SlideShare a Scribd company logo

Team Collaboration in Kafka Clusters With Maria Berinde-Tampanariu | Current 2022

HostedbyConfluent
HostedbyConfluent

Team Collaboration in Kafka Clusters With Maria Berinde-Tampanariu | Current 2022 When different teams start to use the same Kafka clusters, it opens up opportunities and challenges. During this talk, we will look at different architectures and team structures to explore ways in which to set up authorization in a granular and maintainable way for real-world users, as well as for producing or consuming clients. What are the options offered by the Kafka built-in Authorizer, how can the Authorizer be customized and how are integrations with external systems built in order to provide group or role-based access control? Confluent Cloud and Confluent Platform provide predefined roles as part of the Role-based Access Control (RBAC) feature. We will look at the permissions included in these role bindings, the scope on which they can be used, and the components for which they are available. Role-based Access Control and Access Control Lists can be used together - let’s explore the options, best practices, and order of precedence. We will put the capabilities into action by looking at the practices used by an imaginary company where the central Platform Team provisions clusters for its internal customers and provides access for teams to self-manage their domains. What’s the best approach to grant access to team members to their team’s resources and what needs to happen when one team collaborates with another team? What happens when a team member works temporarily on two teams? We will close the session by looking at the ability to use the authorization mechanisms in conjunction with different authentication options and at the automation options to make the actions predictable and repeatable.

