Skip to content

scholzj/zoo-entrance

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits

.github/workflows

.github/workflows

 
 

stunnel-scripts

stunnel-scripts

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

deploy.yaml

deploy.yaml

 
 

Repository files navigation

ZooKeeper Entrance

This is not part of the Strimzi project!

Strimzi is a CNCF project which provides an operator for Apache Kafka. When Strimzi deploys the Kafka cluster, it keeps the ZooKeeper secure and inaccessible from any other application. This project deploys an Stunnel proxy which exposes the Zookeeper without any authentication and encryption. It is using the Cluster Operator certificate to authenticate against Zookeeper and handle encryption.

Strimzi has good reasons why not to expose ZooKeeper, such as security, stability, and performance. This proxy leaves the ZooKeeper cluster unprotected and everyone with access to the proxy and service can connect. So use only at your own risk!

Usage

To deploy the proxy, apply the deploy.yaml file:

kubectl apply -f deploy.yaml

That creates the deployment with the proxy named zoo-entrance, a service named zoo-entrance, and a Network Policy to allow the proxy to connect to the broker. You should deploy it into the same namespace where the Kafka cluster runs. From your application, you can just connect to zoo-entrance:2181 or from another namespace to zoo-entrance.<namespce>.svc:2181.

The deployment by default expects it is connecting to a Strimzi deployed Kafka cluster named my-cluster. When your cluster has a different name, you have to change the deployment:

  • The STRIMZI_ZOOKEEPER_CONNECT environment variable (line 32)
  • The name of the secret with the Cluster Operator key (line 65)
  • The name of the secret with the Cluster public key (line 69)
  • The match label in the Network Policy (line 106)

In all cases, just replace my-cluster with the name of your cluster.

Building the image

The Docker image is available on Docker Hub under ghcr.io/scholzj/zoo-entrance:latest. If you want to build your own, you can use make for it.

Define the following environment variables:

  • DOCKER_REGISTRY with the Docker registry you want to use (e.g. docker.io)
  • DOCKER_ORG with the name of your Docker organization (e.g. scholzj)
  • DOCKER_IMAGE with he name of the image (e.g. zoo-entrance)
  • DOCKER_TAG with the tag (e.g. latest)

Afterward, run either make all to build and push the Docker image or make docker_build and make docker_push to build and push it separately.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

53 stars

Watchers

4 watching

Forks

22 forks
Report repository

Releases

No releases published

Packages 1

 

Contributors 2

Languages