SlideShare a Scribd company logo

Data-Streaming at DKV

confluent, profile picture
confluent

Management for Kafka is a tool that applies GitOps to orchestrate Kafka clusters. It manages Kafka entities like topics and service accounts through structured storage and parameterizable scripts. The CLI pod for Kafka allows developers to debug securely following least privilege by deploying pods with service account credentials and automatically cleaning up.

Software
1 of 16
Downloaded 17 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Data-Streaming at DKV Tobias Gockel, Alexander Kropp Frankfurt, 20.10.2022 GitOps-Integration for the management of Kafka resources
Management Summary Tobias Gockel Team manager Platform Customer Product Services @ DKV Mobility Alexander Kropp IT Consultant Starting with the context of how our organization is built around cross functional product teams and how we are developing software at DKV we want to describe two solutions for working with Kafka: Management for Kafka is a tool that applies the GitOps approach1 to Kafka cluster orchestration. The CLI pod for Kafka allows developers to comfortably debug following the principle of least privilege2. 1 GitOps is an operational framework that takes DevOps best practices used for application development such as version control, collaboration, compliance, and CI/CD tooling, and applies them to infrastructure automation. 2 A subject should be given only those privileges needed for it to complete its task. 2
Data-Streaming: Organizational context Customer Product Services: CPS develops digital products in the cloud for our customers. Platform-Team Cockpit Framework Pricing and Maps Produkt-Team 1 Produkt-Team 2 Produkt-Team 3 Produkt-Team 4 Produkt-Team 5 Produkt-Team 6 Platform-Team Cloud Infrastructure CI/CD Toolchain Kafka Cluster IAM Integrated Portal Smartphone App Framework Development Product Development Customer Product Services App Framework 3 Self-enablement Scalability Security Automation Key principles:
Data-Streaming: Motivation Kafka orchestration at DKV Mobility Agile Software Development at DKV Mobility Fairly mature and modern stack and process GUI via confluent Control Center No access for developers Cumbersome workflow for creating Kafka resources - Topics - Service Accounts - ACLs1 - API-Keys No agile development and not a mature and efficient process 1 Access Control Lists Local development Remote development Dev/Test stage Test/PreProd stage Prod stage Operations 4
Management for Kafka: Technical context VNET peering Confluent Cloud DKV Azure Cloud Dev Test Pre Prod Kubernetes Cluster Kafka Connect Cluster inside Kubernetes Azure Resources Self-hosted agents Self-enablement Scalability Security Automation Key principles: Dev/Test Pre Prod Dedicated Cluster VNET peered Multi Availability Zones 5
Management for Kafka - Architecture 6 Management for Kafka Entity Management Topics Service Accounts ACLs Validation Data Schema Policies Consistency Checks Planning Desired State Current State Changes Deployment Creation Deletion Updating Secret Handling
Management for Kafka – Entity Management 7 Management for Kafka Entity Management Topics Service Accounts ACLs Validation Data Schema Policies Consistency Checks Planning Desired State Current State Changes Deployment Creation Deletion Updating Secret Handling • Structured storing of Kafka entities • Parameterized scripts to create, update or delete Kafka entities • Uses the validation component to check if changes are allowed • Parameterized pipelines to simplify the Kafka entity management • Avoid wrong inputs • Simplifies to be compliant to policies • Automated pull requests • Create multiple resources at once • Low complexity • Alternatively manual pull requests Characteristics
Management for Kafka - Validation 8 Management for Kafka Entity Management Topics Service Accounts ACLs Validation Data Schema Policies Consistency Checks Planning Desired State Current State Changes Deployment Creation Deletion Updating Secret Handling • Validates data schemes of Kafka entities • Topic config in the correct format? • Config contains only possible values and no nonsense? • Customizable policies of Kafka entities • Naming conventions • Required metadata • Config restrictions for topics or service accounts • Consistency checks • Is there a specific stage order? (e. g. topics should only exist on higher stages if they are already on lower stages) • Should a Kafka entity exist and not exist at the same time? Characteristics
Management for Kafka - Planning 9 Management for Kafka Entity Management Topics Service Accounts ACLs Validation Data Schema Policies Consistency Checks Planning Desired State Current State Changes Deployment Creation Deletion Updating Secret Handling • Combines all stored Kafka entities to create a desired state • Validation component to check if Kafka entities are valid • Topics and service accounts which should or should not exist • Topic configurations • API-Keys which should exist (supports Kafka cluster and Confluent schema registry) • ACLs which should exist • Uses API to get the current state • Compares current state with desired states • Creates a plan with changes • Does not change resources which are not part of Kafka management • Wrapped inside a parameterizable pipeline Characteristics
Management for Kafka - Deployment 10 Management for Kafka Entity Management Topics Service Accounts ACLs Validation Data Schema Policies Consistency Checks Planning Desired State Current State Changes Deployment Creation Deletion Updating Secret Handling • Deploys changes according to the plan • Outputs results • Actual created, updated or deleted Kafka entities • Stores API-Keys • Wrapped inside a parameterizable pipeline • Approvals • Stores API-Keys automatically to dedicated Azure Key Vaults Characteristics
Management for Kafka - Summary 11 Management for Kafka Entity Management Topics Service Accounts ACLs Validation Data Schema Policies Consistency Checks Planning Desired State Current State Changes Deployment Creation Deletion Updating Secret Handling Self-enablement Scalability Security Automation Key principles: Easy to use
Debugging Kafka - Motivation 12 Services access the Kafka cluster with dedicated service accounts with a limited set of ACLs Initial situation principle of least privilege Why should developers do that differently? (e. g. personal accounts with access on (almost) everything) Let us create a self-service to enable the developers to securely debug their specific Kafka resources! Our vision ☺
Debugging Kafka - Solution 13 1 2 4 3 5 Request Pod via Azure DevOps Get credentials for Service Account Deploy Debug service Clean up automatically Step description 1 2 3 4 5 Workflow
Debugging Kafka - Solution 14 • Self-service to create Kubernetes deployment to debug Kafka • Same approval rules as other deployments • Contains Kafka-CLI scripts and custom scripts • Access rights of a specific service account • Enforces that teams can only use service accounts which belong to them • Gets cleaned up automatically • Convenient and secure way to debug Kafka applications Characteristics Self-enablement Scalability Security Automation Key principles: 1 2 3 4 5 Workflow Request Pod Get credentials Deploy Debug Clean up
Data Streaming @ DKV – Wrap Up Kafka orchestration at DKV Mobility Agile Software Development at DKV Mobility Fairly mature and modern stack and process Local development Remote development Dev/Test stage Test/PreProd stage Prod stage Operations Fairly mature and modern stack and process Key principles Self-enablement Scalability Security Automation 15
16