Technology
1 of 40
Download to read offline
Team Collaboration in Kafka Clusters Maria Berinde-Tâmpănariu Advisory Solutions Engineer 4th of October 2022
Question Can different teams collaborate efficiently and work independently in your Kafka cluster(s)?
Journey 3 My first Kafka cluster ● a foreseeable amount of applications ● the core team with full access Central Nervous System ● many different types of clients ● many users with different access levels The ability to work without getting in each other’s way. ➔ scalable & repeatable actions ➔ predictability ➔ self-service capabilities ➔ isolation ➔ manageability
Authentication Authorization Naming Conventions Automation TEAM COLLABORATION Platform Limits Chargeback Monitoring Client Quotas
TEAM COLLABORATION
Authentication TEAM COLLABORATION
Client Authentication • process of establishing the client identity and verifying client & server authenticity • authenticated identity throughout lifetime of connection • KafkaPrincipal used to represent client identity (e.g. Username: maria) • principal used to: - grant access to resources - allocate quotas - log details • different authentication mechanisms 7
Authentication Methods Confluent Cloud 8 API Keys OAuth Single Sign On • Cloud keys • resource specific keys - Kafka - Schema Registry - ksqlDB • all keys owned by an account • key rotation • delegated authentication • JSON Web Token (JWT) • OpenID Connect (OIDC) • identity provider & identity pools • SAML based Identity Provider (IdP) • enabled at Confluent Cloud organization level • SSO users vs. local users Confluent Cloud is a fully-managed Apache Kafka service available on all three major clouds. • user & service accounts
Authentication Authorization TEAM COLLABORATION
Access Control List (ACL) • general format: "Principal P is [Allowed/Denied] Operation O From Host H On Resource R" • wildcard & prefix matching supported 10 Principal P based on standard authorizer (wildcard) is [Allowed / Denied] Operation O From Host H On Resource R (wildcard & prefix) Apache Kafka® individual principals “Deny” always trumps “Allow”. supported operations are based on resource (see docs) supported Cluster Delegation Token Group Topic Transactional ID Confluent Platform individual & group principals Confluent Cloud user & service accounts not supported Cluster Consumer Group Topic Transactional ID
Authorizer • customizable server plugin • authorize an operation based on the principal and the resource being accessed 11 Confluent Cloud . • subset of Kafka Access Control Lists (ACL) • predefined role-based access control (RBAC) roles • ACL & RBAC can be used together • AclAuthorizer (since v5.4.0) • SimpleAclAuthorizer (before v5.4.0) • Confluent Server Authorizer with LDAP group-based & role-based access control (RBAC) ‘ • Access Control Lists (ACL) stored on Zookeeper (ZK) or centrally on Metadata Service (MDS) Confluent Platform Apache Kafka® • pluggable Authorizer • out-of-box implementation • default authorizer: AclAuthorizer ( > v2.4) SimpleAclAuthorizer (< v2.4) StandardAuthorizer (KRaft) • Access Control Lists (ACL) stored on Zookeeper (ZK) or in metadata topic
Role-based Access Control (RBAC) • serves as an additional authorization layer on top of ACLs • predefined roles & role-bindings • Metadata Service used to configure and manage RBAC • only “Allow” rules (“Deny” not supported) • benefits: + Manage security access across the platform (Kafka, ksqlDB, Connect, Schema Registry, Confluent Control Center) + delegation of permission management is possible (ResourceOwner role) + centrally manage multiple clusters 12
RBAC on Confluent Cloud CLI GUI API Org Admin Env Admin Env Admin Cluster 1 Admin Cluster 2 Admin Topic 1 Resource Owner Topic 2 Resource Owner Dev Read Only - Topic 1 Dev Write - Topic 2 RBAC Authorization Control access to organizations, environments and clusters Admin Roles: ● OrganizationAdmin ● EnvironmentAdmin ● CloudClusterAdmin Control CRUD operations within Kafka resources Developer Roles: ● ResourceOwner ● DeveloperRead ● DeveloperWrite ● DeveloperManage Note: A single user can have multiple roles 13 Operator Roles: ● Operator ● MetricsViewer
Authentication Authorization Naming Conventions TEAM COLLABORATION
Naming Conventions • RBAC & ACLs can be used together - use RBAC in general as the default to grant access - use ACL in particular cases to deny access • both support prefixed rules • governance - visual attribution - stream governance functionality • choose names unlikely to change over time • think about how naming conventions can be enforced (e.g. CI/CD pipeline) 15
Demo: Role bindings with Prefixed Rules in Confluent Cloud • Authentication: Confluent Cloud local users • Authorization: RBAC prefixed role bindings • Naming Convention: Team name used as prefix 16
17
How to grant temporary access? (Authentication, Authorization & Naming Conventions) 18
Authentication Authorization Naming Conventions TEAM COLLABORATION Platform Limits
Platform Limits 20 • given by the infrastructure on which Kafka is deployed • Do you know the limits for your deployment? • Confluent Cloud - hard limits & soft limits - different types of clusters (basic, standard & dedicated) - some limits depend on type of cluster - examples of limits: • RBAC role-bindings • ACLs • throughput
Authentication Authorization Naming Conventions TEAM COLLABORATION Platform Limits Client Quotas
Client Quotas • applied on (user, client-ID) or client-ID groups • defined at different levels with order of precedence • quotas: - network bandwidth - request rate • early access feature on Confluent Cloud 22 Quota parameter Cloud Client Quotas Apache Kafka Quotas Apply to Service Accounts User or Client ID Managed by Calling the Confluent Cloud API API Interacting with Kafka Directly Level enforced at Cluster level Broker level
Authentication Authorization Naming Conventions TEAM COLLABORATION Platform Limits Monitoring Client Quotas
Metrics • as described in “Kafka: The Definitive Guide” 2nd edition: • proactive vs. reactive measures 24
Monitoring 25 Apache Kafka® Confluent Platform Confluent Cloud • essentially monitoring a Java application • JMX metrics exposed by Kafka • Confluent Control Center • Metrics Viewer Role • JMX metrics • Confluent Health+ • Metrics API • 3rd party monitoring integration • /export endpoint • Metrics Viewer Role • Confluent Cloud UI • self-managed Confluent Control Center
Confluent Cloud UI 26
Confluent Control Center • Self-managed deployment • Can be connected to Confluent Cloud • Can be used to monitor local Connect cluster. • Allows custom notifications. 27
Confluent Health+ 28
Authentication Authorization Naming Conventions TEAM COLLABORATION Platform Limits Chargeback Monitoring Client Quotas
Chargeback • charging individual cost centers for their share of Kafka cluster usage - flat rate - consumption based • chargeback vs. showback • start with a simple model, which can evolve over time • Confluent Control Center insights • Metrics grouped by Principal ID • content about cost effectiveness by Lyndon Hedderly, Confluent Principal Business Value Consultant 30
Active Connection Count Example 31 Total client connections (Basic & Standard clusters) Max 1000 Number of TCP connections to the cluster that can be open at one time. Available in the Metrics API as active_connection_count. If you are self-managing Kafka, you can look at the broker kafka.server:type=socket-server- metrics,listener={listener_name},networkProcessor={#},name=connection-count metrics to understand how many connections you are using. This value can vary widely based on several factors, including number of producer clients, number of consumer clients, partition keying strategy, produce patterns per client, and consume patterns per client. To reduce usage on this dimension, you can reduce the total number of clients connecting to the cluster.
Authentication Authorization Naming Conventions Automation TEAM COLLABORATION Platform Limits Chargeback Monitoring Client Quotas
Automation • manage infrastructure & resource lifecycle safely & efficiently • easily scale • reuse & abstract • tooling: - command line interface (CLI) & APIs - Confluent for Kubernetes to deploy Confluent Platform on Kubernetes • Quickstart - Terraform provider for Confluent Cloud • sample project • resources & data sources 33
Terraform Example • Role bindings with prefixed rules • Literal with role binding assignment 34
Terraform Considerations • starting a new project vs. migrating existing clusters • Decide weather to support all possible options or provide Tshirt-sized templates. • The lifecycle Meta-Argument lifecycle { prevent_destroy = true } 35
Authentication Authorization Naming Conventions Automation TEAM COLLABORATION Platform Limits Chargeback Monitoring Client Quotas
Summary • tools & approaches to achieve - scalable & repeatable actions - predictability - self-service capabilities - isolation - manageability • Github Repo with links to documentation & code for examples https://github.com/maaarv/current2022 37
Q&A 38
Your Apache Kafka® journey begins here developer.confluent.io 39
Team Collaboration in Kafka Clusters With Maria Berinde-Tampanariu | Current 2022

Recommended

Apache Kafka® Security Overview
Apache Kafka® Security OverviewApache Kafka® Security Overview
Apache Kafka® Security Overviewconfluent
 
Confluent Platform 5.4 + Apache Kafka 2.4 Overview (RBAC, Tiered Storage, Mul...
Confluent Platform 5.4 + Apache Kafka 2.4 Overview (RBAC, Tiered Storage, Mul...Confluent Platform 5.4 + Apache Kafka 2.4 Overview (RBAC, Tiered Storage, Mul...
Confluent Platform 5.4 + Apache Kafka 2.4 Overview (RBAC, Tiered Storage, Mul...Kai Wähner
 
How to Lock Down Apache Kafka and Keep Your Streams Safe
How to Lock Down Apache Kafka and Keep Your Streams SafeHow to Lock Down Apache Kafka and Keep Your Streams Safe
How to Lock Down Apache Kafka and Keep Your Streams Safeconfluent
 
