Page MenuHomePhabricator
Create Task
Maniphest T276088

Configuration Management for Kafka settings
Open, Stalled, LowPublic
Actions

Description

https://julieops.readthedocs.io/en/latest/

https://github.com/kafka-ops/julie

E.g.

topics:
- name: "foo" # topicName: context.source.foo.foo
  config:
    replication.factor: "2"
    num.partitions: "3"

And much more.

Event Timeline

Ottomata created this task.Mar 1 2021, 1:26 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 1 2021, 1:26 PM
Ottomata added a subscriber: Mholloway.Mar 1 2021, 1:29 PM
Ottomata triaged this task as Low priority.Mar 2 2021, 8:08 PM
Ottomata added a subscriber: colewhite.
elukey added a comment.EditedMar 3 2021, 7:35 AM

WOW, this would be really great to manage ACLs (at least on paper)

Ottomata added a comment.Mar 3 2021, 2:50 PM

I know, "only NINETY NINE CENTS...WOW" right?!

razzi edited projects, added Analytics-Clusters; removed Analytics.Mar 4 2021, 5:24 PM
Ottomata moved this task from Backlog to Triaged but not scheduled yet on the Analytics-Clusters board.Mar 9 2021, 5:50 PM
odimitrijevic added a project: Analytics-Radar.Dec 3 2021, 10:31 PM
Base subscribed.Apr 4 2022, 1:44 PM
LSobanski added a project: serviceops.Dec 1 2022, 12:02 PM
Ottomata added a project: Event-Platform.Dec 1 2022, 1:23 PM
Restricted Application added a project: Data-Engineering. · View Herald TranscriptDec 1 2022, 1:23 PM
EChetty edited projects, added Data-Engineering-Planning; removed Data-Engineering.Dec 1 2022, 2:13 PM
akosiaris edited projects, added serviceops-radar; removed serviceops.Dec 5 2022, 4:45 PM
akosiaris subscribed.Dec 5 2022, 4:55 PM

@Ottomata, @elukey any updates on this? Should we keep it open/close it/stall it?

Ottomata added a comment.Dec 5 2022, 5:02 PM

I would like to see config management for Kafka topics one day, ideally integrating with EventStreamConfig (or whatever we use to declare and manage streams (and their schemas).

However, for the most part, this is only useful if we have a lot of topics that need multiple partitions, or a practice of enforcing ACLs on topics. To do the ACLs right we also need some authentication for Kafka. We can do thise now with TLS certs, but automating the process of creating and deploying TLS certs for lots and lots of different users and streams isn't really (I think?) scalable. Kafka can use Kerberos...but Kerberos is a pain with k8s so... ¯\_(ツ)_/¯

Anyway, in summary, we would like to do this, but it is still low priority.

akosiaris changed the task status from Open to Stalled.Dec 5 2022, 5:28 PM

Cool, thanks for that write up @Ottomata. I am gonna switch to Stalled, to reflect noone is currently working on it but it's still a want to do.

EChetty moved this task from Backlog to Event Platform on the Data-Engineering-Planning board.Jan 6 2023, 12:15 PM
JArguello-WMF removed a project: Analytics-Clusters.Feb 24 2023, 12:38 PM
JArguello-WMF removed a project: Data-Engineering-Planning.Jun 29 2023, 9:51 PM
Restricted Application added a project: Data-Engineering. · View Herald TranscriptJun 29 2023, 9:51 PM
JArguello-WMF moved this task from Incoming (new tickets) to Event Platform Backlog on the Data-Engineering board.Jun 29 2023, 10:22 PM
JArguello-WMF added a project: Data Engineering and Event Platform Team.Jun 30 2023, 4:31 PM
JArguello-WMF moved this task from Data Eng Backlog to Event Platform Backlog on the Data Engineering and Event Platform Team board.Jun 30 2023, 4:38 PM
Ottomata renamed this task from Consider Julie for managing Kafka settings, perhaps even integrating with Event Stream Config to Configuration Management for Kafka settings.Oct 3 2023, 4:30 PM
Gehel added a project: Data-Platform-SRE.Oct 10 2023, 3:42 PM
Gehel moved this task from Incoming to Misc on the Data-Platform-SRE board.Oct 11 2023, 8:35 AM
lbowmaker removed a project: Data Engineering and Event Platform Team.Nov 10 2023, 2:29 PM
fkaelin subscribed.Dec 4 2023, 3:36 PM
Gehel moved this task from Misc to Toil / Automation on the Data-Platform-SRE board.Dec 6 2023, 1:30 PM
brouberol subscribed.Feb 1 2024, 1:38 PM

I've taken a couple of hours to whip up this PoC, very unimaginatively called kafka-configurator.

# This is what the test configuration looks like
brouberol@kafka-test1006:~$ cat kafka-configurator-config.yaml 
cluster:
  bootstrap: localhost:9092

features:
  create_missing:
    config: true
    acls: false
  delete_extra:
    config: false
    acls: false

topics:
   test-brouberol:
    config:
      retention.ms: '86200000'
      cleanup.policy: compact

# I check what config might already exist for this topic
brouberol@kafka-test1006:~$ kafka topics --describe --topic test-brouberol
Topic:test-brouberol	PartitionCount:1	ReplicationFactor:3	Configs:cleanup.policy=compact,delete # <-- existing config
	Topic: test-brouberol	Partition: 0	Leader: 1008	Replicas: 1008,1006,1007	Isr: 1008,1006,1007


# I run the script that should add one config (retention.ms) and update another (cleanup.policy)
brouberol@kafka-test1006:~$ ./kafka-configurator -c kafka-configurator-config.yaml
02/01/2024 13:27:55 [INFO] Applying the following configuration: {'test-brouberol': {'retention.ms': '86200000', 'cleanup.policy': 'compact'}}

# I make sure the script had the expected effect
brouberol@kafka-test1006:~$ kafka topics --describe --topic test-brouberol
kafka-topics --zookeeper zookeeper-test1002.eqiad.wmnet/kafka/test-eqiad --describe --topic test-brouberol
Topic:test-brouberol	PartitionCount:1	ReplicationFactor:3	Configs:retention.ms=86200000,cleanup.policy=compact
	Topic: test-brouberol	Partition: 0	Leader: 1008	Replicas: 1008,1006,1007	Isr: 1008,1006,1007

The script itself is very small and uses librdkafka, for forward-looking compatibility.

The way I see it, we could try to support 4 different cases:

  1. Adding/updating topic-level configuration when existing in the config file and not in kafka
  2. Deleting any topic-level configuration override existing in kafka and not in the config file
  3. Adding/updating ACLs when they exist in the config file and not in kafka
  4. Deleting any ACLs existing in kafka and not in the config file

Right now, the PoC only support scenario 1.

Ottomata added a comment.Feb 21 2024, 1:21 AM

Just came across https://www.jikkou.io/docs/tutorials/get_started/ . Worth a look!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL