← Back to index Esc
Kind
KafkaConnect
Group
kafka.strimzi.io
Version
v1beta2
apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaConnect metadata: name: example
Tip: use .spec.authentication for path-only search
View raw schema
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata object
spec object
The specification of the Kafka Connect cluster.
authentication object
Authentication configuration for Kafka Connect.
accessToken object
Link to Kubernetes Secret containing the access token which was obtained from the authorization server.
key string required
The key under which the secret value is stored in the Kubernetes Secret.
secretName string required
The name of the Kubernetes Secret containing the secret value.
accessTokenIsJwt boolean
Configure whether access token should be treated as JWT. This should be set to `false` if the authorization server returns opaque tokens. Defaults to `true`.
accessTokenLocation string
Path to the token file containing an access token to be used for authentication.
audience string
OAuth audience to use when authenticating against the authorization server. Some authorization servers require the audience to be explicitly set. The possible values depend on how the authorization server is configured. By default, `audience` is not specified when performing the token endpoint request.
certificateAndKey object
Reference to the `Secret` which holds the certificate and private key pair.
certificate string required
The name of the file certificate in the Secret.
key string required
The name of the private key in the secret. The private key must be in unencrypted PKCS #8 format. For more information, see RFC 5208: https://datatracker.ietf.org/doc/html/rfc5208.
secretName string required
The name of the Secret containing the certificate.
clientAssertion object
Link to Kubernetes secret containing the client assertion which was manually configured for the client.
key string required
The key under which the secret value is stored in the Kubernetes Secret.
secretName string required
The name of the Kubernetes Secret containing the secret value.
clientAssertionLocation string
Path to the file containing the client assertion to be used for authentication.
clientAssertionType string
The client assertion type. If not set, and either `clientAssertion` or `clientAssertionLocation` is configured, this value defaults to `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`.
clientId string
OAuth Client ID which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI.
clientSecret object
Link to Kubernetes Secret containing the OAuth client secret which the Kafka client can use to authenticate against the OAuth server and use the token endpoint URI.
key string required
The key under which the secret value is stored in the Kubernetes Secret.
secretName string required
The name of the Kubernetes Secret containing the secret value.
config object
Configuration for the custom authentication mechanism. Only properties with the `sasl.` and `ssl.keystore.` prefixes are allowed. Specify other options in the regular configuration section of the custom resource.
connectTimeoutSeconds integer
The connect timeout in seconds when connecting to authorization server. If not set, the effective connect timeout is 60 seconds.
disableTlsHostnameVerification boolean
Enable or disable TLS hostname verification. Default value is `false`.
enableMetrics boolean
Enable or disable OAuth metrics. Default value is `false`.
grantType string
A custom OAuth grant type to use when authenticating against the authorization server with `clientId` and one of `clientSecret` or `clientAssertion`. The value defaults to `client_credentials` in these cases. This is optional configuration, only used with custom authorization server implementations.
httpRetries integer
The maximum number of retries to attempt if an initial HTTP request fails. If not set, the default is to not attempt any retries.
httpRetryPauseMs integer
The pause to take before retrying a failed HTTP request. If not set, the default is to not pause at all but to immediately repeat a request.
includeAcceptHeader boolean
Whether the Accept header should be set in requests to the authorization servers. The default value is `true`.
maxTokenExpirySeconds integer
Set or limit time-to-live of the access tokens to the specified number of seconds. This should be set if the authorization server returns opaque tokens.
passwordSecret object
Reference to the `Secret` which holds the password.
password string required
The name of the key in the Secret under which the password is stored.
secretName string required
The name of the Secret containing the password.
readTimeoutSeconds integer
The read timeout in seconds when connecting to authorization server. If not set, the effective read timeout is 60 seconds.
refreshToken object
Link to Kubernetes Secret containing the refresh token which can be used to obtain access token from the authorization server.
key string required
The key under which the secret value is stored in the Kubernetes Secret.
secretName string required
The name of the Kubernetes Secret containing the secret value.
sasl boolean
Enable or disable SASL on this authentication mechanism.
saslExtensions object
SASL extensions parameters.
scope string
OAuth scope to use when authenticating against the authorization server. Some authorization servers require this to be set. The possible values depend on how authorization server is configured. By default `scope` is not specified when doing the token endpoint request.
tlsTrustedCertificates []object
Trusted certificates for TLS connection to the OAuth server.
certificate string
The name of the file certificate in the secret.
pattern string
Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used.
secretName string required
The name of the Secret containing the certificate.
tokenEndpointUri string
Authorization server token endpoint URI.
