Kafkarator
Kafkarator is a Kubernetes operator on the NAIS platform, providing self-service functionality for Aiven hosted Kafka through Kubernetes resources.
Kafkarator defines a Kubernetes custom resource, kafka.nais.io/Topic. When users create or update this resource,
Kafkarator translates it to Aiven topics and ACL entries.
User documentation
Developer documentation
Kafkarator uses earthly via earthlyw for building.
Use ./earthlyw +docker to build docker images for kafkarator and canary.
Verifying the kafkarator images and their contents
The images are signed "keylessly" using Sigstore cosign. To verify their authenticity run
cosign verify \
--certificate-identity "https://github.com/nais/kafkarator/.github/workflows/main.yml@refs/heads/master" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
europe-north1-docker.pkg.dev/nais-io/nais/images/kafkarator@sha256:<shasum>
The images are also attested with SBOMs in the CycloneDX format. You can verify these by running
cosign verify-attestation --type cyclonedx \
--certificate-identity "https://github.com/nais/kafkarator/.github/workflows/main.yml@refs/heads/master" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
europe-north1-docker.pkg.dev/nais-io/nais/images/kafkarator@sha256:<shasum>