Secure Kafka at scale in true multi-tenant environment ( Vishnu Balusu & Asho...
Secure Kafka at scale in true multi-tenant environment ( Vishnu Balusu & Asho...Secure Kafka at scale in true multi-tenant environment ( Vishnu Balusu & Asho...
Secure Kafka at scale in true multi-tenant environment ( Vishnu Balusu & Asho...confluent
 
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.Opcito Technologies
 
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...confluent
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overviewsedukull
 
12 Ways Not to get 'Hacked' your Kubernetes Cluster
12 Ways Not to get 'Hacked' your Kubernetes Cluster12 Ways Not to get 'Hacked' your Kubernetes Cluster
12 Ways Not to get 'Hacked' your Kubernetes ClusterSuman Chakraborty
 

Recommended

Apache Kafka® Security Overview
Apache Kafka® Security OverviewApache Kafka® Security Overview
Apache Kafka® Security Overviewconfluent
 
Confluent Platform 5.4 + Apache Kafka 2.4 Overview (RBAC, Tiered Storage, Mul...
Confluent Platform 5.4 + Apache Kafka 2.4 Overview (RBAC, Tiered Storage, Mul...Confluent Platform 5.4 + Apache Kafka 2.4 Overview (RBAC, Tiered Storage, Mul...
Confluent Platform 5.4 + Apache Kafka 2.4 Overview (RBAC, Tiered Storage, Mul...Kai Wähner
 
How to Lock Down Apache Kafka and Keep Your Streams Safe
How to Lock Down Apache Kafka and Keep Your Streams SafeHow to Lock Down Apache Kafka and Keep Your Streams Safe
How to Lock Down Apache Kafka and Keep Your Streams Safeconfluent
 
Secure Kafka at scale in true multi-tenant environment ( Vishnu Balusu & Asho...
Secure Kafka at scale in true multi-tenant environment ( Vishnu Balusu & Asho...Secure Kafka at scale in true multi-tenant environment ( Vishnu Balusu & Asho...
Secure Kafka at scale in true multi-tenant environment ( Vishnu Balusu & Asho...confluent
 
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.Opcito Technologies
 
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...confluent
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overviewsedukull
 
12 Ways Not to get 'Hacked' your Kubernetes Cluster
12 Ways Not to get 'Hacked' your Kubernetes Cluster12 Ways Not to get 'Hacked' your Kubernetes Cluster
12 Ways Not to get 'Hacked' your Kubernetes ClusterSuman Chakraborty
 
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...Red Hat Developers
 
Webinar: What's new in CDAP 3.5?
Webinar: What's new in CDAP 3.5?Webinar: What's new in CDAP 3.5?
Webinar: What's new in CDAP 3.5?Cask Data
 
Envoy and Kafka
Envoy and KafkaEnvoy and Kafka
Envoy and KafkaAdam Kotwasinski
 
New Features in Confluent Platform 6.0 / Apache Kafka 2.6
New Features in Confluent Platform 6.0 / Apache Kafka 2.6New Features in Confluent Platform 6.0 / Apache Kafka 2.6
New Features in Confluent Platform 6.0 / Apache Kafka 2.6Kai Wähner
 
Confluent Tech Talk Korea
Confluent Tech Talk KoreaConfluent Tech Talk Korea
Confluent Tech Talk Koreaconfluent
 
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and VormetricProtecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and Vormetricconfluent
 
New Security Features in Apache HBase 0.98: An Operator's Guide
New Security Features in Apache HBase 0.98: An Operator's GuideNew Security Features in Apache HBase 0.98: An Operator's Guide
New Security Features in Apache HBase 0.98: An Operator's GuideHBaseCon
 
Apache Kafka Introduction
Apache Kafka IntroductionApache Kafka Introduction
Apache Kafka IntroductionAmita Mirajkar
 
Achieve business agility with Cloud APIs, Cloud-aware Apps, and Cloud DevOps ...
Achieve business agility with Cloud APIs, Cloud-aware Apps, and Cloud DevOps ...Achieve business agility with Cloud APIs, Cloud-aware Apps, and Cloud DevOps ...
Achieve business agility with Cloud APIs, Cloud-aware Apps, and Cloud DevOps ...WSO2
 
Confluent Operations Training for Apache Kafka
Confluent Operations Training for Apache KafkaConfluent Operations Training for Apache Kafka
Confluent Operations Training for Apache Kafkaconfluent
 
OSMC 2016 - Monasca - Monitoring-as-a-Service (at-Scale) by Roland Hochmuth
OSMC 2016 - Monasca - Monitoring-as-a-Service (at-Scale) by Roland HochmuthOSMC 2016 - Monasca - Monitoring-as-a-Service (at-Scale) by Roland Hochmuth
OSMC 2016 - Monasca - Monitoring-as-a-Service (at-Scale) by Roland HochmuthNETWAYS
 
OSMC 2016 | Monasca: Monitoring-as-a-Service (at-Scale) by Roland Hochmuth
OSMC 2016 | Monasca: Monitoring-as-a-Service (at-Scale) by Roland HochmuthOSMC 2016 | Monasca: Monitoring-as-a-Service (at-Scale) by Roland Hochmuth
OSMC 2016 | Monasca: Monitoring-as-a-Service (at-Scale) by Roland HochmuthNETWAYS
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice ArchitectureMatt McLarty
 
Kubernetes connectivity to Cloud Native Kafka | Evan Shortiss and Hugo Guerre...
Kubernetes connectivity to Cloud Native Kafka | Evan Shortiss and Hugo Guerre...Kubernetes connectivity to Cloud Native Kafka | Evan Shortiss and Hugo Guerre...
Kubernetes connectivity to Cloud Native Kafka | Evan Shortiss and Hugo Guerre...HostedbyConfluent
 
Extending kubernetes
Extending kubernetesExtending kubernetes
Extending kubernetesGigi Sayfan
 
2015 zData Inc. - Apache Ambari Overview
2015 zData Inc. - Apache Ambari Overview2015 zData Inc. - Apache Ambari Overview
2015 zData Inc. - Apache Ambari OverviewzData Inc.
 