More Related Content

PDF
Cut the elephant into slices using stream-processing
confluent
 
PDF
Bye Bye Batch, Hallo Events: Der Kafka-Weg von SIEMENS in die Cloud
confluent
 
PDF
Mit Streaming die Brücken zum Erfolg bauen
confluent
 
PDF
Ist Daten-Liberalismus der richtige Weg?
confluent
 
PDF
Data in Motion bei LKW WALTER
confluent
 
PDF
With events to a modern integration architecture
confluent
 
PDF
Cloud Streaming Platform @Generali Switzerland
confluent
 
PDF
How to govern and secure a Data Mesh?
confluent
 
Cut the elephant into slices using stream-processing
confluent
 
Bye Bye Batch, Hallo Events: Der Kafka-Weg von SIEMENS in die Cloud
confluent
 
Mit Streaming die Brücken zum Erfolg bauen
confluent
 
Ist Daten-Liberalismus der richtige Weg?
confluent
 
Data in Motion bei LKW WALTER
confluent
 
With events to a modern integration architecture
confluent
 
Cloud Streaming Platform @Generali Switzerland
confluent
 
How to govern and secure a Data Mesh?
confluent
 

What's hot (20)

PPSX
Apache Flink, AWS Kinesis, Analytics
Araf Karsh Hamid
 
PDF
Does Kafka deliver what is needed?
confluent
 
PPTX
The Top 5 Apache Kafka Use Cases and Architectures in 2022
Kai Wähner
 
PPTX
An Introduction to Confluent Cloud: Apache Kafka as a Service
confluent
 
PDF
Real-Life Use Cases & Architectures for Event Streaming with Apache Kafka
Kai Wähner
 
