Skip to content

dedicated-vpc-peering-gcp-kafka-acls

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

dedicated-vpc-peering-gcp-kafka-acls

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
terraform.tfvars
terraform.tfvars
 
 
variables.tf
variables.tf
 
 

README.md

Notes

  1. See Sample Project for Confluent Terraform Provider that provides step-by-step instructions of running this example.

  2. This example assumes that Terraform is run from a host in the private network (you could also leverage the "Agent" Execution Mode if you are using Terraform Enterprise), where it will have connectivity to the Kafka REST API in other words, to the REST endpoint on the provisioned Kafka cluster. If it is not, you must make these changes:

    • Update the confluent_api_key resources by setting their disable_wait_for_ready flag to true. Otherwise, Terraform will attempt to validate API key creation by listing topics, which will fail without access to the Kafka REST API. Otherwise, you might see errors like:

      Error: error waiting for Kafka API Key "[REDACTED]" to sync: error listing Kafka Topics using Kafka API Key "[REDACTED]": Get "[https://[REDACTED]/kafka/v3/clusters/[REDACTED]/topics](https://[REDACTED]/kafka/v3/clusters/[REDACTED]/topics)": GET [https://[REDACTED]/kafka/v3/clusters/[REDACTED]/topics](https://[REDACTED]/kafka/v3/clusters/[REDACTED]/topics) giving up after 5 attempt(s): Get "[https://[REDACTED]/kafka/v3/clusters/[REDACTED]/topics](https://[REDACTED]/kafka/v3/clusters/[REDACTED/topics)": dial tcp [REDACTED]:443: i/o timeout

    • Remove the three confluent_kafka_acl resources. These resources are provisioned using the Kafka REST API, which is only accessible from the private network.

    • Remove the confluent_kafka_topic resource. These resources are provisioned using the Kafka REST API, which is only accessible from the private network.

  3. One common deployment workflow for environments with private networking is as follows:

    • A initial (centrally-run) Terraform deployment provisions infrastructure: network, Kafka cluster, and other resources on cloud provider of your choice to setup private network connectivity (like DNS records)

    • A secondary Terraform deployment (run from within the private network) provisions data-plane resources (Kafka Topics and ACLs)

    • Note that RBAC role bindings can be provisioned in either the first or second step, as they are provisioned through the Confluent Cloud API, not the Kafka REST API

  4. See VPC Peering on Google Cloud for more details.