Au delà des brokers, un tour de l’environnement Kafka | Florent Ramière
Au delà des brokers, un tour de l’environnement Kafka | Florent RamièreAu delà des brokers, un tour de l’environnement Kafka | Florent Ramière
Au delà des brokers, un tour de l’environnement Kafka | Florent Ramièreconfluent
 
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...Lucas Jellema
 
Kafka Security
Kafka SecurityKafka Security
Kafka SecurityDataWorks Summit/Hadoop Summit
 
Deploying and Operating KSQL
Deploying and Operating KSQLDeploying and Operating KSQL
Deploying and Operating KSQLconfluent
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Renaming a Kafka Topic | Kafka Summit London
Renaming a Kafka Topic | Kafka Summit LondonRenaming a Kafka Topic | Kafka Summit London
Renaming a Kafka Topic | Kafka Summit LondonHostedbyConfluent
 

More Related Content

Similar to Team Collaboration in Kafka Clusters With Maria Berinde-Tampanariu | Current 2022

Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...Red Hat Developers
 
Webinar: What's new in CDAP 3.5?
Webinar: What's new in CDAP 3.5?Webinar: What's new in CDAP 3.5?
Webinar: What's new in CDAP 3.5?Cask Data
 
New Features in Confluent Platform 6.0 / Apache Kafka 2.6
New Features in Confluent Platform 6.0 / Apache Kafka 2.6New Features in Confluent Platform 6.0 / Apache Kafka 2.6
New Features in Confluent Platform 6.0 / Apache Kafka 2.6Kai Wähner
 
Confluent Tech Talk Korea
Confluent Tech Talk KoreaConfluent Tech Talk Korea
Confluent Tech Talk Koreaconfluent
 
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and VormetricProtecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and Vormetricconfluent
 
New Security Features in Apache HBase 0.98: An Operator's Guide
New Security Features in Apache HBase 0.98: An Operator's GuideNew Security Features in Apache HBase 0.98: An Operator's Guide
New Security Features in Apache HBase 0.98: An Operator's GuideHBaseCon
 
Apache Kafka Introduction
Apache Kafka IntroductionApache Kafka Introduction
Apache Kafka IntroductionAmita Mirajkar
 
Achieve business agility with Cloud APIs, Cloud-aware Apps, and Cloud DevOps ...
Achieve business agility with Cloud APIs, Cloud-aware Apps, and Cloud DevOps ...Achieve business agility with Cloud APIs, Cloud-aware Apps, and Cloud DevOps ...
Achieve business agility with Cloud APIs, Cloud-aware Apps, and Cloud DevOps ...WSO2
 
Confluent Operations Training for Apache Kafka
Confluent Operations Training for Apache KafkaConfluent Operations Training for Apache Kafka
Confluent Operations Training for Apache Kafkaconfluent
 
OSMC 2016 - Monasca - Monitoring-as-a-Service (at-Scale) by Roland Hochmuth
OSMC 2016 - Monasca - Monitoring-as-a-Service (at-Scale) by Roland HochmuthOSMC 2016 - Monasca - Monitoring-as-a-Service (at-Scale) by Roland Hochmuth
OSMC 2016 - Monasca - Monitoring-as-a-Service (at-Scale) by Roland HochmuthNETWAYS
 
OSMC 2016 | Monasca: Monitoring-as-a-Service (at-Scale) by Roland Hochmuth
OSMC 2016 | Monasca: Monitoring-as-a-Service (at-Scale) by Roland HochmuthOSMC 2016 | Monasca: Monitoring-as-a-Service (at-Scale) by Roland Hochmuth
OSMC 2016 | Monasca: Monitoring-as-a-Service (at-Scale) by Roland HochmuthNETWAYS
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice ArchitectureMatt McLarty
 
Kubernetes connectivity to Cloud Native Kafka | Evan Shortiss and Hugo Guerre...
Kubernetes connectivity to Cloud Native Kafka | Evan Shortiss and Hugo Guerre...Kubernetes connectivity to Cloud Native Kafka | Evan Shortiss and Hugo Guerre...
Kubernetes connectivity to Cloud Native Kafka | Evan Shortiss and Hugo Guerre...HostedbyConfluent
 
Extending kubernetes
Extending kubernetesExtending kubernetes
Extending kubernetesGigi Sayfan
 
2015 zData Inc. - Apache Ambari Overview
2015 zData Inc. - Apache Ambari Overview2015 zData Inc. - Apache Ambari Overview
2015 zData Inc. - Apache Ambari OverviewzData Inc.
 
Au delà des brokers, un tour de l’environnement Kafka | Florent Ramière
Au delà des brokers, un tour de l’environnement Kafka | Florent RamièreAu delà des brokers, un tour de l’environnement Kafka | Florent Ramière
Au delà des brokers, un tour de l’environnement Kafka | Florent Ramièreconfluent
 
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...Lucas Jellema
 
Deploying and Operating KSQL
Deploying and Operating KSQLDeploying and Operating KSQL
Deploying and Operating KSQLconfluent
 

Similar to Team Collaboration in Kafka Clusters With Maria Berinde-Tampanariu | Current 2022 (20)

Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
 
Webinar: What's new in CDAP 3.5?
Webinar: What's new in CDAP 3.5?Webinar: What's new in CDAP 3.5?
Webinar: What's new in CDAP 3.5?
 