PDF
Oil tankers and helicopters: Convergence of BI and UX in banking
confluent
 
PPTX
CQRS and Event Sourcing, An Alternative Architecture for DDD
Dennis Doomen
 
PDF
Sub-Second SQL Search, Aggregations and Joins with Kafka and Rockset | Dhruba...
HostedbyConfluent
 
PDF
When NOT to use Apache Kafka?
Kai Wähner
 
PPTX
Data Streaming with Apache Kafka & MongoDB
confluent
 
PDF
Modern Data Flow
confluent
 
PDF
Introduction to Kafka Streams
Guozhang Wang
 
PDF
Unified Stream and Batch Processing with Apache Flink
DataWorks Summit/Hadoop Summit
 
PDF
Seamless Guest Experience with Kafka Streams (Ramaraju Indukurir and Himani A...
confluent
 
PPTX
Microservices Part 3 Service Mesh and Kafka
Araf Karsh Hamid
 
PPT
Three layer API Design Architecture
Harish Kumar
 
PDF
KSQL Intro
confluent
 
PDF
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
HostedbyConfluent
 
PDF
Real Time Analytics: Algorithms and Systems
Arun Kejariwal
 
PDF
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Kai Wähner
 
Apache Flink, AWS Kinesis, Analytics
Araf Karsh Hamid
 
Does Kafka deliver what is needed?
confluent
 
The Top 5 Apache Kafka Use Cases and Architectures in 2022
Kai Wähner
 
An Introduction to Confluent Cloud: Apache Kafka as a Service
confluent
 
Real-Life Use Cases & Architectures for Event Streaming with Apache Kafka
Kai Wähner
 
Oil tankers and helicopters: Convergence of BI and UX in banking
confluent
 
CQRS and Event Sourcing, An Alternative Architecture for DDD
Dennis Doomen
 
Sub-Second SQL Search, Aggregations and Joins with Kafka and Rockset | Dhruba...
HostedbyConfluent
 
When NOT to use Apache Kafka?
Kai Wähner
 
Data Streaming with Apache Kafka & MongoDB
confluent
 
Modern Data Flow
confluent
 
Introduction to Kafka Streams
Guozhang Wang
 
Unified Stream and Batch Processing with Apache Flink
DataWorks Summit/Hadoop Summit
 
Seamless Guest Experience with Kafka Streams (Ramaraju Indukurir and Himani A...
confluent
 
Microservices Part 3 Service Mesh and Kafka
Araf Karsh Hamid
 
Three layer API Design Architecture
Harish Kumar
 
KSQL Intro
confluent
 
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
HostedbyConfluent
 
Real Time Analytics: Algorithms and Systems
Arun Kejariwal
 
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Kai Wähner
 
Ad

Similar to Data-Streaming at DKV (20)

PPTX
Data In Motion Paris 2023
confluent
 
PDF
Kafka as a service in your organsation
Sion Smith
 
PDF
The Age of the Clusters: Offering Kafka as a Service in Your Organisation wit...
HostedbyConfluent
 
PDF
APAC Kafka Summit - Best Of
confluent
 
PDF
Self-hosting Kafka at Scale: Netflix's Journey & Challenges
Nick Mahilani
 
PPTX
Apache Kafka at LinkedIn
Guozhang Wang
 
PPTX
Kafka Tutorial: Streaming Data Architecture
Jean-Paul Azar
 
PDF
Event Driven Architectures with Apache Kafka on Heroku
Heroku
 
PDF
kafka-tutorial-cloudruable-v2.pdf
PriyamTomar1
 
PDF
Introduction to Apache Kafka and why it matters - Madrid
Paolo Castagna
 
PPTX
Kafka Tutorial - Introduction to Apache Kafka (Part 1)
Jean-Paul Azar
 
PDF
Data protection in a kubernetes-native world
LibbySchulze
 
PDF
Cruise Control: Effortless management of Kafka clusters
Prateek Maheshwari
 
PPTX
IIoT with Kafka and Machine Learning for Supply Chain Optimization In Real Ti...
Kai Wähner
 
