KubeBlocks
BlogsEnterprise
⌘K
​
Blogs
Open Source · Production-Grade · CNCF Landscape

KubeBlocks Kafka Operator for Kubernetes

Deploy production-grade Apache Kafka clusters in minutes. KRaft mode, declarative topic management, SASL & TLS security, and full Day-2 operations.

Try Playground Free →Read the Docs

3

Deployment Modes

100%

Open Source

Deploy Kafka in 3 steps

1

Install KubeBlocks

# Add Helm repo
helm repo add kubeblocks https://apecloud.github.io/helm-charts
helm repo update

# Install KubeBlocks
helm install kubeblocks kubeblocks/kubeblocks \
  --namespace kb-system --create-namespace
2

Deploy a KRaft Combined Cluster

apiVersion: apps.kubeblocks.io/v1
kind: Cluster
metadata:
  name: kafka-cluster
  namespace: demo
spec:
  terminationPolicy: Delete
  clusterDef: kafka
  topology: combined_monitor  # or separated_monitor
  componentSpecs:
    - name: kafka-combine
      replicas: 3
3

Cluster is Ready

$ kubectl get cluster kafka-cluster -n demo
NAME            CLUSTER-DEF   TOPOLOGY           STATUS    AGE
kafka-cluster   kafka         combined_monitor   Running   3m

Trusted by Engineering Teams at Scale

BONC CloudBONC Cloud
China Mobile CloudChina Mobile Cloud
China Telecom CloudChina Telecom Cloud
TencentTencent
XiaomiXiaomi
Ping AnPing An
VIP.comVIP.com
KwaiKwai
Tiger BrokersTiger Brokers
CITIC SecuritiesCITIC Securities
SealOSSealOS
FastGPTFastGPT
KubeSphereKubeSphere
MomentaMomenta
360360
TilaaTilaa
OlaresOlares
Changan AutomobileChangan Automobile
State GridState Grid
BONC CloudBONC Cloud
China Mobile CloudChina Mobile Cloud
China Telecom CloudChina Telecom Cloud
TencentTencent
XiaomiXiaomi
Ping AnPing An
VIP.comVIP.com
KwaiKwai
Tiger BrokersTiger Brokers
CITIC SecuritiesCITIC Securities
SealOSSealOS
FastGPTFastGPT
KubeSphereKubeSphere
MomentaMomenta
360360
TilaaTilaa
OlaresOlares
Changan AutomobileChangan Automobile
State GridState Grid
Kafka Topologies

Combined or Separated. One Operator.

Choose Combined mode for simplicity or Separated mode for independent scaling at large scale — both run on modern KRaft without ZooKeeper.

Each node acts as both a Kafka broker and a KRaft controller. The metadata quorum and message storage run on the same pods. Ideal for development, testing, and small-to-medium production clusters where operational simplicity matters.

✓

Broker and controller roles on the same pods

✓

No ZooKeeper dependency — pure KRaft consensus

✓

Quorum of 3 nodes handles both metadata and data

✓

Simpler architecture with fewer moving parts

✓

SASL/TLS security can be enabled independently

KRaft
Dev & Small Production
Simpler Operations
Producer / Consumer
Bootstrap seed list  kafka-cluster-kafka-combine-advertised-listener-0:9092,...
Per-pod (direct)  kafka-{n}.kafka-cluster-kafka-combine-headless:9092
bootstrap → fetch metadata → connect to partition leaders
Kubernetes Services
kafka-cluster-kafka-combine-advertised-listener-{n}
ClusterIP · :9092 (one per pod, podService: true)
Use all per-pod addresses as bootstrap seed list
per-pod bootstrap
→ partition leader pods (direct advertised address)
Combined Nodes (kafka-combine) · Worker Nodes
kafka-0BROKER+CTRL
BrokerController
kafka:9092 · :9093 · :9094
jmx-exporter:5556 metrics
PVC data-0 · log dir
kafka-1BROKER+CTRL
BrokerController
kafka:9092 · :9093 · :9094
jmx-exporter:5556 metrics
PVC data-1 · log dir
kafka-2BROKER+CTRL
BrokerController
kafka:9092 · :9093 · :9094
jmx-exporter:5556 metrics
PVC data-2 · log dir
KRaft Quorum (port :9093)same kafka container on each node — not a separate metadata deployment · Raft consensus for cluster metadata · one active controller at a time
Headless service — per-pod DNS for advertised listener addresses; Kafka clients connect to partition leaders directly
Client Traffic (:9092)
KRaft Controller Quorum (:9093)
Internal Replication (:9094)
Persistent Storage
Comparison

How KubeBlocks Compares to Other Kafka Operators

A feature-by-feature breakdown based on publicly available documentation.

