Apache Kafka Docker Clients

Available on Docker (CYLLiX Developer Tools Suite)

Benefits

• Free
• CVE Fixes
• No need to download and install Apache Kafka Clients on various Operating systems

Available images

• The following Images are available
  
  • kafkacli4_alpine
  • kafkacli_alpine
  • kafkacli_ubuntu
• Contains
  • Apache Kafka Client - Linux, Mac and Windows
  • git
  • java-utils

Working with the images

Creating an alias - for each of the image types

alias akcli_a() { docker run --rm -it  --user=kafka  cyllix/kafkacli4_alpine "$@" } 

alias akcli_a() { docker run --rm -it  --user=kafka  cyllix/kafkacli_alpine "$@" }

alias akcli_u() { docker run --rm -it  --user=kafka  cyllix/kafkacli_ubuntu "$@" } 

You could also create a single alias and use it with either

alias akcli() { docker run --rm -it -v .:/home/kafka/config -v /etc/hosts:/etc/hosts:ro  --user=kafka cyllix/kafkacli4_alpine "$@"; }

alias akcli() { docker run --rm -it  --user=kafka  cyllix/kafkacli4_alpine "$@" } 

OR

alias akcli() { docker run --rm -it -v .:/home/kafka/config -v /etc/hosts:/etc/hosts:ro  --user=kafka cyllix/kafkacli_alpine "$@"; }

alias akcli() { docker run --rm -it  --user=kafka  cyllix/kafkacli_alpine "$@" } 

Example Usage - Depends on ACL priviliges granted by the Admins to the sample application "track"

Note: If using against an unsecured cluster , the admin client command-config is not needed.

$ export BOOTSTRAP="akzk02.cyllix.ami:9092" # If using Zookeeper

OR

$ export BOOTSTRAP="akkr02.cyllix.ami:9092" # If using KRaft

List Topic

$ akcli kafka-topics.sh --bootstrap-server ${BOOTSTRAP}:9092  --list --command-config config/track.properties 

Create Topic

$ akcli kafka-topics.sh --bootstrap-server ${BOOTSTRAP}:9092  --create --topic mytopic --command-config config/track.properties

Describe Topic mytopic

$ akcli kafka-topics.sh --bootstrap-server ${BOOTSTRAP}  --describe --topic mytopic --command-config config/track.properties

List ACLs

$ akcli kafka-acls.sh --bootstrap-server ${BOOTSTRAP} --list --command-config config/track.properties

Create ACL for specific Topic

$ akcli kafka-acls.sh --bootstrap-server ${BOOTSTRAP} add_acl --add --allow-principal User:ksql --operation Describe --operation Read --operation DescribeConfigs --topic mytopic --command-config config/track.properties

- You could use --topic "*" or other wildcards for all or groups of Topics

$ akcli kafka-acls.sh --bootstrap-server ${BOOTSTRAP} add_acl --add --deny-principal User:* --operation Describe --operation Read --operation DescribeConfigs --topic "secure_topic_*" --command-config config/track.properties 

- Granting **selected** users for e.g., privuser access to Secure Topic

$ akcli kafka-acls.sh --bootstrap-server ${BOOTSTRAP} add_acl --add --allow-principal User:privuser --operation All --topic "secure_topic_*" --resource-pattern-type prefixed --command-config config/track.properties 

 - **Locking** Secure Topics - Remember **DENY** takes precedence

$ akcli kafka-acls.sh --bootstrap-server ${BOOTSTRAP} add_acl --add --deny-principal User:* --operation All --topic "secure_topic_*" --resource-pattern-type prefixed --command-config config/track.properties