obsidiandynamics/kafdrop

By obsidiandynamics

Updated 3 days ago

Kafdrop Docker image

Image
77

100M+

Kafdrop Docker Image

The official Docker image for Kafdrop — a web UI for monitoring Apache Kafka clusters. The tool displays information such as brokers, topics, partitions, consumers (including lag) and lets you view messages.

Overview Screenshot

Supporting JDK 11+, Kafka 2.x, Helm and Kubernetes, Kafdrop is a lightweight application that runs on Spring Boot and is dead-easy to configure, supporting SASL and TLS-secured brokers.

Running

docker run -d --rm -p 9000:9000 \
    -e KAFKA_BROKERCONNECT=host:port,host:port \
    -e JVM_OPTS="-Xms32M -Xmx64M" \
    -e SERVER_SERVLET_CONTEXTPATH="/" \
    obsidiandynamics/kafdrop:latest

Then access the UI at http://localhost:9000.

Note: As of Kafdrop 3.10.0, a ZooKeeper connection is no longer required. All necessary cluster information is retrieved via the Kafka admin API.

Environment variables:

  • KAFKA_BROKERCONNECT: Bootstrap list of Kafka host/port pairs.
  • JVM_OPTS: JVM options.
  • JMX_PORT: Port to use for JMX. No default; if unspecified, JMX will not be exposed.
  • HOST: The hostname to report for the RMI registry (used for JMX). Default: localhost.
  • SERVER_PORT: The web server port to listen on. Default: 9000.
  • SERVER_SERVLET_CONTEXTPATH: The context path to serve requests on (must end with a /). Default: /.
  • KAFKA_PROPERTIES: Additional properties to configure the broker connection (base-64 encoded).
  • KAFKA_TRUSTSTORE: Certificate for broker authentication (base-64 encoded). Required for TLS/SSL.
  • KAFKA_KEYSTORE: Private key for mutual TLS authentication (base-64 encoded).

Connecting to a Secure Broker

Kafdrop supports TLS (SSL) and SASL connections for encryption and authentication. This can be configured by providing a combination of the following files:

  • Truststore: specifying the certificate for authenticating brokers, if TLS is enabled.
  • Keystore: specifying the private key to authenticate the client to the broker, if mutual TLS authentication is required.
  • Properties file: specifying the necessary configuration, including key/truststore passwords, cipher suites, enabled TLS protocol versions, username/password pairs, etc. When supplying the truststore and/or keystore files, the ssl.truststore.location and ssl.keystore.location properties will be assigned automatically.

These files are supplied in base-64-encoded form via environment variables:

docker run -d --rm -p 9000:9000 \
    -e KAFKA_BROKERCONNECT=host:port,host:port \
    -e KAFKA_PROPERTIES=$(cat kafka.properties | base64) \
    -e KAFKA_TRUSTSTORE=$(cat kafka.truststore.jks | base64) \   # optional
    -e KAFKA_KEYSTORE=$(cat kafka.keystore.jks | base64) \       # optional
    obsidiandynamics/kafdrop

Hey there! We hope you really like Kafdrop! Please take a moment to ⭐the repo on GitHub or Tweet about it.

Docker Pull Command

docker pull obsidiandynamics/kafdrop