type string required
Specifies the authentication type. Supported types are `tls`, `scram-sha-256`, `scram-sha-512`, `plain`, 'oauth', and `custom`. `tls` uses TLS client authentication and is supported only over TLS connections. `scram-sha-256` and `scram-sha-512` use SASL SCRAM-SHA-256 and SASL SCRAM-SHA-512 authentication, respectively. `plain` uses SASL PLAIN authentication. `oauth` uses SASL OAUTHBEARER authentication. `custom` allows you to configure a custom authentication mechanism. As of Strimzi 0.49.0, `oauth` type is deprecated and will be removed in the `v1` API version. Please use `custom` type instead.
enum: tls, scram-sha-256, scram-sha-512, plain, oauth, custom
username string
Username used for the authentication.
bootstrapServers string required
Bootstrap servers to connect to. This should be given as a comma separated list of _<hostname>_:_<port>_ pairs.
build object
Configures how the Connect container image should be built. Optional.
output object required
Configures where should the newly built image be stored. Required.
additionalBuildOptions []string
Configures additional options to pass to the `build` command of either Kaniko or Buildah (depending on the feature gate setting) when building a new Kafka Connect image. Allowed Kaniko options: --customPlatform, --custom-platform, --insecure, --insecure-pull, --insecure-registry, --log-format, --log-timestamp, --registry-mirror, --reproducible, --single-snapshot, --skip-tls-verify, --skip-tls-verify-pull, --skip-tls-verify-registry, --verbosity, --snapshotMode, --use-new-run, --registry-certificate, --registry-client-cert, --ignore-path. Allowed Buildah `build` options: --authfile, --cert-dir, --creds, --decryption-key, --retry, --retry-delay, --tls-verify. Those options are used only on Kubernetes, where Kaniko and Buildah are available. They are ignored on OpenShift. For more information, see the link:https://github.com/GoogleContainerTools/kaniko[Kaniko GitHub repository^] or the link:https://github.com/containers/buildah/blob/main/docs/buildah-build.1.md[Buildah build document^]. Changing this field does not trigger a rebuild of the Kafka Connect image.
additionalKanikoOptions []string
Configures additional options which will be passed to the Kaniko executor when building the new Connect image. Allowed options are: --customPlatform, --custom-platform, --insecure, --insecure-pull, --insecure-registry, --log-format, --log-timestamp, --registry-mirror, --reproducible, --single-snapshot, --skip-tls-verify, --skip-tls-verify-pull, --skip-tls-verify-registry, --verbosity, --snapshotMode, --use-new-run, --registry-certificate, --registry-client-cert, --ignore-path. These options will be used only on Kubernetes where the Kaniko executor is used. They will be ignored on OpenShift. The options are described in the link:https://github.com/GoogleContainerTools/kaniko[Kaniko GitHub repository^]. Changing this field does not trigger new build of the Kafka Connect image.
additionalPushOptions []string
Configures additional options to pass to the Buildah `push` command when pushing a new Connect image. Allowed options: --authfile, --cert-dir, --creds, --quiet, --retry, --retry-delay, --tls-verify. Those options are used only on Kubernetes, where Buildah is available. They are ignored on OpenShift. For more information, see the link:https://github.com/containers/buildah/blob/main/docs/buildah-push.1.md[Buildah push document^]. Changing this field does not trigger a rebuild of the Kafka Connect image.
image string required
The name of the image which will be built. Required.
pushSecret string
Container Registry Secret with the credentials for pushing the newly built image.
type string required
Output type. Must be either `docker` for pushing the newly build image to Docker compatible registry or `imagestream` for pushing the image to OpenShift ImageStream. Required.
enum: docker, imagestream
plugins []object required
List of connector plugins which should be added to the Kafka Connect. Required.
artifacts []object required
List of artifacts which belong to this connector plugin. Required.
artifact string
Maven artifact id. Applicable to the `maven` artifact type only.
fileName string
Name under which the artifact will be stored.
group string
Maven group id. Applicable to the `maven` artifact type only.
insecure boolean
By default, connections using TLS are verified to check they are secure. The server certificate used must be valid, trusted, and contain the server name. By setting this option to `true`, all TLS verification is disabled and the artifact will be downloaded, even when the server is considered insecure.
repository string
Maven repository to download the artifact from. Applicable to the `maven` artifact type only.
sha512sum string
SHA512 checksum of the artifact. Optional. If specified, the checksum will be verified while building the new container. If not specified, the downloaded artifact will not be verified. Not applicable to the `maven` artifact type.
type string required
Artifact type. Currently, the supported artifact types are `tgz`, `jar`, `zip`, `other` and `maven`.