PPTX
Apache Kafka® + Machine Learning for Supply Chain 
confluent
 
PPTX
Bridge Your Kafka Streams to Azure Webinar
confluent
 
PDF
Kafka In Action Meap V12 Meap Dylan D Scott Viktor Gamov Dave Klein
gygerurwind8
 
PDF
Scaling Kafka Permission Management to a Multi-Team Environment (Ivan Greguri...
confluent
 
PDF
Telco 4.0 - Payment and FinServ Integration for Data in Motion with 5G and Ap...
Kai Wähner
 
PPTX
Putting Kafka In Jail – Best Practices To Run Kafka On Kubernetes & DC/OS
Lightbend
 
Data In Motion Paris 2023
confluent
 
Kafka as a service in your organsation
Sion Smith
 
The Age of the Clusters: Offering Kafka as a Service in Your Organisation wit...
HostedbyConfluent
 
APAC Kafka Summit - Best Of
confluent
 
Self-hosting Kafka at Scale: Netflix's Journey & Challenges
Nick Mahilani
 
Apache Kafka at LinkedIn
Guozhang Wang
 
Kafka Tutorial: Streaming Data Architecture
Jean-Paul Azar
 
Event Driven Architectures with Apache Kafka on Heroku
Heroku
 
kafka-tutorial-cloudruable-v2.pdf
PriyamTomar1
 
Introduction to Apache Kafka and why it matters - Madrid
Paolo Castagna
 
Kafka Tutorial - Introduction to Apache Kafka (Part 1)
Jean-Paul Azar
 
Data protection in a kubernetes-native world
LibbySchulze
 
Cruise Control: Effortless management of Kafka clusters
Prateek Maheshwari
 
IIoT with Kafka and Machine Learning for Supply Chain Optimization In Real Ti...
Kai Wähner
 
Apache Kafka® + Machine Learning for Supply Chain 
confluent
 
Bridge Your Kafka Streams to Azure Webinar
confluent
 
Kafka In Action Meap V12 Meap Dylan D Scott Viktor Gamov Dave Klein
gygerurwind8
 
Scaling Kafka Permission Management to a Multi-Team Environment (Ivan Greguri...
confluent
 
Telco 4.0 - Payment and FinServ Integration for Data in Motion with 5G and Ap...
Kai Wähner
 
Putting Kafka In Jail – Best Practices To Run Kafka On Kubernetes & DC/OS
Lightbend
 
Ad

More from confluent (20)

PDF
Stream Processing Handson Workshop - Flink SQL Hands-on Workshop (Korean)
confluent
 
PPTX
Webinar Think Right - Shift Left - 19-03-2025.pptx
confluent
 
PDF
Migration, backup and restore made easy using Kannika
confluent
 
PDF
Five Things You Need to Know About Data Streaming in 2025
confluent
 
PDF
Data in Motion Tour Seoul 2024 - Keynote
confluent
 
PDF
Data in Motion Tour Seoul 2024 - Roadmap Demo
confluent
 
PDF
From Stream to Screen: Real-Time Data Streaming to Web Frontends with Conflue...
confluent
 
PDF
Confluent per il settore FSI: Accelerare l'Innovazione con il Data Streaming...
confluent
 
PDF
Data in Motion Tour 2024 Riyadh, Saudi Arabia
confluent
 
PDF
Build a Real-Time Decision Support Application for Financial Market Traders w...
confluent
 
PDF
Strumenti e Strategie di Stream Governance con Confluent Platform
confluent
 
PDF
Compose Gen-AI Apps With Real-Time Data - In Minutes, Not Weeks
confluent
 
PDF
Building Real-Time Gen AI Applications with SingleStore and Confluent
confluent
 
PDF
Unlocking value with event-driven architecture by Confluent
confluent
 
PDF
Il Data Streaming per un’AI real-time di nuova generazione
confluent
 
PDF
Unleashing the Future: Building a Scalable and Up-to-Date GenAI Chatbot with ...
confluent
 
PDF
Break data silos with real-time connectivity using Confluent Cloud Connectors
confluent
 