FeatureKubeBlocksStrimziConfluent for K8s
Open Source✓✓✗
KRaft Mode✓✓✓
ZooKeeper Mode (legacy)✓✓✓
Combined Mode (broker+controller)✓✓✓
Separated Mode✓✓✓
TLS Encryption✓✓✓
SASL (SCRAM-SHA-256/512)✓✓✓
Topic management✓✓✓
ACL management✓✓✓
Quota management✓✓✓
Dynamic config (no restart)~~~
Horizontal scaling (broker)✓✓✓
Minor version rolling upgrade✓✓✓
Prometheus metrics✓✓✓
Web management UIEnterprise✗✓

✓ = Supported · ~ = Partial / Limited · ✗ = Not supported

Enterpriseindicates a capability available in KubeBlocks Enterprise, not the open-source distribution. Contact us for licensing →

Based on publicly available documentation. Features may vary by version.

Capabilities

Built for Production Kafka

KubeBlocks automates the hardest parts of running Apache Kafka on Kubernetes — so your team doesn't have to.

↻
Rolling Broker Upgrade
Brokers are upgraded one by one. Producers and consumers experience minimal client impact during the rolling restart.
Minimal Cutover
Step 1 — Initial
broker-0
3.7.1
broker-1
3.7.1
broker-2
3.7.1
›
Step 2 — Upgrade
broker-0
3.7.1
broker-1
3.9.0
broker-2
upgrading…
›
Step 3 — Finish
broker-0
upgrading…
broker-1
3.9.0
broker-2
3.9.0
›
Step 4 — Done
broker-0
3.9.0
broker-1
3.9.0
broker-2
3.9.0
Producer & Consumer Traffic
✓ Minimal Client Impact
Day-2 Operations

Every Operation Declared as a Kubernetes Resource

No SSH into brokers, no direct kafka-topics.sh calls. Submit an OpsRequest and KubeBlocks handles the rest.

Kafka-Native Operations

✓

Topic Management

Create, alter, and delete topics declaratively via OpsRequest — set partition count, replication factor, and per-topic config.

✓

ACL Management

Grant and revoke fine-grained producer/consumer/admin permissions per user, host, and resource pattern via OpsRequest.

✓

Quota Management

Set per-user and per-client bandwidth throttles (producerByteRate, consumerByteRate, requestPercentage) without direct broker config.

✓

Horizontal Scaling

Add or remove broker nodes online. KubeBlocks handles pod lifecycle; use Kafka Cruise Control or kbcli for partition rebalancing.

✓

Vertical Scaling

Resize CPU and memory requests/limits on running broker or controller pods with minimal disruption.

✓

Volume Expansion

Expand PVC storage on broker nodes without pod restarts on supported storage classes.

✓

Stop / Start

Suspend the cluster to save compute cost, then resume with full state preserved.

Security, Configuration & Observability

✓

TLS Encryption

Enable in-flight TLS for client and inter-broker connections. Certificates auto-issued via cert-manager or the built-in KubeBlocks issuer.

✓

SASL Authentication

SCRAM-SHA-256/512 authentication for client and broker connections. Credentials managed as Kubernetes Secrets.

✓

Dynamic Configuration

Tune Kafka broker parameters via OpsRequest — changes applied without broker restart where the config supports it.

✓

Minor Version Upgrade

Rolling broker-by-broker upgrades across Kafka 3.x minor versions with automated health checks.

✓

Prometheus Metrics

Per-broker JMX Exporter sidecar (port 5556) for JVM metrics, plus a dedicated kafka-exporter pod (port 9308) for consumer group lag, partition offsets, and topic throughput. Grafana dashboards included.

Also on KubeBlocks

Apache ZooKeeper Operator for Kubernetes →

Running Kafka 2.x with an external ZooKeeper ensemble? KubeBlocks ZooKeeper Operator manages production-grade ZooKeeper clusters with ZAB consensus, quorum-safe scaling, and snapshot backup — on the same platform as Kafka.

Get Started

Get Started with KubeBlocks Kafka Operator, Risk-Free.

Open source and production-ready. Enterprise customers get dedicated onboarding, migration support, and SLA guarantees.

Try Playground Free →Talk to the Team
✓Open Source
✓Kafka & 35+ other engines
✓KRaft — no ZooKeeper
✓No vendor lock-in

© 2026 KUBEBLOCKS INC