enum: jar, tgz, zip, maven, other
url string
URL of the artifact which will be downloaded. Strimzi does not do any security scanning of the downloaded artifacts. For security reasons, you should first verify the artifacts manually and configure the checksum verification to make sure the same artifact is used in the automated build. Required for `jar`, `zip`, `tgz` and `other` artifacts. Not applicable to the `maven` artifact type.
pattern: ^(https?|ftp)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]$
version string
Maven version number. Applicable to the `maven` artifact type only.
name string required
The unique name of the connector plugin. Will be used to generate the path where the connector artifacts will be stored. The name has to be unique within the KafkaConnect resource. The name has to follow the following pattern: `^[a-z][-_a-z0-9]*[a-z]$`. Required.
pattern: ^[a-z0-9][-_a-z0-9]*[a-z0-9]$
resources object
CPU and memory resources to reserve for the build.
claims []object
name string
request string
limits object
requests object
clientRackInitImage string
The image of the init container used for initializing the `client.rack`.
config object
The Kafka Connect configuration. Properties with the following prefixes cannot be set: ssl., sasl., security., listeners, plugin.path, rest., bootstrap.servers, consumer.interceptor.classes, producer.interceptor.classes, prometheus.metrics.reporter. (with the exception of: ssl.endpoint.identification.algorithm, ssl.cipher.suites, ssl.protocol, ssl.enabled.protocols).
configStorageTopic string
The name of the Kafka topic where connector configurations are stored.
externalConfiguration object
Pass data from Secrets or ConfigMaps to the Kafka Connect pods and use them to configure connectors.
env []object
Makes data from a Secret or ConfigMap available in the Kafka Connect pods as environment variables.
name string required
Name of the environment variable which will be passed to the Kafka Connect pods. The name of the environment variable cannot start with `KAFKA_` or `STRIMZI_`.
valueFrom object required
Value of the environment variable which will be passed to the Kafka Connect pods. It can be passed either as a reference to Secret or ConfigMap field. The field has to specify exactly one Secret or ConfigMap.
configMapKeyRef object
Reference to a key in a ConfigMap.
key string
name string
optional boolean
secretKeyRef object
Reference to a key in a Secret.
key string
name string
optional boolean
volumes []object
Makes data from a Secret or ConfigMap available in the Kafka Connect pods as volumes.
configMap object
Reference to a key in a ConfigMap. Exactly one Secret or ConfigMap has to be specified.
defaultMode integer
items []object
key string
mode integer
path string
name string
optional boolean
name string required
Name of the volume which will be added to the Kafka Connect pods.
secret object
Reference to a key in a Secret. Exactly one Secret or ConfigMap has to be specified.
defaultMode integer
items []object
key string
mode integer
path string
optional boolean
secretName string
groupId string
A unique ID that identifies the Connect cluster group.
image string
The container image used for Kafka Connect pods. If no image name is explicitly specified, it is determined based on the `spec.version` configuration. The image names are specifically mapped to corresponding versions in the Cluster Operator configuration.
jmxOptions object
JMX Options.
authentication object
Authentication configuration for connecting to the JMX port.
type string required
Authentication type. Currently the only supported types are `password`.`password` type creates a username and protected port with no TLS.
enum: password
jvmOptions object
JVM Options for pods.
-XX object
A map of -XX options to the JVM.
-Xms string
-Xms option to to the JVM.
pattern: ^[0-9]+[mMgG]?$
-Xmx string
-Xmx option to to the JVM.
pattern: ^[0-9]+[mMgG]?$
gcLoggingEnabled boolean
Specifies whether the Garbage Collection logging is enabled. The default is false.
javaSystemProperties []object
A map of additional system properties which will be passed using the `-D` option to the JVM.
name string
The system property name.
value string
The system property value.
livenessProbe object
Pod liveness checking.
failureThreshold integer
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
minimum: 1
initialDelaySeconds integer
The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
minimum: 0
periodSeconds integer
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
minimum: 1
successThreshold integer
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
minimum: 1
timeoutSeconds integer
The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
minimum: 1
logging object
Logging configuration for Kafka Connect.
loggers object
A Map from logger name to logger level.
type string required
Logging type, must be either 'inline' or 'external'.
enum: inline, external
valueFrom object
`ConfigMap` entry where the logging configuration is stored.
configMapKeyRef object
Reference to the key in the ConfigMap containing the configuration.
key string
name string
optional boolean
metricsConfig object
Metrics configuration.
