Ingress
You can use Ingress to route HTTP/HTTPS traffic from outside the cluster to services within the cluster.
Ingress has two main components. You have Ingress resources, which define the traffic routing rules to your services and pods. In addition, you have Ingress controllers, which route incoming requests based on the rules defined by Ingress resources.
The Ingress API is a native part of Kubernetes, Ingress controllers are not. This means that while creating Ingress resources is possible by default on any Kubernetes cluster, the Ingress controller must be installed separately, otherwise, Ingress cannot function.
While there are numerous controller implementations available for Kubernetes, CSM Operator only supports Ingress-Nginx controllers running in TLS passthrough mode.
In CSM Operator, you set up external cluster access with
Ingress by adding an ingress
type listener to your Kafka resource
(listener.type:ingress
) and specify the hostnames for each broker and a
bootstrap using the configuration
property. In addition, TLS must be enabled for
the listener, and, depending on your environment, specifying the Ingress class
might be required.
- An Ingress and a corresponding ClusterIP that serves as an external bootstrap. This is used by clients for the initial connection and to receive metadata (advertised listeners) from the Kafka cluster.
- A unique Ingress and a ClusterIP for each Kafka Broker. These are used to access the brokers directly and to distinguish the traffic for different brokers.
Kafka clients connect to the bootstrap Ingress, which routes the request through the corresponding bootstrap service to one of the brokers. Connections to the individual brokers are then established using advertised listeners received from the broker. Traffic is then routed from the client to the broker through the broker-specific Ingresses and services.
Once the listener is configured, you can connect your clients running outside of the Kubernetes network by directing them to the bootstrap Ingress. Kubernetes, Ingress, and Kafka handle everything else and ensure that client requests are routed to the correct brokers.
Configuring ingress listeners
Complete the following steps to set up and configure an ingress listener in CSM Operator. The following steps also include an example on how to connect a Kafka console client to the cluster.
These steps demonstrate basic listener configuration. In addition to the
configuration shown here, you can further customize your listener and specify a
client authentication mechanism with the authentication
property
and add various additional configurations using the configuration
property. For a comprehensive list of available properties, see
GenericKafkaListener schema reference in the Strimzi API
reference.
- Ensure that an Ingress-Nginx controller is deployed in your Kubernetes cluster.
- Ensure that the Ingress-Nginx controller has TLS Passthrough enabled.