Skip to content

Operator for Aiven Kafka topic and user management

License

Notifications You must be signed in to change notification settings

nais/kafkarator

Repository files navigation

Kafkarator

Kafkarator is a Kubernetes operator on the NAIS platform, providing self-service functionality for Aiven hosted Kafka through Kubernetes resources.

Kafkarator defines a Kubernetes custom resource, kafka.nais.io/Topic. When users create or update this resource, Kafkarator translates it to Aiven topics and ACL entries.

Kafkarator operator sequence diagram

User documentation

Developer documentation

Kafkarator uses earthly via earthlyw for building.

Use ./earthlyw +docker to build docker images for kafkarator and canary.

Verifying the kafkarator images and their contents

The images are signed "keylessly" using Sigstore cosign. To verify their authenticity run

cosign verify \
--certificate-identity "https://github.com/nais/kafkarator/.github/workflows/main.yml@refs/heads/master" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
europe-north1-docker.pkg.dev/nais-io/nais/images/kafkarator@sha256:<shasum>

The images are also attested with SBOMs in the CycloneDX format. You can verify these by running

cosign verify-attestation --type cyclonedx  \
--certificate-identity "https://github.com/nais/kafkarator/.github/workflows/main.yml@refs/heads/master" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
europe-north1-docker.pkg.dev/nais-io/nais/images/kafkarator@sha256:<shasum>