type string required
Metrics type. The supported types are `jmxPrometheusExporter` and `strimziMetricsReporter`. Type `jmxPrometheusExporter` uses the Prometheus JMX Exporter to expose Kafka JMX metrics in Prometheus format through an HTTP endpoint. Type `strimziMetricsReporter` uses the Strimzi Metrics Reporter to directly expose Kafka metrics in Prometheus format through an HTTP endpoint.
enum: jmxPrometheusExporter, strimziMetricsReporter
valueFrom object
ConfigMap entry where the Prometheus JMX Exporter configuration is stored.
configMapKeyRef object
Reference to the key in the ConfigMap containing the configuration.
key string
name string
optional boolean
values object
Configuration values for the Strimzi Metrics Reporter.
allowList []string
A list of regex patterns to filter the metrics to collect. Should contain at least one element.
offsetStorageTopic string
The name of the Kafka topic where source connector offsets are stored.
plugins []object
List of connector plugins to mount into the `KafkaConnect` pod.
artifacts []object required
List of artifacts associated with this connector plugin. Required.
pullPolicy string
Policy that determines when the container image (OCI artifact) is pulled. Possible values are: * `Always`: Always pull the image. If the pull fails, container creation fails. * `Never`: Never pull the image. Use only a locally available image. Container creation fails if the image isn’t present. * `IfNotPresent`: Pull the image only if it’s not already available locally. Container creation fails if the image isn’t present and the pull fails. Defaults to `Always` if `:latest` tag is specified, or `IfNotPresent` otherwise.
reference string required
Reference to the container image (OCI artifact) containing the Kafka Connect plugin. The image is mounted as a volume and provides the plugin binary. Required.
type string required
Artifact type. Currently, the only supported artifact type is `image`.
enum: image
name string required
A unique name for the connector plugin. This name is used to generate the mount path for the connector artifacts. The name has to be unique within the KafkaConnect resource. The name must be unique within the `KafkaConnect` resource and match the pattern: `^[a-z][-_a-z0-9]*[a-z]$`. Required.
pattern: ^[a-z0-9][-_a-z0-9]*[a-z0-9]$
rack object
Configuration of the node label which will be used as the `client.rack` consumer configuration.
topologyKey string required
A key that matches labels assigned to the Kubernetes cluster nodes. The value of the label is used to set a broker's `broker.rack` config, and the `client.rack` config for Kafka Connect or MirrorMaker 2.
readinessProbe object
Pod readiness checking.
failureThreshold integer
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
minimum: 1
initialDelaySeconds integer
The initial delay before first the health is first checked. Default to 15 seconds. Minimum value is 0.
minimum: 0
periodSeconds integer
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
minimum: 1
successThreshold integer
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
minimum: 1
timeoutSeconds integer
The timeout for each attempted health check. Default to 5 seconds. Minimum value is 1.
minimum: 1
replicas integer
The number of pods in the Kafka Connect group. Required in the `v1` version of the Strimzi API. Defaults to `3` in the `v1beta2` version of the Strimzi API.
resources object
The maximum limits for CPU and memory resources and the requested initial resources.
claims []object
name string
request string
limits object
requests object
statusStorageTopic string
The name of the Kafka topic where connector and task status are stored.
template object
Template for Kafka Connect and Kafka MirrorMaker 2 resources. The template allows users to specify how the `Pods`, `Service`, and other services are generated.
apiService object
Template for Kafka Connect API `Service`.
ipFamilies []string
Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting.
ipFamilyPolicy string
Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type.
enum: SingleStack, PreferDualStack, RequireDualStack
metadata object
Metadata applied to the resource.
annotations object
Annotations added to the Kubernetes resource.
labels object
Labels added to the Kubernetes resource.
buildConfig object
Template for the Kafka Connect BuildConfig used to build new container images. The BuildConfig is used only on OpenShift.
metadata object
Metadata to apply to the `PodDisruptionBudgetTemplate` resource.
annotations object
Annotations added to the Kubernetes resource.
labels object
Labels added to the Kubernetes resource.
pullSecret string
Container Registry Secret with the credentials for pulling the base image.
buildContainer object
Template for the Kafka Connect Build container. The build container is used only on Kubernetes.
env []object
Environment variables which should be applied to the container.
name string
The environment variable key.
value string
The environment variable value.
valueFrom object
Reference to the secret or config map property to which the environment variable is set.
configMapKeyRef object
Reference to a key in a config map.
key string
name string
optional boolean
secretKeyRef object
Reference to a key in a secret.
key string
name string
optional boolean
securityContext object
Security context for the container.