PDF
Building API data products on top of your real-time data infrastructure
confluent
 
PDF
Speed Wins: From Kafka to APIs in Minutes
confluent
 
PDF
Evolving Data Governance for the Real-time Streaming and AI Era
confluent
 
Stream Processing Handson Workshop - Flink SQL Hands-on Workshop (Korean)
confluent
 
Webinar Think Right - Shift Left - 19-03-2025.pptx
confluent
 
Migration, backup and restore made easy using Kannika
confluent
 
Five Things You Need to Know About Data Streaming in 2025
confluent
 
Data in Motion Tour Seoul 2024 - Keynote
confluent
 
Data in Motion Tour Seoul 2024 - Roadmap Demo
confluent
 
From Stream to Screen: Real-Time Data Streaming to Web Frontends with Conflue...
confluent
 
Confluent per il settore FSI: Accelerare l'Innovazione con il Data Streaming...
confluent
 
Data in Motion Tour 2024 Riyadh, Saudi Arabia
confluent
 
Build a Real-Time Decision Support Application for Financial Market Traders w...
confluent
 
Strumenti e Strategie di Stream Governance con Confluent Platform
confluent
 
Compose Gen-AI Apps With Real-Time Data - In Minutes, Not Weeks
confluent
 
Building Real-Time Gen AI Applications with SingleStore and Confluent
confluent
 
Unlocking value with event-driven architecture by Confluent
confluent
 
Il Data Streaming per un’AI real-time di nuova generazione
confluent
 
Unleashing the Future: Building a Scalable and Up-to-Date GenAI Chatbot with ...
confluent
 
Break data silos with real-time connectivity using Confluent Cloud Connectors
confluent
 
Building API data products on top of your real-time data infrastructure
confluent
 
Speed Wins: From Kafka to APIs in Minutes
confluent
 
Evolving Data Governance for the Real-time Streaming and AI Era
confluent
 

Recently uploaded (20)

PDF
An Experience-Based Look at AI Lead Generation Pricing, Features & B2B Results
Thomas albart
 
PDF
Generating Union types w/ Static Analysis
K. Matthew Dupree
 
PDF
Balancing Resource Capacity and Workloads with OnePlan – Avoid Overloading Te...
OnePlan Solutions
 
PPT
Why Reliable Server Maintenance Service in New York is Crucial for Your Business
Sam Vohra
 
PDF
lesson-2-rules-of-netiquette.pdf.bshhsjdj
jasmenrojas249
 
PPTX
classification of computer and basic part of digital computer
ravisinghrajpurohit3
 
PDF
Key Features to Look for in Arizona App Development Services
Net-Craft.com
 
PPTX
ConcordeApp: Engineering Global Impact & Unlocking Billions in Event ROI with AI
chastechaste14
 
PPTX
Visualising Data with Scatterplots in IBM SPSS Statistics.pptx
Version 1 Analytics
 
PDF
New Download MiniTool Partition Wizard Crack Latest Version 2025
imang66g
 
PDF
Using licensed Data Loss Prevention (DLP) as a strategic proactive data secur...
Q-Advise
 
PPTX
Role Of Python In Programing Language.pptx
jaykoshti048
 
PPTX
TRAVEL APIs | WHITE LABEL TRAVEL API | TOP TRAVEL APIs
philipnathen82
 
PPTX
Explanation about Structures in C language.pptx
Veeral Rathod
 
PPTX
Presentation about variables and constant.pptx
kr2589474
 
PPTX
GALILEO CRS SYSTEM | GALILEO TRAVEL SOFTWARE
philipnathen82
 
PDF
49784907924775488180_LRN2959_Data_Pump_23ai.pdf
Abilash868456
 
PDF
49785682629390197565_LRN3014_Migrating_the_Beast.pdf
Abilash868456
 
PPTX
Contractor Management Platform and Software Solution for Compliance
SHEQ Network Limited
 
PPTX
AI-Ready Handoff: Auto-Summaries & Draft Emails from MQL to Slack in One Flow
bbedford2
 
An Experience-Based Look at AI Lead Generation Pricing, Features & B2B Results
Thomas albart
 
