Deploy Confluent Private Cloud Gateway
Before installing Confluent Private Cloud Gateway (Confluent Gateway), prepare your environment by reviewing the system requirements, component compatibility, license modes, and available deployment paths.
For a conceptual introduction to Confluent Gateway, see the What is Confluent Private Cloud Gateway?.
Confluent Gateway runs as a stateless service, typically as a set of containerized instances within the target environment (for example, Confluent for Kubernetes, VM clusters, or cloud-native platforms). It supports deployment on-premises, in private cloud VPCs, and in hybrid environments.
Deployment process at a glance
A complete Confluent Gateway deployment follows these high-level steps:
Verify requirements: Confirm that CPU, memory, network throughput, and storage meet the minimum requirements in Requirements and considerations.
Choose a license mode: Select between Trial mode (default) and Enterprise mode based on your use case. For more information on license modes, see License modes.
Select a deployment path: Deploy Confluent Gateway using Docker or CFK based on your runtime environment. See Next steps.
Deploy and configure: Deploy Confluent Gateway on the chosen runtime, and configure the streaming domains and routes that connect it to the Apache Kafka® clusters that clients reach through it. For more information, see the following guides:
Configure administration and metrics: Expose the administration and observability endpoints Confluent Gateway provides.
Apply security configuration: Set up secret stores, TLS/SSL, authentication swapping, and passwords. For more information on security configuration, see the following guides:
Requirements and considerations
Before you begin, make sure the following requirements and considerations are satisfied.
System requirements
Resource | Requirement |
|---|---|
CPU and memory (minimum) | 2 vCPUs, 4 GB RAM |
CPU and memory (recommended) | 4 vCPUs, 8 GB RAM |
Network throughput | 45 MB/sec of sustained workload for a 1 Gigabit link (1 Gbps) |
Storage | 10 GB of disk space |
Network access requirements
The Confluent Gateway container must have access to the necessary Kafka clusters. Configure firewall ports for bidirectional traffic as needed.
Docker software requirements
For Docker-based deployments, you must meet the following software requirements:
Component | Requirement |
|---|---|
Docker Engine | Version 20.10 or later is recommended. |
Docker Compose | Docker Compose v2.x is required. Compose v1 is deprecated and might not support the modern YAML schemas used by Confluent. |
Operating System | Any Linux distribution that supports Docker (RHEL, Ubuntu, Rocky Linux) or Windows/macOS using Docker Desktop. |
CFK compatibility
Confluent Gateway is compatible with the latest CFK version and the images released with that version.
For details on the supported CFK version and image tags, see the Confluent for Kubernetes Release Notes.
License modes
Confluent Gateway operates in two modes: Trial and Enterprise. The mode is selected automatically based on whether a license key is provided at deployment. The following table compares the two modes.
Feature | Trial mode (default) | Enterprise mode |
|---|---|---|
License required | No license key required | Valid Confluent Private Cloud Enterprise license key |
Ideal use case | Proof of concept (PoC) and evaluation | Production environments |
Route limit | Maximum of 4 routes | Unlimited routes |
Scope | Evaluation of Confluent Gateway features | Production traffic forwarding to self-managed Kafka clusters |
Duration | Unlimited | Per the terms of your Enterprise agreement |
Technical support | Community, limited support | Full Confluent Enterprise support |
Supported component compatibility
Confluent Gateway supports standard Kafka client libraries, CFK, and Docker. It does not support proprietary vendor APIs.
Client library compatibility
Confluent Gateway is built on top of Kafka Client 4.0, and it inherits the same Client/Broker Forward Compatibility guarantees as defined in the Kafka 4.0 documentation, enabling interoperability between Kafka clients and brokers across supported version ranges.
Confluent Gateway officially supports librdkafka (the C/C++ Kafka client library) versions v2.0.0 through v2.13.0. This support enables non-Java clients to use the full range of Confluent Gateway capabilities, including partner data sharing and disaster recovery.
Other third-party clients that support Kafka protocol versions compatible with 3.x and 4.0 should work through Confluent Gateway based on protocol compatibility. However, these client libraries have not been extensively tested with Confluent Gateway. You must validate the behavior and compatibility of these specific library versions within your own environment.
Unsupported vendor-specific APIs
Confluent Gateway is designed primarily to govern message flows using standard Kafka APIs. Confluent Gateway does not support proprietary APIs from vendors. For example, Confluent Platform-specific APIs, such as CREATE_CLUSTER_LINKS or LIST_CLUSTER_LINKS, are not supported by Confluent Gateway.
Next steps
Pick the deployment path that fits how you run Kafka and follow the linked guide to install Confluent Gateway.
Deployment path | When to use | Where to start |
|---|---|---|
Confluent for Kubernetes (CFK) | You run Kafka workloads on Kubernetes and want operator-managed deployment, upgrades, and scaling of Confluent Gateway. | |
Docker | You deploy on VMs or container hosts without Kubernetes, or you want a lightweight setup for development, evaluation, or small-scale production. |