[Kafka] Change Kafka installation - multi namespace support #213
Conversation
shay79il
force-pushed
the
CEML-492-change-kafka-installation
branch
2 times, most recently
from
e2f8281 to
db827ac
Compare
|
Looks good, can you edit the |
There was a problem hiding this comment.
Pull request overview
This PR migrates the Kafka deployment from Bitnami Kafka to the Strimzi Kafka Operator, enabling multi-namespace support and modernizing the Kafka infrastructure with KRaft mode (ZooKeeper-less operation).
Key Changes:
- Replaced Bitnami Kafka chart dependency with Strimzi Kafka Operator (version 0.48.0)
- Introduced new Kubernetes custom resources for Kafka deployment including KafkaNodePool, Kafka cluster, RBAC resources, and network policies
- Configured single-node Kafka cluster with KRaft mode for simplified deployment
Reviewed changes
Copilot reviewed 8 out of 10 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| charts/mlrun-ce/values.yaml | Replaced Bitnami Kafka configuration with Strimzi operator values, including storage, resources, listeners, and RBAC settings; removed unrelated minio image config |
| charts/mlrun-ce/templates/kafka/kafka-cluster.yaml | Added Kafka custom resource definition for Strimzi operator with listener and config management |
| charts/mlrun-ce/templates/kafka/kafka-nodepool.yaml | Added KafkaNodePool resource for KRaft-mode Kafka cluster management |
| charts/mlrun-ce/templates/kafka/kafka-rbac.yaml | Created RBAC resources (ServiceAccount, Role, RoleBinding) for cross-namespace Kafka access |
| charts/mlrun-ce/templates/kafka/kafka-network-policy.yaml | Added NetworkPolicy to control egress traffic to Kafka cluster across namespaces |
| charts/mlrun-ce/templates/kafka/kafka-bootstrap-alias.yaml | Created service alias for simplified Kafka bootstrap server naming |
| charts/mlrun-ce/requirements.yaml | Updated chart dependency from bitnami/kafka to strimzi-kafka-operator |
| charts/mlrun-ce/requirements.lock | Updated lock file with new Strimzi operator dependency and digest |
| charts/mlrun-ce/Chart.yaml | Bumped chart version from 0.10.0-rc5 to 0.10.0-rc6 |
| .gitignore | Added comprehensive .DS_Store file patterns for macOS |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Allow egress to the internet/other services (optional) | ||
| # Comment out the next section if you want to restrict to Kafka only | ||
| - to: | ||
| - namespaceSelector: {} | ||
| - podSelector: {} | ||
|
|
There was a problem hiding this comment.
The NetworkPolicy allows unrestricted egress to all namespaces and pods (lines 56-58), which defeats the purpose of the network policy. This rule effectively allows traffic to anywhere, making the specific Kafka access rules redundant. Consider removing this overly permissive rule or adding a comment explaining why unrestricted egress is necessary for this use case.
| # Allow egress to the internet/other services (optional) | |
| # Comment out the next section if you want to restrict to Kafka only | |
| - to: | |
| - namespaceSelector: {} | |
| - podSelector: {} | |
shay79il
force-pushed
the
CEML-492-change-kafka-installation
branch
2 times, most recently
from
f7d0d5d to
2ad98a4
Compare
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
shay79il
force-pushed
the
CEML-492-change-kafka-installation
branch
2 times, most recently
from
5a8e49d to
c8e53ec
Compare
Add Strimzi Kafka operator configuration and update values for Kafka deployment [JIRA](https://iguazio.atlassian.net/browse/CEML-492)
shay79il
force-pushed
the
CEML-492-change-kafka-installation
branch
from
c8e53ec to
73784ed
Compare
2 participants
Migrating bitnami kafka to Strimzi Kafka operator
Add Strimzi Kafka operator configuration
Update values for Kafka deployment
JIRA