EN RU
GitHub

Get Started

KafkaKombat is a free Kafka UI and Kafka manager for Apache Kafka in Kerberos-based environments. This page collects the practical startup flow: what to prepare in advance, how to install the server distribution, and where to begin if you want Kubernetes packaging through Helm

Download release Open documentation

Baseline requirements

KafkaKombat is designed for infrastructure where Kerberos is a mandatory part of the access model, not for arbitrary stand-alone demos

Required

  • Linux x86_64
  • Java 11
  • PostgreSQL 14 or newer
  • a correctly configured Kerberos client environment on the host
  • network access to PostgreSQL and Kafka

Important upfront assumptions

  • Kerberos for KafkaKombat is mandatory
  • PostgreSQL is treated as an external part of the target environment
  • the installer does not create the OS user, database, principal, or keytab for you
  • production sizing is best validated through a pilot or trial

Kerberos and SASL/GSSAPI expectations

KafkaKombat is intended for Apache Kafka environments where Kerberos is not optional, but part of the real production access model. In practice this means SASL/GSSAPI-capable Kafka client runtime, valid krb5.conf, working ticket handling and a deployment model where ordinary UI requests are executed in the Kerberos context of the logged-in user. The product is already used in development and production environments with multiple Kerberos-protected Kafka clusters.

Server installation

Step 1

Prepare the Linux user and installation directory

Create the system user and target directory in advance. The installer expects this part to be ready

console
sudo useradd -r -m -d /opt/kafkakombat kafkakombat
sudo mkdir -p /opt/kafkakombat
sudo chown -R kafkakombat:kafkakombat /opt/kafkakombat
Step 2

Prepare the PostgreSQL user and database

Before running the installer, the PostgreSQL database and user must already exist. Validate connectivity and credentials separately

psql
CREATE USER kafkakombat_admin WITH PASSWORD 'XXXXXXXXXXXXXX';
CREATE DATABASE kafkakombat OWNER kafkakombat_admin;
GRANT ALL PRIVILEGES ON DATABASE kafkakombat TO kafkakombat_admin;
Step 3

Prepare the Kerberos principal, keytab, and krb5.conf

KafkaKombat works only in Kerberos-based environments. The host must have a valid krb5.conf, principal, keytab, and working connectivity to the KDC

console
sudo install -d -m 700 /opt/kafkakombat/security
sudo cp /secure/path/kafkakombat.keytab /opt/kafkakombat/security/
sudo chown kafkakombat:kafkakombat /opt/kafkakombat/security/kafkakombat.keytab
sudo chmod 600 /opt/kafkakombat/security/kafkakombat.keytab
Step 4

Unpack the distribution and fill in installation parameters

The main installation input usually lives in install/install.config. The installer uses it to generate the final runtime configuration and service files

install/install.config
APP_USER=kafkakombat
APP_GROUP=kafkakombat
JAVA_HOME=/usr/lib/jvm/jdk-11
HTTP_PORT=18999
DB_DRIVER=org.postgresql.Driver
DB_URL=jdbc:postgresql://pg.example.com/kafkakombat
DB_USER=kafkakombat_admin
DB_PASSWORD=CHANGE_ME_DATABASE_PASSWORD
KERBEROS_KRB5CONF_PATH=/etc/krb5.conf
KERBEROS_USER_PRINCIPAL_TEMPLATE={0}@EXAMPLE.COM
KERBEROS_SERVICE_PRINCIPAL=kafka/host.example.com@EXAMPLE.COM
KERBEROS_SERVICE_KEYTAB_SOURCE=/path/to/source/service.keytab
DIRECTORY_URL=ldaps://ldap.example.com:636
DIRECTORY_BIND_DN=uid=service-account,cn=users,cn=accounts,dc=example,dc=com
DIRECTORY_BIND_PASSWORD=CHANGE_ME_DIRECTORY_BIND_PASSWORD

After installation, secrets should not remain exposed in the working directory. Protect the installation file or remove it after a successful run

Step 5

Run the installer

The installer prepares the runtime layout, generates the final configuration, creates service files, and can apply SQL schema or DB patches

console
cd /opt/kafkakombat/install
./install.sh
Step 6

Start the service and perform a baseline verification

After installation, validate the application startup, UI accessibility, PostgreSQL connectivity, and the basic Kafka integration path

service
bin/kafkakombat-service.sh start
bin/kafkakombat-service.sh status
bin/kafkakombat-service.sh restart
bin/kafkakombat-service.sh stop

What the installer does

This helps set the right expectations and keeps infrastructure preparation outside the installer itself

What happens during installation

  • application files are laid out in the target directory
  • runtime configuration is prepared
  • the working directory structure is created
  • SQL schema and DB patches can be applied

What you still prepare yourself

  • OS user
  • PostgreSQL user and database
  • Kerberos principal and keytab
  • reverse proxy, TLS, or balancing if your environment requires them

What to verify after installation

Minimum checklist

  • the KafkaKombat process stays up after startup
  • the web UI opens at the expected address
  • login works correctly
  • PostgreSQL schema and DB patches complete without errors

Functional validation

  • clusters are visible
  • topics and consumer groups open correctly
  • baseline user operations work
  • logs and runtime diagnostics do not show critical errors

Kubernetes installation

The Helm chart is published as an environment-neutral deployment baseline. It is a good fit when you already have a Kubernetes operating model and a clear secrets delivery approach

What the Helm chart does

  • renders install.config into a Kubernetes Secret
  • deploys Deployment, Service, and Ingress resources
  • expects an external PostgreSQL instance
  • uses existing Secret and existing ConfigMap objects for Kerberos material
helm
helm lint .
helm template kafkakombat . -f values.example.yaml
helm install kafkakombat . -f values.example.yaml --namespace kafkakombat --create-namespace

What you adapt for your environment

  • container image location
  • ingress and TLS
  • secret management
  • LDAP, OIDC, and Kerberos naming
  • how keytab and krb5.conf are delivered

Where to start in practice

If you are evaluating the project for the first time, start with the regular Linux installation flow: validate Kerberos, PostgreSQL, the baseline login path, and Kafka access from the UI. The Helm chart is usually the next step once the application behavior is already confirmed in your environment. Both the server distribution and the Helm chart are available free of charge