Envoy and Kafka
Envoy and KafkaEnvoy and Kafka
Envoy and Kafka
 
New Features in Confluent Platform 6.0 / Apache Kafka 2.6
New Features in Confluent Platform 6.0 / Apache Kafka 2.6New Features in Confluent Platform 6.0 / Apache Kafka 2.6
New Features in Confluent Platform 6.0 / Apache Kafka 2.6
 
Confluent Tech Talk Korea
Confluent Tech Talk KoreaConfluent Tech Talk Korea
Confluent Tech Talk Korea
 
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and VormetricProtecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
 
New Security Features in Apache HBase 0.98: An Operator's Guide
New Security Features in Apache HBase 0.98: An Operator's GuideNew Security Features in Apache HBase 0.98: An Operator's Guide
New Security Features in Apache HBase 0.98: An Operator's Guide
 
Apache Kafka Introduction
Apache Kafka IntroductionApache Kafka Introduction
Apache Kafka Introduction
 
Achieve business agility with Cloud APIs, Cloud-aware Apps, and Cloud DevOps ...
Achieve business agility with Cloud APIs, Cloud-aware Apps, and Cloud DevOps ...Achieve business agility with Cloud APIs, Cloud-aware Apps, and Cloud DevOps ...
Achieve business agility with Cloud APIs, Cloud-aware Apps, and Cloud DevOps ...
 
Confluent Operations Training for Apache Kafka
Confluent Operations Training for Apache KafkaConfluent Operations Training for Apache Kafka
Confluent Operations Training for Apache Kafka
 
OSMC 2016 - Monasca - Monitoring-as-a-Service (at-Scale) by Roland Hochmuth
OSMC 2016 - Monasca - Monitoring-as-a-Service (at-Scale) by Roland HochmuthOSMC 2016 - Monasca - Monitoring-as-a-Service (at-Scale) by Roland Hochmuth
OSMC 2016 - Monasca - Monitoring-as-a-Service (at-Scale) by Roland Hochmuth
 
OSMC 2016 | Monasca: Monitoring-as-a-Service (at-Scale) by Roland Hochmuth
OSMC 2016 | Monasca: Monitoring-as-a-Service (at-Scale) by Roland HochmuthOSMC 2016 | Monasca: Monitoring-as-a-Service (at-Scale) by Roland Hochmuth
OSMC 2016 | Monasca: Monitoring-as-a-Service (at-Scale) by Roland Hochmuth
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
 
Kubernetes connectivity to Cloud Native Kafka | Evan Shortiss and Hugo Guerre...
Kubernetes connectivity to Cloud Native Kafka | Evan Shortiss and Hugo Guerre...Kubernetes connectivity to Cloud Native Kafka | Evan Shortiss and Hugo Guerre...
Kubernetes connectivity to Cloud Native Kafka | Evan Shortiss and Hugo Guerre...
 
Extending kubernetes
Extending kubernetesExtending kubernetes
Extending kubernetes
 
2015 zData Inc. - Apache Ambari Overview
2015 zData Inc. - Apache Ambari Overview2015 zData Inc. - Apache Ambari Overview
2015 zData Inc. - Apache Ambari Overview
 
Au delà des brokers, un tour de l’environnement Kafka | Florent Ramière
Au delà des brokers, un tour de l’environnement Kafka | Florent RamièreAu delà des brokers, un tour de l’environnement Kafka | Florent Ramière
Au delà des brokers, un tour de l’environnement Kafka | Florent Ramière
 
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...
Event Bus as Backbone for Decoupled Microservice Choreography (Oracle Code, A...
 
Kafka Security
Kafka SecurityKafka Security
Kafka Security
 
Deploying and Operating KSQL
Deploying and Operating KSQLDeploying and Operating KSQL
Deploying and Operating KSQL
 

More from HostedbyConfluent

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Renaming a Kafka Topic | Kafka Summit London
Renaming a Kafka Topic | Kafka Summit LondonRenaming a Kafka Topic | Kafka Summit London
Renaming a Kafka Topic | Kafka Summit LondonHostedbyConfluent
 
Evolution of NRT Data Ingestion Pipeline at Trendyol
Evolution of NRT Data Ingestion Pipeline at TrendyolEvolution of NRT Data Ingestion Pipeline at Trendyol
Evolution of NRT Data Ingestion Pipeline at TrendyolHostedbyConfluent
 
Ensuring Kafka Service Resilience: A Dive into Health-Checking Techniques
Ensuring Kafka Service Resilience: A Dive into Health-Checking TechniquesEnsuring Kafka Service Resilience: A Dive into Health-Checking Techniques
Ensuring Kafka Service Resilience: A Dive into Health-Checking TechniquesHostedbyConfluent
 
Exactly-once Stream Processing with Arroyo and Kafka
Exactly-once Stream Processing with Arroyo and KafkaExactly-once Stream Processing with Arroyo and Kafka
Exactly-once Stream Processing with Arroyo and KafkaHostedbyConfluent
 
Fish Plays Pokemon | Kafka Summit London
Fish Plays Pokemon | Kafka Summit LondonFish Plays Pokemon | Kafka Summit London
Fish Plays Pokemon | Kafka Summit LondonHostedbyConfluent
 
Tiered Storage 101 | Kafla Summit London
Tiered Storage 101 | Kafla Summit LondonTiered Storage 101 | Kafla Summit London
Tiered Storage 101 | Kafla Summit LondonHostedbyConfluent
 