allowPrivilegeEscalation boolean
appArmorProfile object
localhostProfile string
type string
capabilities object
add []string
drop []string
privileged boolean
procMount string
readOnlyRootFilesystem boolean
runAsGroup integer
runAsNonRoot boolean
runAsUser integer
seLinuxOptions object
level string
role string
type string
user string
seccompProfile object
localhostProfile string
type string
windowsOptions object
gmsaCredentialSpec string
gmsaCredentialSpecName string
hostProcess boolean
runAsUserName string
volumeMounts []object
Additional volume mounts which should be applied to the container.
mountPath string
mountPropagation string
name string
readOnly boolean
recursiveReadOnly string
subPath string
subPathExpr string
buildPod object
Template for Kafka Connect Build `Pods`. The build pod is used only on Kubernetes.
affinity object
The pod's affinity rules.
nodeAffinity object
preferredDuringSchedulingIgnoredDuringExecution []object
preference object
matchExpressions []object
key string
operator string
values []string
matchFields []object
key string
operator string
values []string
weight integer
requiredDuringSchedulingIgnoredDuringExecution object
nodeSelectorTerms []object
matchExpressions []object
key string
operator string
values []string
matchFields []object
key string
operator string
values []string
podAffinity object
preferredDuringSchedulingIgnoredDuringExecution []object
podAffinityTerm object
labelSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
matchLabelKeys []string
mismatchLabelKeys []string
namespaceSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
namespaces []string
topologyKey string
weight integer
requiredDuringSchedulingIgnoredDuringExecution []object
labelSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
matchLabelKeys []string
mismatchLabelKeys []string
namespaceSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
namespaces []string
topologyKey string
podAntiAffinity object
preferredDuringSchedulingIgnoredDuringExecution []object
podAffinityTerm object
labelSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
matchLabelKeys []string
mismatchLabelKeys []string
namespaceSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
namespaces []string
topologyKey string
weight integer
requiredDuringSchedulingIgnoredDuringExecution []object
labelSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
matchLabelKeys []string
mismatchLabelKeys []string
namespaceSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
namespaces []string
topologyKey string
dnsConfig object
The pod's DNSConfig. If specified, it will be merged to the generated DNS configuration based on the DNSPolicy.
nameservers []string
options []object
name string
value string
searches []string
dnsPolicy string
The pod's DNSPolicy. Defaults to `ClusterFirst`. Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`.
enum: ClusterFirst, ClusterFirstWithHostNet, Default, None
enableServiceLinks boolean
Indicates whether information about services should be injected into Pod's environment variables.
hostAliases []object
The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
hostnames []string
ip string
hostUsers boolean
Use the host user namespace. Optional. Defaults to `true`. When `true` or not set, the pod runs in the host user namespace. This is required when the pod needs features available only in the host namespace, such as loading kernel modules with `CAP_SYS_MODULE`.When set to `false`, the pod runs in a new user namespace. Setting `false` helps mitigate container breakout vulnerabilities and allows containers to run as `root` without granting `root` privileges on the host. This property is alpha-level in Kubernetes and is supported only by Kubernetes clusters that enable the `UserNamespacesSupport` feature.
imagePullSecrets []object
List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored.
name string
metadata object
Metadata applied to the resource.
annotations object
Annotations added to the Kubernetes resource.
labels object
Labels added to the Kubernetes resource.
priorityClassName string
The name of the priority class used to assign priority to the pods.
schedulerName string
The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used.
securityContext object
Configures pod-level security attributes and common container settings.
appArmorProfile object
localhostProfile string
type string
fsGroup integer
fsGroupChangePolicy string
runAsGroup integer
runAsNonRoot boolean
runAsUser integer
seLinuxChangePolicy string
seLinuxOptions object
level string
role string
type string
user string
seccompProfile object
localhostProfile string
type string
supplementalGroups []integer
supplementalGroupsPolicy string
sysctls []object
name string
value string
windowsOptions object
gmsaCredentialSpec string
gmsaCredentialSpecName string
hostProcess boolean
runAsUserName string
terminationGracePeriodSeconds integer
The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds.
minimum: 0
tmpDirSizeLimit string
Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources.
pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$
tolerations []object
The pod's tolerations.
effect string
key string
operator string
tolerationSeconds integer
value string
topologySpreadConstraints []object
The pod's topology spread constraints.
labelSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
matchLabelKeys []string
maxSkew integer
minDomains integer
nodeAffinityPolicy string
nodeTaintsPolicy string
topologyKey string
whenUnsatisfiable string
volumes []object
Additional volumes that can be mounted to the pod.
configMap object
`ConfigMap` to use to populate the volume.
defaultMode integer
items []object
key string
mode integer
path string
name string
optional boolean
csi object
`CSIVolumeSource` object to use to populate the volume.
