Strimzi — Run Apache Kafka on Kubernetes

Introduction

Strimzi is a CNCF Sandbox project that makes running Apache Kafka on Kubernetes a first-class experience. It provides a set of Kubernetes operators and Custom Resource Definitions (CRDs) that automate the deployment, configuration, scaling, and day-2 operations of Kafka clusters, Kafka Connect, MirrorMaker, and Schema Registry — all using declarative YAML.

What Strimzi Does

• Deploys Apache Kafka clusters as Kubernetes-native custom resources
• Manages Kafka Connect, MirrorMaker 2, and Kafka Bridge for data integration
• Automates rolling upgrades, certificate rotation, and configuration changes
• Provides built-in TLS encryption and SASL authentication for cluster security
• Supports rack-aware replication and node affinity for high availability

Architecture Overview

Strimzi consists of multiple operators. The Cluster Operator watches for Kafka CRDs and manages StatefulSets, Services, and ConfigMaps for broker nodes. The Topic Operator and User Operator handle Kafka topics and ACLs as Kubernetes resources. Each broker runs in its own pod with persistent volumes. Strimzi manages ZooKeeper (or KRaft mode) automatically and handles certificate lifecycle via its internal CA or an external cert-manager integration.

Self-Hosting & Configuration

• Install the operator via Helm, OLM (OpenShift), or plain YAML manifests
• Configure broker count, storage class, and resource limits in the Kafka CR spec
• Enable KRaft mode to eliminate ZooKeeper dependency with strimzi.io/kraft: enabled
• Set up TLS listeners with auto-generated or custom certificates
• Use Kafka Bridge to expose REST APIs for producers and consumers outside the cluster

Key Features

• Kubernetes-native CRDs for Kafka, KafkaConnect, KafkaTopic, and KafkaUser
• Automated rolling updates that maintain partition availability during upgrades
• Built-in metrics exporter compatible with Prometheus and Grafana dashboards
• Cruise Control integration for automatic partition rebalancing
• Support for both ZooKeeper and KRaft consensus modes

Comparison with Similar Tools

• Confluent for Kubernetes — commercial operator with more enterprise features but requires a license
• Amazon MSK — fully managed but locks you into AWS and limits customization
• Redpanda — Kafka-compatible alternative that does not require ZooKeeper but is a different engine
• Kubernetes StatefulSet (manual) — possible but loses automated upgrades, security, and monitoring

FAQ

Q: Does Strimzi support KRaft (no ZooKeeper)? A: Yes, KRaft mode is supported and is the recommended path for new deployments.

Q: Can I use Strimzi on any Kubernetes distribution? A: Yes, Strimzi works on EKS, GKE, AKS, OpenShift, k3s, and any conformant Kubernetes cluster.

Q: How does Strimzi handle Kafka version upgrades? A: Update the Kafka version in the CR spec and Strimzi performs a rolling upgrade, updating brokers one at a time.

Q: Does Strimzi manage Kafka Connect connectors? A: Yes, you can define KafkaConnector CRDs that the operator deploys and manages within a Kafka Connect cluster.

Sources

• https://github.com/strimzi/strimzi-kafka-operator
• https://strimzi.io