Building a Self-Service Stream Processing Portal: How And Why
Building a Self-Service Stream Processing Portal: How And WhyBuilding a Self-Service Stream Processing Portal: How And Why
Building a Self-Service Stream Processing Portal: How And WhyHostedbyConfluent
 
From the Trenches: Improving Kafka Connect Source Connector Ingestion from 7 ...
From the Trenches: Improving Kafka Connect Source Connector Ingestion from 7 ...From the Trenches: Improving Kafka Connect Source Connector Ingestion from 7 ...
From the Trenches: Improving Kafka Connect Source Connector Ingestion from 7 ...HostedbyConfluent
 
Future with Zero Down-Time: End-to-end Resiliency with Chaos Engineering and ...
Future with Zero Down-Time: End-to-end Resiliency with Chaos Engineering and ...Future with Zero Down-Time: End-to-end Resiliency with Chaos Engineering and ...
Future with Zero Down-Time: End-to-end Resiliency with Chaos Engineering and ...HostedbyConfluent
 
Navigating Private Network Connectivity Options for Kafka Clusters
Navigating Private Network Connectivity Options for Kafka ClustersNavigating Private Network Connectivity Options for Kafka Clusters
Navigating Private Network Connectivity Options for Kafka ClustersHostedbyConfluent
 
Apache Flink: Building a Company-wide Self-service Streaming Data Platform
Apache Flink: Building a Company-wide Self-service Streaming Data PlatformApache Flink: Building a Company-wide Self-service Streaming Data Platform
Apache Flink: Building a Company-wide Self-service Streaming Data PlatformHostedbyConfluent
 
Explaining How Real-Time GenAI Works in a Noisy Pub
Explaining How Real-Time GenAI Works in a Noisy PubExplaining How Real-Time GenAI Works in a Noisy Pub
Explaining How Real-Time GenAI Works in a Noisy PubHostedbyConfluent
 
TL;DR Kafka Metrics | Kafka Summit London
TL;DR Kafka Metrics | Kafka Summit LondonTL;DR Kafka Metrics | Kafka Summit London
TL;DR Kafka Metrics | Kafka Summit LondonHostedbyConfluent
 
A Window Into Your Kafka Streams Tasks | KSL
A Window Into Your Kafka Streams Tasks | KSLA Window Into Your Kafka Streams Tasks | KSL
A Window Into Your Kafka Streams Tasks | KSLHostedbyConfluent
 
Mastering Kafka Producer Configs: A Guide to Optimizing Performance
Mastering Kafka Producer Configs: A Guide to Optimizing PerformanceMastering Kafka Producer Configs: A Guide to Optimizing Performance
Mastering Kafka Producer Configs: A Guide to Optimizing PerformanceHostedbyConfluent
 
Data Contracts Management: Schema Registry and Beyond
Data Contracts Management: Schema Registry and BeyondData Contracts Management: Schema Registry and Beyond
Data Contracts Management: Schema Registry and BeyondHostedbyConfluent
 
Code-First Approach: Crafting Efficient Flink Apps
Code-First Approach: Crafting Efficient Flink AppsCode-First Approach: Crafting Efficient Flink Apps
Code-First Approach: Crafting Efficient Flink AppsHostedbyConfluent
 
Debezium vs. the World: An Overview of the CDC Ecosystem
Debezium vs. the World: An Overview of the CDC EcosystemDebezium vs. the World: An Overview of the CDC Ecosystem
Debezium vs. the World: An Overview of the CDC EcosystemHostedbyConfluent
 
Beyond Tiered Storage: Serverless Kafka with No Local Disks
Beyond Tiered Storage: Serverless Kafka with No Local DisksBeyond Tiered Storage: Serverless Kafka with No Local Disks
Beyond Tiered Storage: Serverless Kafka with No Local DisksHostedbyConfluent
 

More from HostedbyConfluent (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Renaming a Kafka Topic | Kafka Summit London
Renaming a Kafka Topic | Kafka Summit LondonRenaming a Kafka Topic | Kafka Summit London
Renaming a Kafka Topic | Kafka Summit London
 
Evolution of NRT Data Ingestion Pipeline at Trendyol
Evolution of NRT Data Ingestion Pipeline at TrendyolEvolution of NRT Data Ingestion Pipeline at Trendyol
Evolution of NRT Data Ingestion Pipeline at Trendyol
 
Ensuring Kafka Service Resilience: A Dive into Health-Checking Techniques
Ensuring Kafka Service Resilience: A Dive into Health-Checking TechniquesEnsuring Kafka Service Resilience: A Dive into Health-Checking Techniques
Ensuring Kafka Service Resilience: A Dive into Health-Checking Techniques
 
Exactly-once Stream Processing with Arroyo and Kafka
Exactly-once Stream Processing with Arroyo and KafkaExactly-once Stream Processing with Arroyo and Kafka
Exactly-once Stream Processing with Arroyo and Kafka
 
Fish Plays Pokemon | Kafka Summit London
Fish Plays Pokemon | Kafka Summit LondonFish Plays Pokemon | Kafka Summit London
Fish Plays Pokemon | Kafka Summit London
 
Tiered Storage 101 | Kafla Summit London
Tiered Storage 101 | Kafla Summit LondonTiered Storage 101 | Kafla Summit London
Tiered Storage 101 | Kafla Summit London
 
Building a Self-Service Stream Processing Portal: How And Why
Building a Self-Service Stream Processing Portal: How And WhyBuilding a Self-Service Stream Processing Portal: How And Why
Building a Self-Service Stream Processing Portal: How And Why
 
From the Trenches: Improving Kafka Connect Source Connector Ingestion from 7 ...
From the Trenches: Improving Kafka Connect Source Connector Ingestion from 7 ...From the Trenches: Improving Kafka Connect Source Connector Ingestion from 7 ...
From the Trenches: Improving Kafka Connect Source Connector Ingestion from 7 ...
 
