[Kafka] Change Kafka installation - multi namespace support#213
Merged
shay79il merged 2 commits intomlrun:developmentfrom Feb 3, 2026
Merged
Conversation
shay79il
force-pushed
the
CEML-492-change-kafka-installation
branch
2 times, most recently
from
e2f8281 to
db827ac
Compare
Collaborator
|
Looks good, can you edit the |
There was a problem hiding this comment.
Pull request overview
This PR migrates the Kafka deployment from Bitnami Kafka to the Strimzi Kafka Operator, enabling multi-namespace support and modernizing the Kafka infrastructure with KRaft mode (ZooKeeper-less operation).
Key Changes:
- Replaced Bitnami Kafka chart dependency with Strimzi Kafka Operator (version 0.48.0)
- Introduced new Kubernetes custom resources for Kafka deployment including KafkaNodePool, Kafka cluster, RBAC resources, and network policies
- Configured single-node Kafka cluster with KRaft mode for simplified deployment
Reviewed changes
Copilot reviewed 8 out of 10 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| charts/mlrun-ce/values.yaml | Replaced Bitnami Kafka configuration with Strimzi operator values, including storage, resources, listeners, and RBAC settings; removed unrelated minio image config |
| charts/mlrun-ce/templates/kafka/kafka-cluster.yaml | Added Kafka custom resource definition for Strimzi operator with listener and config management |
| charts/mlrun-ce/templates/kafka/kafka-nodepool.yaml | Added KafkaNodePool resource for KRaft-mode Kafka cluster management |
| charts/mlrun-ce/templates/kafka/kafka-rbac.yaml | Created RBAC resources (ServiceAccount, Role, RoleBinding) for cross-namespace Kafka access |
| charts/mlrun-ce/templates/kafka/kafka-network-policy.yaml | Added NetworkPolicy to control egress traffic to Kafka cluster across namespaces |
| charts/mlrun-ce/templates/kafka/kafka-bootstrap-alias.yaml | Created service alias for simplified Kafka bootstrap server naming |
| charts/mlrun-ce/requirements.yaml | Updated chart dependency from bitnami/kafka to strimzi-kafka-operator |
| charts/mlrun-ce/requirements.lock | Updated lock file with new Strimzi operator dependency and digest |
| charts/mlrun-ce/Chart.yaml | Bumped chart version from 0.10.0-rc5 to 0.10.0-rc6 |
| .gitignore | Added comprehensive .DS_Store file patterns for macOS |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
shay79il
force-pushed
the
CEML-492-change-kafka-installation
branch
2 times, most recently
from
f7d0d5d to
2ad98a4
Compare
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
shay79il
force-pushed
the
CEML-492-change-kafka-installation
branch
4 times, most recently
from
0034134 to
71e385e
Compare
Collaborator
Author
MLRun CE Install GuidePrerequisites1) Install ingress-nginx (optional)If you want ingress URLs to work on k8s kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.3/deploy/static/provider/cloud/deploy.yaml
kubectl rollout status -n ingress-nginx deployment/ingress-nginx-controller --timeout=2m2) Add /etc/hosts entries (per namespace)Add these for EACH namespace you deploy (example for sudo /bin/sh -c 'printf "\n# mlrun-hosts:mlrun:docker-desktop BEGIN\n127.0.0.1 jupyter.mlrun.docker-desktop.lab.iguazeng.com\n127.0.0.1 mlrun-ui.mlrun.docker-desktop.lab.iguazeng.com\n127.0.0.1 mlrun-api.mlrun.docker-desktop.lab.iguazeng.com\n127.0.0.1 nuclio.mlrun.docker-desktop.lab.iguazeng.com\n127.0.0.1 s3.mlrun.docker-desktop.lab.iguazeng.com\n127.0.0.1 minio-console.mlrun.docker-desktop.lab.iguazeng.com\n127.0.0.1 tdengine.mlrun.docker-desktop.lab.iguazeng.com\n# mlrun-hosts:mlrun:docker-desktop END\n" >> /etc/hosts'To remove: sudo /bin/sh -c "sed -i '' '/# mlrun-hosts:mlrun:docker-desktop BEGIN/,/# mlrun-hosts:mlrun:docker-desktop END/d' /etc/hosts"3) Single namespace (no controller)Note: helm upgrade --install mlrun \
