.

Depending on the cluster setup, installation typically requires cluster admin privileges.

A CRD defines a new kind of resource, such as kind:Kafka, within a Kubernetes cluster.

The Kubernetes API server allows custom resources to be created based on the kind and understands from the CRD how to validate and store the custom resource when it is added to the Kubernetes cluster.

Each Strimzi-specific custom resource conforms to the schema defined by the CRD for the resource’s kind. The custom resources for Strimzi components have common configuration properties, which are defined under spec.

To understand the relationship between a CRD and a custom resource, let’s look at a sample of the CRD for a Kafka topic.

Here is a corresponding example of a KafkaTopic custom resource.

Custom resources can be applied to a cluster through the platform CLI. When the custom resource is created, it uses the same validation as the built-in resources of the Kubernetes API.

After a KafkaTopic custom resource is created, the Topic Operator is notified and corresponding Kafka topics are created in Strimzi.

On deployment, the Cluster Operator automatically sets up TLS certificates for data encryption and authentication within your cluster.

Strimzi provides additional configuration options for encryption, authentication and authorization, which are described in the Using Strimzi guide:

Strimzi supports additional deployment options to monitor your deployment.

The Cluster Operator is responsible for deploying and managing Apache Kafka clusters within a Kubernetes cluster.

The procedures in this section show:

Apache Kafka is an open-source distributed publish-subscribe messaging system for fault-tolerant real-time data feeds.

The procedures in this section show:

When installing Kafka, Strimzi also installs a ZooKeeper cluster and adds the necessary configuration to connect Kafka with ZooKeeper.

When deploying a Kafka cluster using the Cluster Operator, you can also deploy the Topic Operator and User Operator. Alternatively, you can perform a standalone deployment.

A standalone deployment means the Topic Operator and User Operator can operate with a Kafka cluster that is not managed by Strimzi.

This procedure shows how to deploy a Kafka Connect cluster to your Kubernetes cluster using the Cluster Operator.

A Kafka Connect cluster is implemented as a Deployment with a configurable number of nodes (also called workers) that distribute the workload of connectors as tasks so that the message flow is highly scalable and reliable.

The deployment uses a YAML file to provide the specification to create a KafkaConnect resource.

In this procedure, we use the example file provided with Strimzi:

For information about configuring the KafkaConnect resource (or the KafkaConnectS2I resource with Source-to-Image (S2I) support), see Kafka Connect cluster configuration in the Using Strimzi guide.

If you are running multiple instances of Kafka Connect, you have to change the default configuration of the following config properties:

Unless you change the default settings, each Kafka Connect instance connecting to the same Kafka cluster is deployed with the same values. What happens, in effect, is all instances are coupled to run in a cluster and use the same topics.

If multiple Kafka Connect clusters try to use the same topics, Kafka Connect will not work as expected and generate errors.

If you wish to run multiple Kafka Connect instances, change the values of these properties for each instance.

The Strimzi container images for Kafka Connect include two built-in file connectors for moving file-based data into and out of your Kafka cluster.

The procedures in this section show how to add your own connector classes to connector images by:

When you have created a container image for your connector plug-in, you need to create a connector instance in your Kafka Connect cluster. You can then configure, monitor, and manage a running connector instance.

A connector is an instance of a particular connector class that knows how to communicate with the relevant external system in terms of messages. Connectors are available for many external systems, or you can create your own.

You can create source and sink types of connector.

Strimzi provides two APIs for creating and managing connectors:

Using the APIs, you can:

Strimzi includes an example KafkaConnector in examples/connect/source-connector.yaml. This creates a basic FileStreamSourceConnector instance that sends each line of the Kafka license file (an example file source) to a single Kafka topic.

This procedure describes how to create:

The connector configuration is defined in the spec.config property of the KafkaConnector resource.

The FileStreamSourceConnector and FileStreamSinkConnector classes support the same configuration options as the Kafka Connect REST API. Other connectors support different configuration options.

This procedure describes how to manually trigger a restart of a Kafka connector by using a Kubernetes annotation.

This procedure describes how to manually trigger a restart of a Kafka connector task by using a Kubernetes annotation.

This procedure shows how to deploy a Kafka MirrorMaker cluster to your Kubernetes cluster using the Cluster Operator.

The deployment uses a YAML file to provide the specification to create a KafkaMirrorMaker or KafkaMirrorMaker2 resource depending on the version of MirrorMaker deployed.

In this procedure, we use the example files provided with Strimzi:

For information about configuring KafkaMirrorMaker or KafkaMirrorMaker2 resources, see Kafka MirrorMaker cluster configuration in the Using Strimzi guide.

This procedure shows how to deploy a Kafka Bridge cluster to your Kubernetes cluster using the Cluster Operator.

