Learn about Kubernetes NodePorts and how CSM Operator uses NodePorts to provide Kafka clients access to your cluster.

NodePort is a Kubernetes Service type that allocates a port, referred to as a node port, on every node of the Kubernetes cluster. NodePort ensures that all traffic routed to the node port gets to a specific pod.

In CSM Operator, you set up external cluster access with NodePorts by adding nodeport type listeners to your Kafka resource (listener.type:nodeport).

Once configuration is done, CSM Operator deploys multiple NodePort Services. Specifically, you will have the following:
  • One NodePort that serves as an external bootstrap. This is used by clients for the initial connection and to receive metadata (advertised listeners) from the Kafka cluster.
  • A NodePort for each Kafka broker. These are used by clients to directly access the individual brokers.

The addresses of the nodes and the node ports are collected by CSM Operator and configured as the advertised listeners of the brokers. So brokers are automatically configured to advertise the right address and ports. As a result, once listener setup is complete, you can connect your clients running outside of the Kubernetes network by directing them to the NodePort Service that acts as the external bootstrap. Kubernetes handles everything else and ensures that client requests are routed to the correct brokers.

Configuring nodeport listeners

Complete the following steps to set up and configure a nodeport type listener in CSM Operator. The following steps also include an example on how to connect a Kafka console client to the cluster.

These steps demonstrate basic listener configuration with typical customizations. In addition to the configuration shown here, you can further customize your listener and enable or disable TLS encryption using the tls property, specify a client authentication mechanism with the authentication property, as well as add various additional configurations using the configuration property. For a comprehensive list of available properties, see the GenericKafkaListener schema reference in the Strimzi API reference.

  1. Configure your Kafka resource.

    Add an external listener that has its type property set to nodeport. In addition, Cloudera recommends that you customize your listeners and specify exact port numbers with the nodePort property. This way, you do not need to reconfigure your clients every time you redeploy Kafka.

    However, note that no validation is done, so you must ensure that the configured ports are not used by any other service and are within the range assigned for node ports. If port numbers are not specified, CSM Operator chooses available ports from the range assigned to node ports.

    The following snippet shows a configuration where listener.type is set to nodeport and exact port numbers are also specified.

    kind: Kafka
          - name: external
            port: 9094
            type: nodeport
            tls: true
              type: tls
                nodePort: 32000
                - broker: 0
                  nodePort: 32001
                - broker: 1
                  nodePort: 32002
                - broker: 2
                  nodePort: 32003
  2. Verify that NodePort Services are created and running.
    kubectl get services --namespace [***NAMESPACE***]

    The output will be similar to the following example.

    NAME                                  TYPE        CLUSTER-IP      EXTERNAL-IP                           
    my-cluster-kafka-external-bootstrap   NodePort   <none>        
    my-cluster-kafka-0                    NodePort    <none>        
    my-cluster-kafka-1                    NodePort     <none>        
    my-cluster-kafka-2                    NodePort     <none>    

    Notice that there is a NodePort Service deployed for each Kafka broker. Additionally you have a separate external bootstrap NodePort called [***CLUSTER NAME***]-kafka-external bootstrap. Clients connecting to the Kafka cluster should be directed to the external bootstrap.

  3. Get the node port of the external bootstrap service.
    kubectl get service [***CLUSTER NAME***]-kafka-external-bootstrap \
      --namespace [***NAMESPACE***] \
  4. Get the address (hostname or IP) of any node.
    kubectl get node [***NODE NAME***] \
  5. Configure and run your client.
    The following example shows a Kafka console producer. \
      --bootstrap-server [***NODE ADDRESS***]:[***NODE PORT***] \
      --topic [***TOPIC***]
A nodeport type listener is configured. External Kafka clients can now access your Kafka cluster through the NodePort Services.