Generating Union types w/ Static Analysis
K. Matthew Dupree
 
Balancing Resource Capacity and Workloads with OnePlan – Avoid Overloading Te...
OnePlan Solutions
 
Why Reliable Server Maintenance Service in New York is Crucial for Your Business
Sam Vohra
 
lesson-2-rules-of-netiquette.pdf.bshhsjdj
jasmenrojas249
 
classification of computer and basic part of digital computer
ravisinghrajpurohit3
 
Key Features to Look for in Arizona App Development Services
Net-Craft.com
 
ConcordeApp: Engineering Global Impact & Unlocking Billions in Event ROI with AI
chastechaste14
 
Visualising Data with Scatterplots in IBM SPSS Statistics.pptx
Version 1 Analytics
 
New Download MiniTool Partition Wizard Crack Latest Version 2025
imang66g
 
Using licensed Data Loss Prevention (DLP) as a strategic proactive data secur...
Q-Advise
 
Role Of Python In Programing Language.pptx
jaykoshti048
 
TRAVEL APIs | WHITE LABEL TRAVEL API | TOP TRAVEL APIs
philipnathen82
 
Explanation about Structures in C language.pptx
Veeral Rathod
 
Presentation about variables and constant.pptx
kr2589474
 
GALILEO CRS SYSTEM | GALILEO TRAVEL SOFTWARE
philipnathen82
 
49784907924775488180_LRN2959_Data_Pump_23ai.pdf
Abilash868456
 
49785682629390197565_LRN3014_Migrating_the_Beast.pdf
Abilash868456
 
Contractor Management Platform and Software Solution for Compliance
SHEQ Network Limited
 
AI-Ready Handoff: Auto-Summaries & Draft Emails from MQL to Slack in One Flow
bbedford2
 