The deployment uses a YAML file to provide the specification to create a KafkaBridge resource.

In this procedure, we use the example file provided with Strimzi:

For information about configuring the KafkaBridge resource, see Kafka Bridge cluster configuration in the Using Strimzi guide.

Example Grafana dashboards are provided for monitoring:

All dashboards provide JVM metrics, as well as metrics specific to the component. For example, the Grafana dashboard for Strimzi Operators provides information on the number of reconciliations or custom resources they are processing.

Strimzi uses the Prometheus JMX Exporter to expose JMX metrics using an HTTP endpoint, which is then scraped by the Prometheus server.

Grafana dashboards are dependent on Prometheus JMX Exporter relabeling rules, which are defined for Strimzi components as custom resource configuration.

A label is a name-value pair. Relabeling is the process of writing a label dynamically. For example, the value of a label may be derived from the name of a Kafka server and client ID.

Strimzi provides example custom resource configuration YAML files with relabeling rules. When deploying Prometheus metrics configuration, you can can deploy the example custom resource or copy the metrics configuration to your own custom resource definition.

For more information on the use of relabeling, see Configuration in the Prometheus documentation.

Strimzi provides example custom resource configuration YAML files with relabeling rules.

To apply metrics configuration of relabeling rules, do one of the following:

Prometheus provides an open source set of components for systems monitoring and alert notification.

We describe here how you can use the CoreOS Prometheus Operator to run and manage a Prometheus server that is suitable for use in production environments, but with the correct configuration you can run any Prometheus server.

Prometheus Alertmanager is a plugin for handling alerts and routing them to a notification service. Alertmanager supports an essential aspect of monitoring, which is to be notified of conditions that indicate potential issues based on alerting rules.

Grafana provides visualizations of Prometheus metrics.

You can deploy and enable the example Grafana dashboards provided with Strimzi.

When adding Prometheus and Grafana servers to an Apache Kafka deployment using Minikube, the memory available to the virtual machine should be increased (to 4 GB of RAM, for example, instead of the default 2 GB).

For information on how to increase the default amount of memory, see Installing a local Kubernetes cluster with Minikube

Consumer lag indicates the difference in the rate of production and consumption of messages. Specifically, consumer lag for a given consumer group indicates the delay between the last message in the partition and the message being currently picked up by that consumer.

The lag reflects the position of the consumer offset in relation to the end of the partition log.

This difference is sometimes referred to as the delta between the producer offset and consumer offset: the read and write positions in the Kafka broker topic partitions.

Suppose a topic streams 100 messages a second. A lag of 1000 messages between the producer offset (the topic partition head) and the last offset the consumer has read means a 10-second delay.

For applications that rely on the processing of (near) real-time data, it is critical to monitor consumer lag to check that it does not become too big. The greater the lag becomes, the further the process moves from the real-time processing objective.

Consumer lag, for example, might be a result of consuming too much old data that has not been purged, or through unplanned shutdowns.

Typical actions to reduce lag include:

Actions to reduce consumer lag depend on the underlying infrastructure and the use cases Strimzi is supporting. For instance, a lagging consumer is less likely to benefit from the broker being able to service a fetch request from its disk cache. And in certain cases, it might be acceptable to automatically drop messages until a consumer has caught up.

If you performed the steps to introduce metrics to your deployment, you will already have your Kafka cluster configured to use the alert notification rules that support Kafka Exporter.

The rules for Kafka Exporter are defined in prometheus-rules.yaml, and are deployed with Prometheus. For more information, see Prometheus.

The sample alert notification rules specific to Kafka Exporter are as follows:

Adapt the default configuration of these rules according to your specific needs.

Lag information is exposed by Kafka Exporter as Prometheus metrics for presentation in Grafana.

Kafka Exporter exposes metrics data for brokers, topics and consumer groups. These metrics are displayed on the example strimzi-kafka-exporter dashboard.

The data extracted is described here.

Consumer group metrics are only displayed on the Kafka Exporter dashboard if at least one consumer group has a lag greater than zero.

This procedure shows how to configure Kafka Exporter in the Kafka resource through KafkaExporter properties.

For more information about configuring the Kafka resource, see Kafka cluster configuration in the Using Strimzi guide.

The properties relevant to the Kafka Exporter configuration are shown in this procedure.

You can configure these properties as part of a deployment or redeployment of the Kafka cluster.

After configuring and deploying Kafka Exporter, you can enable Grafana to present the Kafka Exporter dashboards.

KafkaExporterTemplate schema reference.

Strimzi provides example dashboard configuration files for Grafana. The Kafka Exporter dashboard is provided in the examples/metrics directory as a JSON file:

If you deployed Kafka Exporter with your Kafka cluster, you can visualize the metrics data it exposes on the Grafana dashboard.

