We have a data flow from analytics cluster to elasticsearch to update page ranks. This requires an exception in our firewall rules. The initial discussion (T120281) when opening the firewall was to migrate this flow to kafka at some point and remove this exception. We did not create a task to track this at that time, and unsurprisingly, we are still using a direct connection instead of kafka.
If kafka is still the correct long term solution, we should plan to implement it.