Confluent Platform Networking Overview¶

This section of documents describes the networking configuration options in Confluent for Kubernetes (CFK) to expose Kafka and other Confluent Platform components to clients.

The following images show the networking interfaces available for Confluent Platform components.

_images/20210428-Connect_Networking_Architecture.png

_images/20210428-Schema_Registry_Networking_Architecture.png

_images/20210428-ksqlDB-Networking-Architecture.png

_images/20210428-Control_Center_Networking_Architecture.png

Connect to Kafka and other Confluent components from outside the Kubernetes cluster¶

The following shows the high level overview of external interfaces available for Confluent Platform.

_images/20210428-Confluent_External_Interfaces.png

The following are the external access methods CFK supports. You can configure each component with one method, and once you enable external access one method and deploy Confluent, you cannot change to another external access method.

Load balancers: Clients connect to Confluent Platform using the Kubernetes provider’s load balancer.
Node ports: Clients connect to Confluent Platform at specified static ports (the NodePort) on the Kubernetes worker node (or via customer-managed networking infrastructure that can forward traffic to those ports).
Port-based static access: A Kubernetes Ingress controller manages clients’ connection to Kafka using port-based routing.
Host-based static access: A Kubernetes Ingress controller manages clients’ connection to Kafka using host-based routing.
Routes (for OpenShift): Clients connect to Confluent Platform using OpenShift routes.

For the additional configuration steps required to allow external access to Metadata Service (MDS), see Configure Networking for RBAC.

Connect to Kafka from inside the same Kubernetes cluster¶

Confluent components deployed by CFK within the same Kubernetes cluster and client applications within the same Kubernetes cluster connect to Kafka over Kafka’s internal listener at the following addresses:

If Kafka cluster is deployed to the same namespace as this client / component: <kafka-component-name>:9071
If Kafka cluster is deployed to a different namespace as this client / component: <kafka-component-name>.<kafka-namespace>.svc.cluster.local:9071

Kafka custom listeners¶

In addition to external and internal access listeners, you can configure additional custom listeners to access Kafka.

With custom listeners, you can configure the following additional properties on the host that you specify for the external listener of Kafka:

External access method
Authentication
Encryption
Port number: You can specify a port number that is greater than 9092. 9092 and lower port numbers are reserved by CFK.

The name of a custom listener is case-insensitive.

You can not change the listener hostname as the hostname is derived based on the external listener hostname.

The following is an example definition of a custom listener that uses an additional port, 9204:

spec:
  listeners:
    custom:
    - name: customlistener1
      port: 9204

See Kafka Listeners for a sample scenario for setting up custom Kafka listeners.