Set up an Apache Kafka for BigQuery project

This document provides an overview of the procedures that you must follow to set up a Apache Kafka for BigQuery cluster.

Choose an interface option

With Apache Kafka for BigQuery, you can deploy, configure, and operate Kafka clusters by using a number of configuration options such as the following:

Your choice of a configuration option depends on your use case.

If you're new to Google Cloud and want to test Apache Kafka for BigQuery, then use the Google Cloud console or the gcloud CLI.

The Apache Kafka for BigQuery client libraries use the Apache Kafka for BigQuery API. The Apache Kafka for BigQuery API and the other Google APIs are best for custom automation and the recommended way of accessing these is through the client libraries.

Use the latest version of the client library. The client libraries are constantly being updated with new features and bug fixes. Ensure that you are using the latest version of the client library for your language. For more information about Apache Kafka for BigQuery client libraries, see Overview of Apache Kafka for BigQuery client libraries.

Decide whether you need granular access control

The simplest and default way to manage authorization for Kafka clusters is with the Apache Kafka for BigQuery API and Identity and Access Management(IAM). However, IAM doesn't allow access controls on individual resources.

If you would like to manage access control to individual topics, you must manage Kafka ACLs. Set up your Kafka ACLs before you create any resources to avoid migration later.

For more information about access control for Apache Kafka for BigQuery, see the following:

Workflow to create a Kafka cluster

Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Enable the Managed Kafka, Compute Engine, and Cloud DNS APIs.

Enable the APIs

Create a service account:

In the Google Cloud console, go to the Create service account page.
Go to Create service account
Select your project.
In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.

In the Service account description field, enter a description. For example, Service account for quickstart.
Click Create and continue.
Grant the Managed Kafka Admin role to the service account.

To grant the role, find the Select a role list, then select Managed Kafka Admin.

Note: The Role field affects which resources the service account can access in your project. You can revoke these roles or grant additional roles later. In production environments, do not grant the Owner, Editor, or Viewer roles. Instead, grant a predefined role or custom role that meets your needs.
Click Continue.
In the Service account users role field, enter the identifier for the principal that will attach the service account to other resources, such as Compute Engine instances.

This is typically the email address for a Google Account.
Click Done to finish creating the service account.

Do not close your browser window. You will use it in the next step.

Create a service account key:

In the Google Cloud console, click the email address for the service account that you created.
Click Keys.
Click Add key, and then click Create new key.
Click Create. A JSON key file is downloaded to your computer.
Click Close.

Install the Google Cloud CLI.

To initialize the gcloud CLI, run the following command:

gcloud init

Note: If you installed the gcloud CLI previously, make sure you have the latest version by running

gcloud components
      update