Kafkarator is a Kubernetes operator on the NAIS platform, providing self-service functionality for Aiven hosted Kafka through Kubernetes resources.
Kafkarator defines a Kubernetes custom resource, kafka.nais.io/Topic
. When users create or update this resource,
Kafkarator translates it to Aiven topics and ACL entries.
Kafkarator uses earthly via earthlyw for building.
Use ./earthlyw +docker
to build docker images for kafkarator and canary.
The images are signed "keylessly" using Sigstore cosign. To verify their authenticity run
cosign verify \
--certificate-identity "https://github.com/nais/kafkarator/.github/workflows/main.yml@refs/heads/master" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
europe-north1-docker.pkg.dev/nais-io/nais/images/kafkarator@sha256:<shasum>
The images are also attested with SBOMs in the CycloneDX format. You can verify these by running
cosign verify-attestation --type cyclonedx \
--certificate-identity "https://github.com/nais/kafkarator/.github/workflows/main.yml@refs/heads/master" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
europe-north1-docker.pkg.dev/nais-io/nais/images/kafkarator@sha256:<shasum>