This document provides an overview of the procedures that you must follow to set up a Managed Service for Apache Kafka cluster.
Choose an interface option
With Managed Service for Apache Kafka, you can deploy, configure, and operate Kafka clusters by using a number of configuration options such as the following:
Your choice of a configuration option depends on your use case.
If you're new to Google Cloud and want to test Managed Service for Apache Kafka, then use the Google Cloud console or the gcloud CLI.
The Managed Service for Apache Kafka client libraries use the Managed Kafka API. The Managed Kafka API and the other Google APIs are best for custom automation and the recommended way of accessing these is through the client libraries.
Use the latest version of the client library. The client libraries are constantly being updated with new features and bug fixes. Ensure that you are using the latest version of the client library for your language. For more information about Managed Service for Apache Kafka client libraries, see Overview of Managed Service for Apache Kafka client libraries.
Decide whether you need granular access control
The simplest and default way to manage authorization for Kafka clusters is with the Managed Kafka API and Identity and Access Management (IAM). However, IAM doesn't allow access controls on individual resources.
If you would like to manage access control to individual topics, you must manage Kafka ACLs. Set up your Kafka ACLs before you create any resources to avoid migration later.
For more information about access control for Managed Service for Apache Kafka, see the following:
Workflow to create a Kafka cluster
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Managed Kafka API.
-
Create a service account:
-
In the Google Cloud console, go to the Create service account page.
Go to Create service account - Select your project.
-
In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.
In the Service account description field, enter a description. For example,
Service account for quickstart
. - Click Create and continue.
-
Grant the Managed Kafka Admin role to the service account.
To grant the role, find the Select a role list, then select Managed Kafka Admin.
- Click Continue.
-
In the Service account users role field, enter the identifier for the principal that will attach the service account to other resources, such as Compute Engine instances.
This is typically the email address for a Google Account.
-
Click Done to finish creating the service account.
Do not close your browser window. You will use it in the next step.
-
-
Create a service account key:
- In the Google Cloud console, click the email address for the service account that you created.
- Click Keys.
- Click Add key, and then click Create new key.
- Click Create. A JSON key file is downloaded to your computer.
- Click Close.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Managed Kafka API.
-
Create a service account:
-
In the Google Cloud console, go to the Create service account page.
Go to Create service account - Select your project.
-
In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.
In the Service account description field, enter a description. For example,
Service account for quickstart
. - Click Create and continue.
-
Grant the Managed Kafka Admin role to the service account.
To grant the role, find the Select a role list, then select Managed Kafka Admin.
- Click Continue.
-
In the Service account users role field, enter the identifier for the principal that will attach the service account to other resources, such as Compute Engine instances.
This is typically the email address for a Google Account.
-
Click Done to finish creating the service account.
Do not close your browser window. You will use it in the next step.
-
-
Create a service account key:
- In the Google Cloud console, click the email address for the service account that you created.
- Click Keys.
- Click Add key, and then click Create new key.
- Click Create. A JSON key file is downloaded to your computer.
- Click Close.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
- Follow the procedures in the individual sections to complete the rest of the workflow:
- Create a Kafka cluster.
- Create a topic.
- Configure the consumer and producer applications.
For more information, see the Quickstart.
You require the service account JSON key to later authenticate the Kafka consumer and producer applications. The process is described in the Quickstart.