driver string
fsType string
nodePublishSecretRef object
name string
readOnly boolean
volumeAttributes object
emptyDir object
`EmptyDir` to use to populate the volume.
medium string
Medium represents the type of storage medium should back this volume. Valid values are unset or `Memory`. When not set, it will use the node's default medium.
enum: Memory
sizeLimit string
The total amount of local storage required for this EmptyDir volume (for example 1Gi).
pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$
image object
`ImageVolumeSource` object to use to populate the volume.
pullPolicy string
reference string
name string
Name to use for the volume. Required.
persistentVolumeClaim object
`PersistentVolumeClaim` object to use to populate the volume.
claimName string
readOnly boolean
secret object
`Secret` to use to populate the volume.
defaultMode integer
items []object
key string
mode integer
path string
optional boolean
secretName string
buildServiceAccount object
Template for the Kafka Connect Build service account.
metadata object
Metadata applied to the resource.
annotations object
Annotations added to the Kubernetes resource.
labels object
Labels added to the Kubernetes resource.
clusterRoleBinding object
Template for the Kafka Connect ClusterRoleBinding.
metadata object
Metadata applied to the resource.
annotations object
Annotations added to the Kubernetes resource.
labels object
Labels added to the Kubernetes resource.
connectContainer object
Template for the Kafka Connect container.
env []object
Environment variables which should be applied to the container.
name string
The environment variable key.
value string
The environment variable value.
valueFrom object
Reference to the secret or config map property to which the environment variable is set.
configMapKeyRef object
Reference to a key in a config map.
key string
name string
optional boolean
secretKeyRef object
Reference to a key in a secret.
key string
name string
optional boolean
securityContext object
Security context for the container.
allowPrivilegeEscalation boolean
appArmorProfile object
localhostProfile string
type string
capabilities object
add []string
drop []string
privileged boolean
procMount string
readOnlyRootFilesystem boolean
runAsGroup integer
runAsNonRoot boolean
runAsUser integer
seLinuxOptions object
level string
role string
type string
user string
seccompProfile object
localhostProfile string
type string
windowsOptions object
gmsaCredentialSpec string
gmsaCredentialSpecName string
hostProcess boolean
runAsUserName string
volumeMounts []object
Additional volume mounts which should be applied to the container.
mountPath string
mountPropagation string
name string
readOnly boolean
recursiveReadOnly string
subPath string
subPathExpr string
deployment object
Template for Kafka Connect `Deployment`.
deploymentStrategy string
Pod replacement strategy for deployment configuration changes. Valid values are `RollingUpdate` and `Recreate`. Defaults to `RollingUpdate`.
enum: RollingUpdate, Recreate
metadata object
Metadata applied to the resource.
annotations object
Annotations added to the Kubernetes resource.
labels object
Labels added to the Kubernetes resource.
headlessService object
Template for Kafka Connect headless `Service`.
ipFamilies []string
Specifies the IP Families used by the service. Available options are `IPv4` and `IPv6`. If unspecified, Kubernetes will choose the default value based on the `ipFamilyPolicy` setting.
ipFamilyPolicy string
Specifies the IP Family Policy used by the service. Available options are `SingleStack`, `PreferDualStack` and `RequireDualStack`. `SingleStack` is for a single IP family. `PreferDualStack` is for two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. `RequireDualStack` fails unless there are two IP families on dual-stack configured clusters. If unspecified, Kubernetes will choose the default value based on the service type.
enum: SingleStack, PreferDualStack, RequireDualStack
metadata object
Metadata applied to the resource.
annotations object
Annotations added to the Kubernetes resource.
labels object
Labels added to the Kubernetes resource.
initContainer object
Template for the Kafka init container.
env []object
Environment variables which should be applied to the container.
name string
The environment variable key.
value string
The environment variable value.
valueFrom object
Reference to the secret or config map property to which the environment variable is set.
configMapKeyRef object
Reference to a key in a config map.
key string
name string
optional boolean
secretKeyRef object
Reference to a key in a secret.
key string
name string
optional boolean
securityContext object
Security context for the container.
allowPrivilegeEscalation boolean
appArmorProfile object
localhostProfile string
type string
capabilities object
add []string
drop []string
privileged boolean
procMount string
readOnlyRootFilesystem boolean
runAsGroup integer
runAsNonRoot boolean
runAsUser integer
seLinuxOptions object
level string
role string
type string
user string
seccompProfile object
localhostProfile string
type string
windowsOptions object
gmsaCredentialSpec string
gmsaCredentialSpecName string
hostProcess boolean
runAsUserName string
volumeMounts []object
Additional volume mounts which should be applied to the container.