This procedure assumes you already have access to the Grafana user interface and Prometheus has been added as a data source. If you are accessing the user interface for the first time, see Grafana.

Use the Grafana charts to analyze lag and to check if actions to reduce lag are having an impact on an affected consumer group. If, for example, Kafka brokers are adjusted to reduce lag, the dashboard will show the Lag by consumer group chart going down and the Messages consumed per minute chart going up.

You can enable the Kafka Bridge metrics in the KafkaBridge resource using the enableMetrics property.

You can configure this property as part of a deployment or redeployment of the Kafka Bridge.

For example:

If you deployed Kafka Bridge with your Kafka cluster, you can enable Grafana to present the metrics data it exposes.

A Kafka Bridge dashboard is provided in the examples/metrics directory as a JSON file:

When metrics data has been collected for some time, the Kafka Bridge charts are populated.

Enable Cruise Control metrics using the cruiseControl.metricsConfig property in the Kafka resource to provide a reference to a ConfigMap that contains JMX exporter configuration for the metrics to expose.

For example:

If you deployed Cruise Control with your Kafka cluster with the metrics enabled, you can enable Grafana to present the metrics data it exposes.

A Cruise Control dashboard is provided in the examples/metrics directory as a JSON file:

When metrics data has been collected for some time, the Cruise Control charts are populated.

Kafka’s log message format version and inter-broker protocol version specify, respectively, the log format version appended to messages and the version of the Kafka protocol used in a cluster. To ensure the correct versions are used, the upgrade process involves making configuration changes to existing Kafka brokers and code changes to client applications (consumers and producers).

The following table shows the differences between Kafka versions:

In Kafka, the network protocol used for inter-broker communication is called the inter-broker protocol. Each version of Kafka has a compatible version of the inter-broker protocol. The minor version of the protocol typically increases to match the minor version of Kafka, as shown in the preceding table.

The inter-broker protocol version is set cluster wide in the Kafka resource. To change it, you edit the inter.broker.protocol.version property in Kafka.spec.kafka.config.

When a producer sends a message to a Kafka broker, the message is encoded using a specific format. The format can change between Kafka releases, so messages specify which version of the format they were encoded with. You can configure a Kafka broker to convert messages from newer format versions to a given older format version before the broker appends the message to the log.

In Kafka, there are two different methods for setting the message format version:

The default value of message.format.version for a topic is defined by the log.message.format.version that is set on the Kafka broker. You can manually set the message.format.version of a topic by modifying its topic configuration.

The upgrade tasks in this section assume that the message format version is defined by the log.message.format.version.

The steps to upgrade your Cluster Operator deployment to use Strimzi latest are described in this section.

Follow this procedure if you deployed the Cluster Operator using the installation YAML files rather than OperatorHub.io.

The availability of Kafka clusters managed by the Cluster Operator is not affected by the upgrade operation.

After you have upgraded your Cluster Operator to latest, the next step is to upgrade all Kafka brokers to the latest supported version of Kafka.

Kafka upgrades are performed by the Cluster Operator through rolling updates of the Kafka brokers.

The Cluster Operator initiates rolling updates based on the Kafka cluster configuration.

As part of the Kafka upgrade, the Cluster Operator initiates rolling updates for ZooKeeper.

Strimzi provides a GenericKafkaListener schema for the configuration of Kafka listeners in a Kafka resource.

GenericKafkaListener replaces the KafkaListeners schema, which has been removed from Strimzi.

With the GenericKafkaListener schema, you can configure as many listeners as required, as long as their names and ports are unique. The listeners configuration is defined as an array, but the deprecated format is also supported.

For clients inside the Kubernetes cluster, you can create plain (without encryption) or tls internal listeners.

For clients outside the Kubernetes cluster, you create external listeners and specify a connection mechanism, which can be nodeport, loadbalancer, ingress or route.

The KafkaListeners schema used sub-properties for plain, tls and external listeners, with fixed ports for each. At any stage in the upgrade process, you must convert listeners configured using the KafkaListeners schema into the format of the GenericKafkaListener schema.

For example, if you are currently using the following configuration in your Kafka configuration:

Convert the listeners into the new format using:

Make sure to use the exact names and port numbers shown.

For any additional configuration or overrides properties used with the old format, you need to update them to the new format.

Changes introduced to the listener configuration:

For example, this configuration:

Changes to:

For more information on the configuration options available for each type of listener, see the GenericKafkaListener schema reference.

The right approach to upgrading your client applications (including Kafka Connect connectors) depends on your particular circumstances.

Consuming applications need to receive messages in a message format that they understand. You can ensure that this is the case in one of two ways:

Using broker down-conversion puts extra load on the brokers, so it is not ideal to rely on down-conversion for all topics for a prolonged period of time. For brokers to perform optimally they should not be down converting messages at all.

