Getting Started
Where to start
Now that you understand the purpose of Self Service and you know where to find where, you want to get started. Depending on your situation, you either want to start from scratch with a new stream as indicated in the image below, or you want to consume the data on an existing stream.
I want to produce to or consume from an existing stream
-
Create an application in Self Service that represents your actual producer/consumer application (which is deployed somewhere)
-
Configure application principals for your application, so it can be authorized to produce to or consume from the stream. Note: you need to do this for every environment the application is running.
-
Request stream access, so your application can actually produce or consume.
I want to produce to a new stream
OR
Before creating a new stream (topic) most likely a schema must be discussed and finalized. This is currently outside the scope of Self Service. Once a schema has been developed and available for use, you can proceed with below steps to create a new stream in Self-Service.
-
Create a Stream in Self Service, with all the required information
-
Request produce access to the stream, as mentioned above.
I Want To Test My Application/Stream In My Own Environment
For this purpose, you need to Create a private environment
I Want To Authorize Stream Access To An Application
Refer to Authorizing stream access
I Want To Revoke Stream Access For An Application
See here how to do that.
I already have set up an application principal, why do I need a keystore/truststore with my application?
This is required due to the way mTLS is set up.
-
The keystore/truststore is used for the “authentication” phase, the mTLS layer (provided by the JVM running Kafka Broker), which checks key validity period and whether the “Signed by” entry is in the truststore on the Broker side, and vice versa of course.
-
What you upload in Self Service will be used by the Broker itself for the “authorisation” phase, and uses a Quorum that holds ACLs to check whether the provided certificate in the SSL context, combined with the topic it requests access too, is valid or not.
Is there a maximum to how many messages per second / hour / day can be processed?
Short answer: YES
Long answer: Yes, but it takes a while to reach. There are various criteria to the use case, but the most important ones are these:
-
Cost
-
Available bandwidth / Networking speed for both Broker and producer/consumer
-
Available CPU and memory to both Broker and producer/consumer
-
Average message-size and/or batch-size
-
Choice between throughput or latency
-
Producer client acknowledgement. Does a client want to know:
-
a message has been sent to Broker;
-
a message has been received by Broker;
-
a message has been successfully submitted by Broker and its replicas.
-
-
Writing/Reading speeds of the disk(s) in the Broker
If you have no value for retention, you might be able to mount a RAMdisk on the Broker and send millions of messages of 10 bytes each second without any confirmation by Broker and a retention of 4 seconds. But in general you will want at least some form of confirmation that Broker has received your message, as well as some hours of retention to be able to mitigate downtime from any component. This means that HDD/SSD disks come into play, lowering transmission speeds by definition. Or it becomes REALLY expensive, real quick.