Kafka Management
Kafka Component Architecture
A KRaft-based Kafka cluster consists of broker nodes responsible for message delivery and controller nodes that manage cluster metadata and coordinate clusters. These roles can be configured using node pools in deployment manifests.
Other Kafka components interact with the Kafka cluster for specific tasks.
Kafka Component Interactions
Kafka Connect
Kafka Connect is an integration toolkit for streaming data between Kafka brokers and other systems using connector plugins. Kafka Connect provides a framework for integrating Kafka with an external data source or target, such as a database, for import or export of data using connectors. Connectors provide the connection configuration needed.
A source connector pushes external data into Kafka.
A sink connector extracts data out of Kafka
External data is translated and transformed into the appropriate format.
Kafka Connect can be configured to build custom container images with the required connectors.
Kafka MirrorMaker
Kafka MirrorMaker replicates data between two Kafka clusters, either in the same data center or across different locations.
Kafka Exporter
Kafka Exporter extracts data for analysis as Prometheus metrics, primarily data relating to offsets, consumer groups, consumer lag and topics. Consumer lag is the delay between the last message written to a partition and the message currently being picked up from that partition by a consumer
Securing Kafka
Encryption
Kafka in Condense supports Transport Layer Security (TLS), a protocol for encrypted communication.
Authentication
Kafka listeners use authentication to ensure a secure client connection to the Kafka cluster. Clients can also be configured for mutual authentication. Security credentials are created and managed by the Cluster and User Operator.
Supported authentication mechanisms
mTLS authentication (on listeners with TLS-enabled encryption)
SASL SCRAM-SHA-512
OAuth 2.0 token-based authentication
Custom authentication (supported by Kafka)
Authorization
Authorization controls the operations that are permitted on Kafka brokers by specific clients or users.
Supported authorization mechanisms
Simple authorization using ACL rules
OAuth 2.0 authorization (if you are using OAuth 2.0 token-based authentication)
Open Policy Agent (OPA) authorization
Custom authorization (supported by Kafka)
Federal Information Processing Standards (FIPS)
Kafka in Condense can run on FIPS-enabled Kubernetes clusters to ensure data security and system interoperability if the native Kubernetes service of the cloud provider supports it.
Monitoring Kafka
Monitoring data allows you to monitor the performance and health of Kafka in Condense. You can configure your deployment to capture metrics data for analysis and notifications.
Metrics data is useful when investigating issues with connectivity and data delivery. For example, metrics data can identify under-replicated partitions or the rate at which messages are consumed. Alerting rules can provide time-critical notifications on such metrics through a specified communications channel. Monitoring visualizations present real-time metrics data to help determine when and how to update the configuration of your deployment.
The following tools are used for metrics and monitoring which is shipped with the Condense deployment
Prometheus
Prometheus pulls metrics from Kafka, Controllers, and Kafka Connect clusters. The Prometheus Alertmanager plugin handles alerts and routes them to a notification service.
Kafka Exporter
Kafka Exporter adds additional Prometheus metrics.
Grafana
Grafana Labs provides dashboard visualizations of Prometheus metrics.
Kafka management on your cloud
Multi-Zone Deployment for High Availability
This architecture demonstrates how Condense achieves a highly available, scalable, and resilient Kafka deployment within a Virtual Private Cloud (VPC) on Azure Kubernetes Service (AKS).
Key Components
A dedicated node pool is distributed across three availability zones (Zone A, B, C) in Region A to enhance fault tolerance.
Each node contains:
Kafka Operator – Manages Kafka lifecycle and configurations.
Kafka Broker – Handles message storage and distribution, backed by Persistent Volume Claims (PVCs) for data durability.
Controller – Manages cluster metadata and leadership election, also using PVCs for persistence.
High Availability & Fault Tolerance
Multi-Zone Redundancy
Kafka components are distributed across three zones, preventing single points of failure and ensuring continuous availability.
Node Affinity & Pod Anti-Affinity
Node Affinity ensures components are deployed on specific nodes that are running in different regions.
Pod Anti-Affinity prevents multiple critical Kafka instances from running on the same node, improving redundancy.
Networking & Load Balancing
Internal Access (VNet Peering): Allows internal clients to communicate with Kafka through an internal load balancer, maintaining security and low latency. This makes it easier to connect existing services to Kafka internally.
External Access (Internet Load Balancer): Distributes traffic efficiently to external clients, ensuring reliable connectivity.
Scalability & Self-Healing
Dynamic Scaling: Kubernetes automatically scales Kafka brokers based on workload demands.
Self-Healing Mechanisms: Kubernetes reschedules failed pods and maintains cluster stability without manual intervention.
Multi-Region Deployment for Disaster Recovery
Building on the high availability architecture defined earlier, this approach extends Kafka’s resilience by implementing a multi-region deployment for disaster recovery using Kafka MirrorMaker 2. This ensures seamless data replication and failover across geographically distributed clusters.
Unidirectional
Bidirectional
Unidirectional Replication (Primary-Backup Model)
Primary Region (Region A):
A local producer writes data to the source Kafka cluster.
Cross-Region Replication:
Kafka MirrorMaker 2 replicates data to a secondary Kafka cluster in Region B.
Backup Region (Region B):
The target Kafka cluster serves as a hot backup, ensuring data availability in case of failure in Region A.
Use Case: Ensures a disaster recovery mechanism with a standby cluster that can take over operations if the primary region fails.
Bidirectional Replication (Active-Active Model)
Multi-Region Active Clusters:
Clusters in Region A and Region B actively handle data ingestion, processing, and replication.
Real-Time Cross-Replication:
Kafka MirrorMaker 2 ensures continuous synchronization between both regions.
If one cluster fails, the other automatically continues operations, preventing downtime.
Monitoring Kafka
Monitoring data allows you to monitor the performance and health of Kafka in Condense. You can configure your deployment to capture metrics data for analysis and notifications.
Metrics data is useful when investigating issues with connectivity and data delivery. For example, metrics data can identify under-replicated partitions or the rate at which messages are consumed. Alerting rules can provide time-critical notifications on such metrics through a specified communications channel. Monitoring visualizations present real-time metrics data to help determine when and how to update the configuration of your deployment.
The following tools are used for metrics and monitoring which is shipped with the Condense deployment
Prometheus
Prometheus pulls metrics from Kafka, Controllers, and Kafka Connect clusters. The Prometheus Alertmanager plugin handles alerts and routes them to a notification service.
Kafka Exporter
Kafka Exporter adds additional Prometheus metrics.
Grafana
Grafana Labs provides dashboard visualizations of Prometheus metrics.
Last updated
Was this helpful?