-n mlrun --create-namespace \
--insecure-skip-tls-verify \
ce/charts/mlrun-ce \
-f ce/charts/mlrun-ce/values.yaml \
--set mlrun.api.ingress.enabled=true \
--set mlrun.ui.ingress.enabled=true \
--set jupyterNotebook.ingress.enabled=true \
--set minio.ingress.enabled=true \
--set minio.consoleIngress.enabled=true \
--set nuclio.dashboard.ingress.enabled=true \
--set tdengine.ingress.enabled=true \
--set-string=mlrun.api.ingress.hosts[0].host=mlrun-api.mlrun.docker-desktop.lab.iguazeng.com \
--set-string=mlrun.ui.ingress.hosts[0].host=mlrun-ui.mlrun.docker-desktop.lab.iguazeng.com \
--set-string=jupyterNotebook.ingress.hosts[0].host=jupyter.mlrun.docker-desktop.lab.iguazeng.com \
--set-string=nuclio.dashboard.ingress.hosts[0]=nuclio.mlrun.docker-desktop.lab.iguazeng.com \
--set-string=minio.ingress.hosts[0]=s3.mlrun.docker-desktop.lab.iguazeng.com \
--set-string=minio.consoleIngress.hosts[0]=minio-console.mlrun.docker-desktop.lab.iguazeng.com \
--set-string=tdengine.ingress.hosts[0]=tdengine.mlrun.docker-desktop.lab.iguazeng.com \
--set-string=mlrun.api.ingress.hosts[0].paths[0].path=/ \
--set-string=mlrun.api.ingress.hosts[0].paths[0].pathType=Prefix \
--set-string=mlrun.ui.ingress.hosts[0].paths[0].path=/ \
--set-string=mlrun.ui.ingress.hosts[0].paths[0].pathType=Prefix \
--set mlrun.api.ingress.ingressClassName=nginx \
--set mlrun.ui.ingress.ingressClassName=nginx \
--set jupyterNotebook.ingress.ingressClassName=nginx \
--set minio.ingress.ingressClassName=nginx \
--set minio.consoleIngress.ingressClassName=nginx \
--set nuclio.dashboard.ingress.ingressClassName=nginx \
--set tdengine.ingress.ingressClassName=nginx4) Multi namespace (controller + per‑namespace)4.1) Controller (once)helm upgrade --install mlrun-ce-controller \
-n controller --create-namespace \
--insecure-skip-tls-verify \
ce/charts/mlrun-ce \
-f ce/charts/mlrun-ce/admin_installation_values.yaml4.2) Namespace install (repeat per namespace)Replace Choose one values file:
Note: helm upgrade --install <ns> \
-n <ns> --create-namespace \
--insecure-skip-tls-verify \
ce/charts/mlrun-ce \
-f ce/charts/mlrun-ce/non_admin_cluster_ip_installation_values.yaml \
--set mlrun.api.ingress.enabled=true \
--set mlrun.ui.ingress.enabled=true \
--set jupyterNotebook.ingress.enabled=true \
--set minio.ingress.enabled=true \
--set minio.consoleIngress.enabled=true \
--set nuclio.dashboard.ingress.enabled=true \
--set tdengine.ingress.enabled=true \
--set-string=mlrun.api.ingress.hosts[0].host=mlrun-api.<ns>.<cluster>.lab.iguazeng.com \
--set-string=mlrun.ui.ingress.hosts[0].host=mlrun-ui.<ns>.<cluster>.lab.iguazeng.com \
--set-string=jupyterNotebook.ingress.hosts[0].host=jupyter.<ns>.<cluster>.lab.iguazeng.com \
--set-string=nuclio.dashboard.ingress.hosts[0]=nuclio.<ns>.<cluster>.lab.iguazeng.com \
--set-string=minio.ingress.hosts[0]=s3.<ns>.<cluster>.lab.iguazeng.com \
--set-string=minio.consoleIngress.hosts[0]=minio-console.<ns>.<cluster>.lab.iguazeng.com \
--set-string=tdengine.ingress.hosts[0]=tdengine.<ns>.<cluster>.lab.iguazeng.com \
--set-string=mlrun.api.ingress.hosts[0].paths[0].path=/ \