mountPath string
mountPropagation string
name string
readOnly boolean
recursiveReadOnly string
subPath string
subPathExpr string
jmxSecret object
Template for Secret of the Kafka Connect Cluster JMX authentication.
metadata object
Metadata applied to the resource.
annotations object
Annotations added to the Kubernetes resource.
labels object
Labels added to the Kubernetes resource.
pod object
Template for Kafka Connect `Pods`.
affinity object
The pod's affinity rules.
nodeAffinity object
preferredDuringSchedulingIgnoredDuringExecution []object
preference object
matchExpressions []object
key string
operator string
values []string
matchFields []object
key string
operator string
values []string
weight integer
requiredDuringSchedulingIgnoredDuringExecution object
nodeSelectorTerms []object
matchExpressions []object
key string
operator string
values []string
matchFields []object
key string
operator string
values []string
podAffinity object
preferredDuringSchedulingIgnoredDuringExecution []object
podAffinityTerm object
labelSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
matchLabelKeys []string
mismatchLabelKeys []string
namespaceSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
namespaces []string
topologyKey string
weight integer
requiredDuringSchedulingIgnoredDuringExecution []object
labelSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
matchLabelKeys []string
mismatchLabelKeys []string
namespaceSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
namespaces []string
topologyKey string
podAntiAffinity object
preferredDuringSchedulingIgnoredDuringExecution []object
podAffinityTerm object
labelSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
matchLabelKeys []string
mismatchLabelKeys []string
namespaceSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
namespaces []string
topologyKey string
weight integer
requiredDuringSchedulingIgnoredDuringExecution []object
labelSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
matchLabelKeys []string
mismatchLabelKeys []string
namespaceSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
namespaces []string
topologyKey string
dnsConfig object
The pod's DNSConfig. If specified, it will be merged to the generated DNS configuration based on the DNSPolicy.
nameservers []string
options []object
name string
value string
searches []string
dnsPolicy string
The pod's DNSPolicy. Defaults to `ClusterFirst`. Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`.
enum: ClusterFirst, ClusterFirstWithHostNet, Default, None
enableServiceLinks boolean
Indicates whether information about services should be injected into Pod's environment variables.
hostAliases []object
The pod's HostAliases. HostAliases is an optional list of hosts and IPs that will be injected into the Pod's hosts file if specified.
hostnames []string
ip string
hostUsers boolean
Use the host user namespace. Optional. Defaults to `true`. When `true` or not set, the pod runs in the host user namespace. This is required when the pod needs features available only in the host namespace, such as loading kernel modules with `CAP_SYS_MODULE`.When set to `false`, the pod runs in a new user namespace. Setting `false` helps mitigate container breakout vulnerabilities and allows containers to run as `root` without granting `root` privileges on the host. This property is alpha-level in Kubernetes and is supported only by Kubernetes clusters that enable the `UserNamespacesSupport` feature.
imagePullSecrets []object
List of references to secrets in the same namespace to use for pulling any of the images used by this Pod. When the `STRIMZI_IMAGE_PULL_SECRETS` environment variable in Cluster Operator and the `imagePullSecrets` option are specified, only the `imagePullSecrets` variable is used and the `STRIMZI_IMAGE_PULL_SECRETS` variable is ignored.
name string
metadata object
Metadata applied to the resource.
annotations object
Annotations added to the Kubernetes resource.
labels object
Labels added to the Kubernetes resource.
priorityClassName string
The name of the priority class used to assign priority to the pods.
schedulerName string
The name of the scheduler used to dispatch this `Pod`. If not specified, the default scheduler will be used.
securityContext object
Configures pod-level security attributes and common container settings.
appArmorProfile object
localhostProfile string
type string
fsGroup integer
fsGroupChangePolicy string
runAsGroup integer
runAsNonRoot boolean
runAsUser integer
seLinuxChangePolicy string
seLinuxOptions object
level string
role string
type string
user string
seccompProfile object
localhostProfile string
type string
supplementalGroups []integer
supplementalGroupsPolicy string
sysctls []object
name string
value string
windowsOptions object
gmsaCredentialSpec string
gmsaCredentialSpecName string
hostProcess boolean
runAsUserName string
terminationGracePeriodSeconds integer
The grace period is the duration in seconds after the processes running in the pod are sent a termination signal, and the time when the processes are forcibly halted with a kill signal. Set this value to longer than the expected cleanup time for your process. Value must be a non-negative integer. A zero value indicates delete immediately. You might need to increase the grace period for very large Kafka clusters, so that the Kafka brokers have enough time to transfer their work to another broker before they are terminated. Defaults to 30 seconds.
