[Verse 1]
When clients knock from outside the cluster wall
Kafka brokers need addresses they can call
Advertised listeners hold the sacred key
Broadcasting hostnames that external eyes can see
Internal pods speak cluster dot local tongue
But outside clients need domains properly sung
Bootstrap servers guide the first connection dance
Then brokers whisper their true addresses in advance
[Chorus]
Configure the gateway, open up the door
TLS passthrough keeps encryption pure and raw
Termination strips it at the proxy line
DNS resolution makes the hostnames shine
Per-broker endpoints or shared service gate
External access seals your Kafka fate
[Verse 2]
Passthrough tunnels encrypted streams intact
Load balancer forwards every TLS pact
But termination breaks the crypto shell
Proxy decrypts then re-encrypts to tell
NodePort exposes ports on every node
LoadBalancer provisions cloud IP zones
Ingress routes traffic through HTTP streams
Route and OpenShift fulfill external dreams
[Chorus]
Configure the gateway, open up the door
TLS passthrough keeps encryption pure and raw
Termination strips it at the proxy line
DNS resolution makes the hostnames shine
Per-broker endpoints or shared service gate
External access seals your Kafka fate
[Bridge]
Three brokers need three separate names
Wildcard certificates ease the DNS games
Bootstrap discovers the topology map
Then direct connections bridge the cluster gap
[Verse 3]
Hostname overrides control the advertised call
External DNS must resolve them all
Certificate SANs must match the chosen names
Or TLS handshakes burst into flames
Shared bootstrap funnels initial requests
Per-broker services handle all the rest
Network policies guard the exposed doors
Security groups define the traffic wars
[Chorus]
Configure the gateway, open up the door
TLS passthrough keeps encryption pure and raw
Termination strips it at the proxy line
DNS resolution makes the hostnames shine
Per-broker endpoints or shared service gate
External access seals your Kafka fate
[Outro]
From cluster-internal to worldwide reach
External listeners bridge what networks teach
Strimzi orchestrates the connection flow
Your Kafka streams wherever clients go