Data-Streaming at DKV

  • 1. Data-Streaming at DKV Tobias Gockel, Alexander Kropp Frankfurt, 20.10.2022 GitOps-Integration for the management of Kafka resources
  • 2. Management Summary Tobias Gockel Team manager Platform Customer Product Services @ DKV Mobility Alexander Kropp IT Consultant Starting with the context of how our organization is built around cross functional product teams and how we are developing software at DKV we want to describe two solutions for working with Kafka: Management for Kafka is a tool that applies the GitOps approach1 to Kafka cluster orchestration. The CLI pod for Kafka allows developers to comfortably debug following the principle of least privilege2. 1 GitOps is an operational framework that takes DevOps best practices used for application development such as version control, collaboration, compliance, and CI/CD tooling, and applies them to infrastructure automation. 2 A subject should be given only those privileges needed for it to complete its task. 2
  • 3. Data-Streaming: Organizational context Customer Product Services: CPS develops digital products in the cloud for our customers. Platform-Team Cockpit Framework Pricing and Maps Produkt-Team 1 Produkt-Team 2 Produkt-Team 3 Produkt-Team 4 Produkt-Team 5 Produkt-Team 6 Platform-Team Cloud Infrastructure CI/CD Toolchain Kafka Cluster IAM Integrated Portal Smartphone App Framework Development Product Development Customer Product Services App Framework 3 Self-enablement Scalability Security Automation Key principles:
  • 4. Data-Streaming: Motivation Kafka orchestration at DKV Mobility Agile Software Development at DKV Mobility Fairly mature and modern stack and process GUI via confluent Control Center No access for developers Cumbersome workflow for creating Kafka resources - Topics - Service Accounts - ACLs1 - API-Keys No agile development and not a mature and efficient process 1 Access Control Lists Local development Remote development Dev/Test stage Test/PreProd stage Prod stage Operations 4
  • 5. Management for Kafka: Technical context VNET peering Confluent Cloud DKV Azure Cloud Dev Test Pre Prod Kubernetes Cluster Kafka Connect Cluster inside Kubernetes Azure Resources Self-hosted agents Self-enablement Scalability Security Automation Key principles: Dev/Test Pre Prod Dedicated Cluster VNET peered Multi Availability Zones 5
  • 6. Management for Kafka - Architecture 6 Management for Kafka Entity Management Topics Service Accounts ACLs Validation Data Schema Policies Consistency Checks Planning Desired State Current State Changes Deployment Creation Deletion Updating Secret Handling
  • 7. Management for Kafka – Entity Management 7 Management for Kafka Entity Management Topics Service Accounts ACLs Validation Data Schema Policies Consistency Checks Planning Desired State Current State Changes Deployment Creation Deletion Updating Secret Handling • Structured storing of Kafka entities • Parameterized scripts to create, update or delete Kafka entities • Uses the validation component to check if changes are allowed • Parameterized pipelines to simplify the Kafka entity management • Avoid wrong inputs • Simplifies to be compliant to policies • Automated pull requests • Create multiple resources at once • Low complexity • Alternatively manual pull requests Characteristics
  • 8. Management for Kafka - Validation 8 Management for Kafka Entity Management Topics Service Accounts ACLs Validation Data Schema Policies Consistency Checks Planning Desired State Current State Changes Deployment Creation Deletion Updating Secret Handling • Validates data schemes of Kafka entities • Topic config in the correct format? • Config contains only possible values and no nonsense? • Customizable policies of Kafka entities • Naming conventions • Required metadata • Config restrictions for topics or service accounts • Consistency checks • Is there a specific stage order? (e. g. topics should only exist on higher stages if they are already on lower stages) • Should a Kafka entity exist and not exist at the same time? Characteristics
  • 9. Management for Kafka - Planning 9 Management for Kafka Entity Management Topics Service Accounts ACLs Validation Data Schema Policies Consistency Checks Planning Desired State Current State Changes Deployment Creation Deletion Updating Secret Handling • Combines all stored Kafka entities to create a desired state • Validation component to check if Kafka entities are valid • Topics and service accounts which should or should not exist • Topic configurations • API-Keys which should exist (supports Kafka cluster and Confluent schema registry) • ACLs which should exist • Uses API to get the current state • Compares current state with desired states • Creates a plan with changes • Does not change resources which are not part of Kafka management • Wrapped inside a parameterizable pipeline Characteristics
  • 10. Management for Kafka - Deployment 10 Management for Kafka Entity Management Topics Service Accounts ACLs Validation Data Schema Policies Consistency Checks Planning Desired State Current State Changes Deployment Creation Deletion Updating Secret Handling • Deploys changes according to the plan • Outputs results • Actual created, updated or deleted Kafka entities • Stores API-Keys • Wrapped inside a parameterizable pipeline • Approvals • Stores API-Keys automatically to dedicated Azure Key Vaults Characteristics
  • 11. Management for Kafka - Summary 11 Management for Kafka Entity Management Topics Service Accounts ACLs Validation Data Schema Policies Consistency Checks Planning Desired State Current State Changes Deployment Creation Deletion Updating Secret Handling Self-enablement Scalability Security Automation Key principles: Easy to use
  • 12. Debugging Kafka - Motivation 12 Services access the Kafka cluster with dedicated service accounts with a limited set of ACLs Initial situation principle of least privilege Why should developers do that differently? (e. g. personal accounts with access on (almost) everything) Let us create a self-service to enable the developers to securely debug their specific Kafka resources! Our vision ☺
  • 13. Debugging Kafka - Solution 13 1 2 4 3 5 Request Pod via Azure DevOps Get credentials for Service Account Deploy Debug service Clean up automatically Step description 1 2 3 4 5 Workflow
  • 14. Debugging Kafka - Solution 14 • Self-service to create Kubernetes deployment to debug Kafka • Same approval rules as other deployments • Contains Kafka-CLI scripts and custom scripts • Access rights of a specific service account • Enforces that teams can only use service accounts which belong to them • Gets cleaned up automatically • Convenient and secure way to debug Kafka applications Characteristics Self-enablement Scalability Security Automation Key principles: 1 2 3 4 5 Workflow Request Pod Get credentials Deploy Debug Clean up
  • 15. Data Streaming @ DKV – Wrap Up Kafka orchestration at DKV Mobility Agile Software Development at DKV Mobility Fairly mature and modern stack and process Local development Remote development Dev/Test stage Test/PreProd stage Prod stage Operations Fairly mature and modern stack and process Key principles Self-enablement Scalability Security Automation 15
  • 16. 16