minimum: 0
tmpDirSizeLimit string
Defines the total amount of pod memory allocated for the temporary `EmptyDir` volume `/tmp`. Specify the allocation in memory units, for example, `100Mi` for 100 mebibytes. Default value is `5Mi`. The `/tmp` volume is backed by pod memory, not disk storage, so avoid setting a high value as it consumes pod memory resources.
pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$
tolerations []object
The pod's tolerations.
effect string
key string
operator string
tolerationSeconds integer
value string
topologySpreadConstraints []object
The pod's topology spread constraints.
labelSelector object
matchExpressions []object
key string
operator string
values []string
matchLabels object
matchLabelKeys []string
maxSkew integer
minDomains integer
nodeAffinityPolicy string
nodeTaintsPolicy string
topologyKey string
whenUnsatisfiable string
volumes []object
Additional volumes that can be mounted to the pod.
configMap object
`ConfigMap` to use to populate the volume.
defaultMode integer
items []object
key string
mode integer
path string
name string
optional boolean
csi object
`CSIVolumeSource` object to use to populate the volume.
driver string
fsType string
nodePublishSecretRef object
name string
readOnly boolean
volumeAttributes object
emptyDir object
`EmptyDir` to use to populate the volume.
medium string
Medium represents the type of storage medium should back this volume. Valid values are unset or `Memory`. When not set, it will use the node's default medium.
enum: Memory
sizeLimit string
The total amount of local storage required for this EmptyDir volume (for example 1Gi).
pattern: ^([0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$
image object
`ImageVolumeSource` object to use to populate the volume.
pullPolicy string
reference string
name string
Name to use for the volume. Required.
persistentVolumeClaim object
`PersistentVolumeClaim` object to use to populate the volume.
claimName string
readOnly boolean
secret object
`Secret` to use to populate the volume.
defaultMode integer
items []object
key string
mode integer
path string
optional boolean
secretName string
podDisruptionBudget object
Template for Kafka Connect `PodDisruptionBudget`.
maxUnavailable integer
Maximum number of unavailable pods to allow automatic Pod eviction. A Pod eviction is allowed when the `maxUnavailable` number of pods or fewer are unavailable after the eviction. Setting this value to 0 prevents all voluntary evictions, so the pods must be evicted manually. Defaults to 1.
minimum: 0
metadata object
Metadata to apply to the `PodDisruptionBudgetTemplate` resource.
annotations object
Annotations added to the Kubernetes resource.
labels object
Labels added to the Kubernetes resource.
podSet object
Template for Kafka Connect `StrimziPodSet` resource.
metadata object
Metadata applied to the resource.
annotations object
Annotations added to the Kubernetes resource.
labels object
Labels added to the Kubernetes resource.
serviceAccount object
Template for the Kafka Connect service account.
metadata object
Metadata applied to the resource.
annotations object
Annotations added to the Kubernetes resource.
labels object
Labels added to the Kubernetes resource.
tls object
TLS configuration.
trustedCertificates []object
Trusted certificates for TLS connection.
certificate string
The name of the file certificate in the secret.
pattern string
Pattern for the certificate files in the secret. Use the link:https://en.wikipedia.org/wiki/Glob_(programming)[_glob syntax_] for the pattern. All files in the secret that match the pattern are used.
secretName string required
The name of the Secret containing the certificate.
tracing object
The configuration of tracing in Kafka Connect.
type string required
Type of the tracing used. Currently the only supported type is `opentelemetry` for OpenTelemetry tracing. As of Strimzi 0.37.0, `jaeger` type is not supported anymore and this option is ignored.
enum: jaeger, opentelemetry
version string
The Kafka Connect version. Defaults to the latest version. Consult the user documentation to understand the process required to upgrade or downgrade the version.
status object
The status of the Kafka Connect cluster.
conditions []object
List of status conditions.
lastTransitionTime string
Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone.
message string
Human-readable message indicating details about the condition's last transition.
reason string
The reason for the condition's last transition (a single word in CamelCase).
status string
The status of the condition, either True, False or Unknown.
type string
The unique identifier of a condition, used to distinguish between other conditions in the resource.
connectorPlugins []object
The list of connector plugins available in this Kafka Connect deployment.
class string
The class of the connector plugin.
type string
The type of the connector plugin. The available types are `sink` and `source`.
version string
The version of the connector plugin.
labelSelector string
Label selector for pods providing this resource.
observedGeneration integer
The generation of the CRD that was last reconciled by the operator.
replicas integer
The current number of pods being used to provide this resource.
url string
The URL of the REST API endpoint for managing and monitoring Kafka Connect connectors.

No matches. Try .spec.authentication for an exact path

Copied!