Broker down-conversion is configured in two ways:

Messages published to a topic in a new-version format will be visible to consumers, because brokers perform down-conversion when they receive messages from producers, not when they are sent to consumers.

There are a number of strategies you can use to upgrade your clients:

Other strategies for upgrading client applications are also possible.

The introduction of v1beta2 updates the schemas of the custom resources. Older API versions are deprecated.

The v1alpha1 API version is deprecated for the following Strimzi custom resources:

The v1beta1 API version is deprecated for the following Strimzi custom resources:

The convert-file command can convert YAML files containing multiple documents. For a multi-document YAML file, all the Strimzi custom resources it contains are converted. Any non-Strimzi Kubernetes resources are replicated unmodified in the converted output file.

After you have converted the YAML file, you must apply the configuration to update the custom resource in the cluster. Alternatively, if the GitOps synchronization mechanism is being used for updates on your cluster, you can use it to apply the changes. The conversion is only complete when the custom resource is updated in the Kubernetes cluster.

Alternatively, you can use the convert-resource procedure to convert custom resources directly.

Use the CLI help for more information on the API conversion tool, and the flags available for the convert-file command:

Use bin/api-conversion.cmd for this procedure if you are using Windows.

You can specify one or more of types of Strimzi custom resources, based on the kind property, or you can convert all types. You can also target a specific namespace or all namespaces for conversion. When targeting a namespace, you can convert all custom resources in that namespace, or convert a single custom resource by specifying its name and kind.

Alternatively, you can use the convert-file procedure to convert and apply the YAML files describing the custom resources.

Use the CLI help for more information on the API conversion tool, and the flags available for the convert-resource command:

Use bin/api-conversion.cmd for this procedure if you are using Windows.

Perform this procedure after converting all Strimzi custom resources in the whole Kubernetes cluster to v1beta2. If you upgrade your CRDs first, and then convert your custom resources, you will need to run this command again.

The command updates spec.versions in the CRDs to declare v1beta2 as the storage API version. The command also updates custom resources so they are stored under v1beta2. New custom resource instances are created from the specification of the storage API version, so only one API version is ever marked as the storage version.

When you have upgraded the CRDs to use v1beta2 as the storage version, you should only use v1beta2 properties in your custom resources.

Use the CLI help for more information on the API conversion tool:

Use bin/api-conversion.cmd for this procedure if you are using Windows.

Perform the following steps for each Kafka custom resource in your deployment.

For each Kafka custom resource, upgrade the configurations for ZooKeeper, Topic Operator, Entity Operator, and Cruise Control (if deployed) to support version v1beta2. This is described in the following procedures.

When all Kafka configurations are updated to support v1beta2, you can upgrade the Kafka custom resource to v1beta2.

Perform the following steps for each Kafka custom resource in your deployment.

Perform the following steps for each Kafka custom resource in your deployment.

Perform the following steps for each Kafka custom resource in your deployment.

Perform the following steps for each Kafka.spec.cruiseControl configuration in your Kafka cluster.

Perform the following steps for each Kafka custom resource in your deployment.

Perform the following steps for each KafkaConnect custom resource in your deployment.

Perform the following steps for each KafkaConnectS2I custom resource in your deployment.

Perform the following steps for each KafkaMirrorMaker custom resource in your deployment.

Perform the following steps for each KafkaMirrorMaker2 custom resource in your deployment.

Perform the following steps for each KafkaBridge resource in your deployment.

Perform the following steps for each KafkaUser custom resource in your deployment.

Perform the following steps for each KafkaTopic custom resource in your deployment.

Perform the following steps for each KafkaConnector custom resource in your deployment.

Perform the following steps for each KafkaRebalance custom resource in your deployment.

Kafka downgrades are dependent on compatible current and target Kafka versions, and the state at which messages have been logged.

You cannot revert to the previous Kafka version if that version does not support any of the inter.broker.protocol.version settings which have ever been used in that cluster, or messages have been added to message logs that use a newer log.message.format.version.

The inter.broker.protocol.version determines the schemas used for persistent metadata stored by the broker, such as the schema for messages written to __consumer_offsets. If you downgrade to a version of Kafka that does not understand an inter.broker.protocol.version that has (ever) been previously used in the cluster the broker will encounter data it cannot understand.

If the target downgrade version of Kafka has:

Downgrading is not possible if the new version has ever used a log.message.format.version that is not supported by the previous version, including when the default value for log.message.format.version is used. For example, this resource can be downgraded to Kafka version 2.6.1 because the log.message.format.version has not been changed:

The downgrade would not be possible if the log.message.format.version was set at "2.7" or a value was absent (so that the parameter took the default value for a 2.7.0 broker of 2.7).

For the Kafka resource to be downgraded, check: