Skip to content

Replaced bitnami kafka image with Apache Kafka #7762

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
yurishkuro merged 3 commits into from
Jan 6, 2026
Merged

Replaced bitnami kafka image with Apache Kafka #7762

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
058ffc7
Replaced bitnami kafka image with Apache Kafka
SomilJain0112 Dec 23, 2025
c04ad3f
Make CLUSTER_ID Plaintext and fixed KAFKA_ADVERTISED_LISTENERS
SomilJain0112 Jan 5, 2026
d5e6fd1
Removed unused ports and code
SomilJain0112 Jan 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 4 additions & 6 deletions .github/workflows/ci-e2e-kafka.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,8 @@ jobs:
strategy:
fail-fast: false
matrix:
jaeger-version: [v2]
kafka-version: ["3.x"]
name: kafka ${{matrix.kafka-version }} ${{ matrix.jaeger-version }}
name: kafka ${{ matrix.kafka-version }} v2
steps:
- name: Harden Runner
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
Expand All @@ -34,16 +33,15 @@ jobs:

- name: Run kafka integration tests
id: test-execution
run: bash scripts/e2e/kafka.sh -j ${{ matrix.jaeger-version }} -v ${{ matrix.kafka-version }}
run: bash scripts/e2e/kafka.sh -v ${{ matrix.kafka-version }}

- uses: ./.github/actions/verify-metrics-snapshot
if: matrix.jaeger-version == 'v2'
with:
snapshot: metrics_snapshot_kafka
artifact_key: metrics_snapshot_kafka_${{ matrix.jaeger-version }}
artifact_key: metrics_snapshot_kafka_v2

- name: Upload coverage to codecov
uses: ./.github/actions/upload-codecov
with:
files: cover.out
flags: kafka-${{ matrix.kafka-version }}-${{ matrix.jaeger-version }}
flags: kafka-${{ matrix.kafka-version }}-v2
2 changes: 1 addition & 1 deletion cmd/jaeger/config-kafka-collector.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ processors:
exporters:
kafka:
brokers:
- localhost:9092
- ${env:KAFKA_BROKER:-localhost:9092}
traces:
topic: ${env:KAFKA_TOPIC:-jaeger-spans}
encoding: ${env:KAFKA_ENCODING:-otlp_proto}
6 changes: 3 additions & 3 deletions docker-compose/kafka/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

This `docker compose` environment provides a sample configuration of Jaeger deployment utilizing collector-Kafka-ingester pipeline with jaeger-v2 unified binary. Storage is provided by the `jaeger-remote-storage` service running memstore.

The setup uses **Apache Kafka 3.9.0** running in KRaft mode.

Jaeger UI can be accessed at http://localhost:16686/, as usual, and refreshing the screen should produce internal traces.

```mermaid
Expand All @@ -11,10 +13,8 @@ graph LR
I --> S[jaeger-remote-storage]
UI[jaeger v2<br>query mode<br>Jaeger UI] --> S
S --> MemStore
KafkaBroker --> ZooKeeper
subgraph Kafka
subgraph Kafka KRaft
KafkaBroker
ZooKeeper
end
subgraph Shared Storage
S
Expand Down
42 changes: 8 additions & 34 deletions docker-compose/kafka/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,35 +1,7 @@
services:
zookeeper:
image: bitnami/zookeeper@sha256:95655e9d5653bd132b07eb3aaed2ba49bb5b175853df20e82fe1fcb0d4a28579
ports:
- 2181:2181
environment:
- ALLOW_ANONYMOUS_LOGIN=yes
kafka:
image: index.docker.io/bitnami/[email protected]
ports:
- '9092:9092'
environment:
- KAFKA_BROKER_ID=1
- KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1
- KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181
- ALLOW_PLAINTEXT_LISTENER=yes
- KAFKA_LISTENERS=INTERNAL://0.0.0.0:9092,OUTSIDE://0.0.0.0:9094
- KAFKA_ADVERTISED_LISTENERS=INTERNAL://kafka:9092,OUTSIDE://localhost:9094
- KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=INTERNAL:PLAINTEXT,OUTSIDE:PLAINTEXT
- KAFKA_INTER_BROKER_LISTENER_NAME=INTERNAL
restart: always
depends_on:
- zookeeper
links:
- zookeeper
healthcheck:
test: ["CMD-SHELL", "kafka-topics.sh --list --bootstrap-server 127.0.0.1:9092"]
interval: 5s
timeout: 5s
retries: 3
start_period: 5s
include:
- path: v3/docker-compose.yml

services:
jaeger-remote-storage:
image: cr.jaegertracing.io/jaegertracing/jaeger-remote-storage@sha256:e78c6093ac38f7cdccf0877750bb21f2cbcc08c2fd3e578966b5796a31f26643
ports:
Expand All @@ -49,13 +21,14 @@ services:
command:
- "--config=/etc/jaeger/config.yaml"
environment:
- KAFKA_BROKER=kafka:9092
- KAFKA_TOPIC=jaeger-spans
- KAFKA_ENCODING=otlp_proto
ports:
- 4318:4318
- 14250:14250
healthcheck:
test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:14269/ || exit 1"]
test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:13133/status || exit 1"]
interval: 5s
timeout: 5s
retries: 3
Expand All @@ -72,10 +45,11 @@ services:
command:
- "--config=/etc/jaeger/config.yaml"
environment:
- KAFKA_BROKER=kafka:9092
- KAFKA_TOPIC=jaeger-spans
- KAFKA_ENCODING=otlp_proto
healthcheck:
test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:14133/ || exit 1"]
test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:14133/status || exit 1"]
interval: 5s
timeout: 5s
retries: 3
Expand Down Expand Up @@ -104,7 +78,7 @@ services:
- "16687"
restart: on-failure
healthcheck:
test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:16687/ || exit 1"]
test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:13133/status || exit 1"]
interval: 5s
timeout: 5s
retries: 3
Expand Down
2 changes: 1 addition & 1 deletion docker-compose/kafka/jaeger-ingester-remote-storage.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ extensions:
receivers:
kafka:
brokers:
- kafka:9092
- ${env:KAFKA_BROKER:-kafka:9092}
traces:
topic: ${env:KAFKA_TOPIC:-jaeger-spans}
encoding: ${env:KAFKA_ENCODING:-otlp_proto}
Expand Down
59 changes: 20 additions & 39 deletions docker-compose/kafka/v3/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,53 +1,34 @@
version: "3"
services:
kafka:
image: bitnami/kafka:3.9.0@sha256:55df55bfc7ed5980447387620afa3498eab3985a4d8c731013d82b3fa8b43bff
user: "0:0" # Run as root to avoid permission issues
image: apache/kafka:3.9.0
hostname: kafka
ports:
- "9092:9092"
- "9093:9093"
- "9094:9094"
- "9095:9095"
volumes:
- ../../../internal/config/tlscfg/testdata:/bitnami/kafka/config/certs
Copy link
Member

@yurishkuro yurishkuro Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so if we are not mapping certs, do we still need all the functionality in generate_jks_files() in kafka.sh?

@Parship12 what was the intent of introducing those in #7395 ? It seems our Kafka exporter config is pretty vanilla without any authentication

  kafka:
    brokers:
      - ${env:KAFKA_BROKER:-localhost:9092}
    traces:
      topic: ${env:KAFKA_TOPIC:-jaeger-spans}
      encoding: ${env:KAFKA_ENCODING:-otlp_proto}

Copy link
Contributor

@Parship12 Parship12 Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that's correct - those ports were added in #7395 to support testing diff authentication methods. However, after looking at the actual tests, i noticed that:

Current situation is the infrastructure exists (ports 9092, 9093, 9095 with PLAINTEXT, SASL_SSL, SASL_PLAINTEXT), generate_jks_files().

BUT the actual integration tests in kafka_test.go only connect to localhost:9092 (PLAINTEXT), no tests actually use the SASL_SSL (9093) or SASL_PLAINTEXT (9095). (ignoring the usage in this PR #7762)

The code fix from #7395 (supporting TLS with different auth methods) works correctly, but the test infrastructure to verify it was never actually used.

Should I raise a PR to simplify it? (remove unused ports 9093/9095 and generate_jks_files(), JKS/SSL/SASL configuration, certificate volume mounting, so it will be simplified to PLAINTEXT Kafka on port 9092 only).

Copy link
Member

@yurishkuro yurishkuro Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The ports are already being removed / simplified in this PR. I think it's ok for us to not test auth permutations, since we're just using the upstream exporter/receiver.

- kafka-data:/bitnami
- kafka-data:/var/lib/kafka/data
environment:
# KRaft settings
- KAFKA_CFG_NODE_ID=1
- KAFKA_CFG_PROCESS_ROLES=controller,broker
- KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=1@localhost:9096
# Listeners
- KAFKA_CFG_LISTENERS=PLAINTEXT://:9092,CONTROLLER://:9096,SASL_SSL://:9093,SASL_PLAINTEXT://:9095
- KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://127.0.0.1:9092,SASL_SSL://127.0.0.1:9093,SASL_PLAINTEXT://127.0.0.1:9095
- KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT,SASL_SSL:SASL_SSL,SASL_PLAINTEXT:SASL_PLAINTEXT
- KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER
- KAFKA_CFG_INTER_BROKER_LISTENER_NAME=PLAINTEXT
# SASL Configuration
- KAFKA_CFG_SASL_ENABLED_MECHANISMS=PLAIN
- KAFKA_CLIENT_USERS=admin
- KAFKA_CLIENT_PASSWORDS=admin-secret
# SSL Configuration
- KAFKA_TLS_TYPE=JKS
- KAFKA_CFG_SSL_KEYSTORE_LOCATION=/bitnami/kafka/config/certs/kafka.keystore.jks
- KAFKA_CFG_SSL_KEYSTORE_PASSWORD=kafkapass123
- KAFKA_CFG_SSL_KEY_PASSWORD=kafkapass123
- KAFKA_CFG_SSL_TRUSTSTORE_LOCATION=/bitnami/kafka/config/certs/kafka.truststore.jks
- KAFKA_CFG_SSL_TRUSTSTORE_PASSWORD=kafkapass123
# Allow plaintext listener for development
- ALLOW_PLAINTEXT_LISTENER=yes
# Debug mode for more verbose logs
- BITNAMI_DEBUG=true
# KRaft settings (no ZooKeeper needed)
KAFKA_NODE_ID: 1
KAFKA_PROCESS_ROLES: broker,controller
KAFKA_CONTROLLER_QUORUM_VOTERS: 1@kafka:9094

KAFKA_LISTENERS: PLAINTEXT://:9092,CONTROLLER://:9094
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://localhost:9092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
# Additional settings
- KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=true
# Force skip KRaft initialization if already done
- KAFKA_SKIP_KRAFT_STORAGE_INITIALIZATION=yes
# KRaft cluster ID
- KAFKA_KRAFT_CLUSTER_ID=MkU3OEVBNTcwNTJENDM2Qg
KAFKA_AUTO_CREATE_TOPICS_ENABLE: "true"