--set-string=mlrun.api.ingress.hosts[0].paths[0].pathType=Prefix \
--set-string=mlrun.ui.ingress.hosts[0].paths[0].path=/ \
--set-string=mlrun.ui.ingress.hosts[0].paths[0].pathType=Prefix \
--set mlrun.api.ingress.ingressClassName=nginx \
--set mlrun.ui.ingress.ingressClassName=nginx \
--set jupyterNotebook.ingress.ingressClassName=nginx \
--set minio.ingress.ingressClassName=nginx \
--set minio.consoleIngress.ingressClassName=nginx \
--set nuclio.dashboard.ingress.ingressClassName=nginx \
--set tdengine.ingress.ingressClassName=nginxNodePort variant (manual)If you prefer NodePort instead of ClusterIP, replace the ClusterIP values file: helm upgrade --install <ns> \
-n <ns> --create-namespace \
--insecure-skip-tls-verify \
ce/charts/mlrun-ce \
-f ce/charts/mlrun-ce/non_admin_installation_values.yaml \
--set mlrun.api.ingress.enabled=true \
--set mlrun.ui.ingress.enabled=true \
--set jupyterNotebook.ingress.enabled=true \
--set minio.ingress.enabled=true \
--set minio.consoleIngress.enabled=true \
--set nuclio.dashboard.ingress.enabled=true \
--set tdengine.ingress.enabled=true \
--set-string=mlrun.api.ingress.hosts[0].host=mlrun-api.<ns>.<cluster>.lab.iguazeng.com \
--set-string=mlrun.ui.ingress.hosts[0].host=mlrun-ui.<ns>.<cluster>.lab.iguazeng.com \
--set-string=jupyterNotebook.ingress.hosts[0].host=jupyter.<ns>.<cluster>.lab.iguazeng.com \
--set-string=nuclio.dashboard.ingress.hosts[0]=nuclio.<ns>.<cluster>.lab.iguazeng.com \
--set-string=minio.ingress.hosts[0]=s3.<ns>.<cluster>.lab.iguazeng.com \
--set-string=minio.consoleIngress.hosts[0]=minio-console.<ns>.<cluster>.lab.iguazeng.com \
--set-string=tdengine.ingress.hosts[0]=tdengine.<ns>.<cluster>.lab.iguazeng.com \
--set-string=mlrun.api.ingress.hosts[0].paths[0].path=/ \
--set-string=mlrun.api.ingress.hosts[0].paths[0].pathType=Prefix \
--set-string=mlrun.ui.ingress.hosts[0].paths[0].path=/ \
--set-string=mlrun.ui.ingress.hosts[0].paths[0].pathType=Prefix \
--set mlrun.api.ingress.ingressClassName=nginx \
--set mlrun.ui.ingress.ingressClassName=nginx \
--set jupyterNotebook.ingress.ingressClassName=nginx \
--set minio.ingress.ingressClassName=nginx \
--set minio.consoleIngress.ingressClassName=nginx \
--set nuclio.dashboard.ingress.ingressClassName=nginx \
--set tdengine.ingress.ingressClassName=nginxVerifykubectl get pods -n <ns>
kubectl get ing -n <ns> |
shay79il
force-pushed
the
CEML-492-change-kafka-installation
branch
5 times, most recently
from
6e02bc0 to
e3de3b0
Compare
shay79il
force-pushed
the
CEML-492-change-kafka-installation
branch
from
e3de3b0 to
c816ba7
Compare
shay79il
force-pushed
the
CEML-492-change-kafka-installation
branch
from
c816ba7 to
6c59fc0
Compare
Add Strimzi Kafka operator configuration and update values for Kafka deployment [JIRA](https://iguazio.atlassian.net/browse/CEML-492)
- Add post-install/post-upgrade hooks to kafka-cluster.yaml - Add post-install/post-upgrade hooks to kafka-nodepool.yaml - Set hook-weight to 5 to ensure they run after operator installation This fixes the 'resource mapping not found' error when deploying Kafka CRs before the Strimzi CRDs are installed.
shay79il
force-pushed
the
CEML-492-change-kafka-installation
branch
from
eede2af to
5b4ad90
Compare
GiladShapira94
approved these changes
Feb 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Migrating bitnami kafka to Strimzi Kafka operator
Add Strimzi Kafka operator configuration
Update values for Kafka deployment
JIRA