Future with Zero Down-Time: End-to-end Resiliency with Chaos Engineering and ...
Future with Zero Down-Time: End-to-end Resiliency with Chaos Engineering and ...Future with Zero Down-Time: End-to-end Resiliency with Chaos Engineering and ...
Future with Zero Down-Time: End-to-end Resiliency with Chaos Engineering and ...
 
Navigating Private Network Connectivity Options for Kafka Clusters
Navigating Private Network Connectivity Options for Kafka ClustersNavigating Private Network Connectivity Options for Kafka Clusters
Navigating Private Network Connectivity Options for Kafka Clusters
 
Apache Flink: Building a Company-wide Self-service Streaming Data Platform
Apache Flink: Building a Company-wide Self-service Streaming Data PlatformApache Flink: Building a Company-wide Self-service Streaming Data Platform
Apache Flink: Building a Company-wide Self-service Streaming Data Platform
 
Explaining How Real-Time GenAI Works in a Noisy Pub
Explaining How Real-Time GenAI Works in a Noisy PubExplaining How Real-Time GenAI Works in a Noisy Pub
Explaining How Real-Time GenAI Works in a Noisy Pub
 
TL;DR Kafka Metrics | Kafka Summit London
TL;DR Kafka Metrics | Kafka Summit LondonTL;DR Kafka Metrics | Kafka Summit London
TL;DR Kafka Metrics | Kafka Summit London
 
A Window Into Your Kafka Streams Tasks | KSL
A Window Into Your Kafka Streams Tasks | KSLA Window Into Your Kafka Streams Tasks | KSL
A Window Into Your Kafka Streams Tasks | KSL
 
Mastering Kafka Producer Configs: A Guide to Optimizing Performance
Mastering Kafka Producer Configs: A Guide to Optimizing PerformanceMastering Kafka Producer Configs: A Guide to Optimizing Performance
Mastering Kafka Producer Configs: A Guide to Optimizing Performance
 
Data Contracts Management: Schema Registry and Beyond
Data Contracts Management: Schema Registry and BeyondData Contracts Management: Schema Registry and Beyond
Data Contracts Management: Schema Registry and Beyond
 
Code-First Approach: Crafting Efficient Flink Apps
Code-First Approach: Crafting Efficient Flink AppsCode-First Approach: Crafting Efficient Flink Apps
Code-First Approach: Crafting Efficient Flink Apps
 
Debezium vs. the World: An Overview of the CDC Ecosystem
Debezium vs. the World: An Overview of the CDC EcosystemDebezium vs. the World: An Overview of the CDC Ecosystem
Debezium vs. the World: An Overview of the CDC Ecosystem
 
Beyond Tiered Storage: Serverless Kafka with No Local Disks
Beyond Tiered Storage: Serverless Kafka with No Local DisksBeyond Tiered Storage: Serverless Kafka with No Local Disks
Beyond Tiered Storage: Serverless Kafka with No Local Disks
 

Recently uploaded

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Recently uploaded (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

Team Collaboration in Kafka Clusters With Maria Berinde-Tampanariu | Current 2022