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
# CLUSTER_ID for KRaft
CLUSTER_ID: test_kafka_cluster_id
healthcheck:
test:
[
"CMD-SHELL",
"kafka-topics.sh --list --bootstrap-server localhost:9092",
"/opt/kafka/bin/kafka-topics.sh --list --bootstrap-server localhost:9092",
]
interval: 30s
timeout: 10s
Expand Down
74 changes: 4 additions & 70 deletions scripts/e2e/kafka.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,25 +6,20 @@
set -euf -o pipefail

compose_file=""
jaeger_version="v2"
kafka_version="v3"
manage_kafka="true"
success="false"

usage() {
echo "Usage: $0 [-S] [-j <jaeger_version>] [-v <kafka_version>]"
echo "Usage: $0 [-S] [-v <kafka_version>]"
echo " -S: 'no storage' - do not start or stop Kafka container (useful for local testing)"
echo " -j: major version of Jaeger to test (v1|v2); default: v2"
echo " -v: kafka major version (3.x); default: 3.x"
exit 1
}

parse_args() {
while getopts "j:v:Sh" opt; do
while getopts "v:Sh" opt; do
case "${opt}" in
j)
jaeger_version=${OPTARG}
;;
v)
case ${OPTARG} in
3.x)
Expand All @@ -47,61 +42,9 @@ parse_args() {
;;
esac
done
if [[ "$jaeger_version" != "v1" && "$jaeger_version" != "v2" ]]; then
echo "Error: Invalid Jaeger version. Valid options are v1 or v2"
usage
fi
compose_file="docker-compose/kafka/${kafka_version}/docker-compose.yml"
}

generate_jks_files() {
local cert_dir="internal/config/tlscfg/testdata"
local password="kafkapass123"

echo "Generating Kafka JKS files..."

# Remove existing JKS files if they exist
rm -f "${cert_dir}/kafka.keystore.jks"
rm -f "${cert_dir}/kafka.truststore.jks"

# Create temporary PKCS12 file from server certificate and key
local temp_p12="${cert_dir}/temp-server.p12"

# Generate PKCS12 keystore from server certificate and private key
openssl pkcs12 -export \
-in "${cert_dir}/example-server-cert.pem" \
-inkey "${cert_dir}/example-server-key.pem" \
-out "${temp_p12}" \
-name kafka \
-passout pass:${password}

# Convert PKCS12 to JKS keystore
keytool -importkeystore \
-deststorepass ${password} \
-destkeypass ${password} \
-destkeystore "${cert_dir}/kafka.keystore.jks" \
-srckeystore "${temp_p12}" \
-srcstoretype PKCS12 \
-srcstorepass ${password} \
-alias kafka \
-noprompt

# Create truststore with CA certificate
keytool -import \
-alias caroot \
-file "${cert_dir}/example-CA-cert.pem" \
-keystore "${cert_dir}/kafka.truststore.jks" \
-storepass ${password} \
-noprompt

# Clean up temporary file
rm -f "${temp_p12}"

echo "JKS files generated successfully:"
echo " - ${cert_dir}/kafka.keystore.jks"
echo " - ${cert_dir}/kafka.truststore.jks"
}

setup_kafka() {
echo "Starting Kafka using Docker Compose..."
docker compose -f "${compose_file}" up -d kafka
Expand All @@ -123,7 +66,7 @@ teardown_kafka() {

is_kafka_ready() {
docker compose -f "${compose_file}" \
exec kafka /opt/bitnami/kafka/bin/kafka-topics.sh \
exec kafka /opt/kafka/bin/kafka-topics.sh \
--list \
--bootstrap-server localhost:9092 \
>/dev/null 2>&1
Expand All @@ -148,26 +91,17 @@ wait_for_kafka() {

run_integration_test() {
export STORAGE=kafka
if [ "${jaeger_version}" = "v1" ]; then
make storage-integration-test
elif [ "${jaeger_version}" = "v2" ]; then
make jaeger-v2-storage-integration-test
else
echo "Unknown Jaeger version ${jaeger_version}."
usage
fi
make jaeger-v2-storage-integration-test
}

main() {
parse_args "$@"

echo "Executing Kafka integration test."
echo "Kafka version ${kafka_version}."
echo "Jaeger version ${jaeger_version}."
set -x

if [[ "$manage_kafka" == "true" ]]; then
generate_jks_files
setup_kafka
trap 'teardown_kafka' EXIT
fi
Expand Down
Loading