  • 1. Team Collaboration in Kafka Clusters Maria Berinde-Tâmpănariu Advisory Solutions Engineer 4th of October 2022
  • 2. Question Can different teams collaborate efficiently and work independently in your Kafka cluster(s)?
  • 3. Journey 3 My first Kafka cluster ● a foreseeable amount of applications ● the core team with full access Central Nervous System ● many different types of clients ● many users with different access levels The ability to work without getting in each other’s way. ➔ scalable & repeatable actions ➔ predictability ➔ self-service capabilities ➔ isolation ➔ manageability
  • 7. Client Authentication • process of establishing the client identity and verifying client & server authenticity • authenticated identity throughout lifetime of connection • KafkaPrincipal used to represent client identity (e.g. Username: maria) • principal used to: - grant access to resources - allocate quotas - log details • different authentication mechanisms 7
  • 8. Authentication Methods Confluent Cloud 8 API Keys OAuth Single Sign On • Cloud keys • resource specific keys - Kafka - Schema Registry - ksqlDB • all keys owned by an account • key rotation • delegated authentication • JSON Web Token (JWT) • OpenID Connect (OIDC) • identity provider & identity pools • SAML based Identity Provider (IdP) • enabled at Confluent Cloud organization level • SSO users vs. local users Confluent Cloud is a fully-managed Apache Kafka service available on all three major clouds. • user & service accounts
  • 10. Access Control List (ACL) • general format: "Principal P is [Allowed/Denied] Operation O From Host H On Resource R" • wildcard & prefix matching supported 10 Principal P based on standard authorizer (wildcard) is [Allowed / Denied] Operation O From Host H On Resource R (wildcard & prefix) Apache Kafka® individual principals “Deny” always trumps “Allow”. supported operations are based on resource (see docs) supported Cluster Delegation Token Group Topic Transactional ID Confluent Platform individual & group principals Confluent Cloud user & service accounts not supported Cluster Consumer Group Topic Transactional ID
  • 11. Authorizer • customizable server plugin • authorize an operation based on the principal and the resource being accessed 11 Confluent Cloud . • subset of Kafka Access Control Lists (ACL) • predefined role-based access control (RBAC) roles • ACL & RBAC can be used together • AclAuthorizer (since v5.4.0) • SimpleAclAuthorizer (before v5.4.0) • Confluent Server Authorizer with LDAP group-based & role-based access control (RBAC) ‘ • Access Control Lists (ACL) stored on Zookeeper (ZK) or centrally on Metadata Service (MDS) Confluent Platform Apache Kafka® • pluggable Authorizer • out-of-box implementation • default authorizer: AclAuthorizer ( > v2.4) SimpleAclAuthorizer (< v2.4) StandardAuthorizer (KRaft) • Access Control Lists (ACL) stored on Zookeeper (ZK) or in metadata topic
  • 12. Role-based Access Control (RBAC) • serves as an additional authorization layer on top of ACLs • predefined roles & role-bindings • Metadata Service used to configure and manage RBAC • only “Allow” rules (“Deny” not supported) • benefits: + Manage security access across the platform (Kafka, ksqlDB, Connect, Schema Registry, Confluent Control Center) + delegation of permission management is possible (ResourceOwner role) + centrally manage multiple clusters 12
  • 13. RBAC on Confluent Cloud CLI GUI API Org Admin Env Admin Env Admin Cluster 1 Admin Cluster 2 Admin Topic 1 Resource Owner Topic 2 Resource Owner Dev Read Only - Topic 1 Dev Write - Topic 2 RBAC Authorization Control access to organizations, environments and clusters Admin Roles: ● OrganizationAdmin ● EnvironmentAdmin ● CloudClusterAdmin Control CRUD operations within Kafka resources Developer Roles: ● ResourceOwner ● DeveloperRead ● DeveloperWrite ● DeveloperManage Note: A single user can have multiple roles 13 Operator Roles: ● Operator ● MetricsViewer
  • 15. Naming Conventions • RBAC & ACLs can be used together - use RBAC in general as the default to grant access - use ACL in particular cases to deny access • both support prefixed rules • governance - visual attribution - stream governance functionality • choose names unlikely to change over time • think about how naming conventions can be enforced (e.g. CI/CD pipeline) 15
  • 16. Demo: Role bindings with Prefixed Rules in Confluent Cloud • Authentication: Confluent Cloud local users • Authorization: RBAC prefixed role bindings • Naming Convention: Team name used as prefix 16
  • 17. 17
  • 18. How to grant temporary access? (Authentication, Authorization & Naming Conventions) 18
  • 20. Platform Limits 20 • given by the infrastructure on which Kafka is deployed • Do you know the limits for your deployment? • Confluent Cloud - hard limits & soft limits - different types of clusters (basic, standard & dedicated) - some limits depend on type of cluster - examples of limits: • RBAC role-bindings • ACLs • throughput
  • 22. Client Quotas • applied on (user, client-ID) or client-ID groups • defined at different levels with order of precedence • quotas: - network bandwidth - request rate • early access feature on Confluent Cloud 22 Quota parameter Cloud Client Quotas Apache Kafka Quotas Apply to Service Accounts User or Client ID Managed by Calling the Confluent Cloud API API Interacting with Kafka Directly Level enforced at Cluster level Broker level
  • 24. Metrics • as described in “Kafka: The Definitive Guide” 2nd edition: • proactive vs. reactive measures 24
  • 25. Monitoring 25 Apache Kafka® Confluent Platform Confluent Cloud • essentially monitoring a Java application • JMX metrics exposed by Kafka • Confluent Control Center • Metrics Viewer Role • JMX metrics • Confluent Health+ • Metrics API • 3rd party monitoring integration • /export endpoint • Metrics Viewer Role • Confluent Cloud UI • self-managed Confluent Control Center
  • 27. Confluent Control Center • Self-managed deployment • Can be connected to Confluent Cloud • Can be used to monitor local Connect cluster. • Allows custom notifications. 27
  • 30. Chargeback • charging individual cost centers for their share of Kafka cluster usage - flat rate - consumption based • chargeback vs. showback • start with a simple model, which can evolve over time • Confluent Control Center insights • Metrics grouped by Principal ID • content about cost effectiveness by Lyndon Hedderly, Confluent Principal Business Value Consultant 30
  • 31. Active Connection Count Example 31 Total client connections (Basic & Standard clusters) Max 1000 Number of TCP connections to the cluster that can be open at one time. Available in the Metrics API as active_connection_count. If you are self-managing Kafka, you can look at the broker kafka.server:type=socket-server- metrics,listener={listener_name},networkProcessor={#},name=connection-count metrics to understand how many connections you are using. This value can vary widely based on several factors, including number of producer clients, number of consumer clients, partition keying strategy, produce patterns per client, and consume patterns per client. To reduce usage on this dimension, you can reduce the total number of clients connecting to the cluster.
  • 33. Automation • manage infrastructure & resource lifecycle safely & efficiently • easily scale • reuse & abstract • tooling: - command line interface (CLI) & APIs - Confluent for Kubernetes to deploy Confluent Platform on Kubernetes • Quickstart - Terraform provider for Confluent Cloud • sample project • resources & data sources 33
  • 34. Terraform Example • Role bindings with prefixed rules • Literal with role binding assignment 34
  • 35. Terraform Considerations • starting a new project vs. migrating existing clusters • Decide weather to support all possible options or provide Tshirt-sized templates. • The lifecycle Meta-Argument lifecycle { prevent_destroy = true } 35
  • 37. Summary • tools & approaches to achieve - scalable & repeatable actions - predictability - self-service capabilities - isolation - manageability • Github Repo with links to documentation & code for examples https://github.com/maaarv/current2022 37
  • 39. Your Apache Kafka® journey begins here developer.confluent.io 39