Exposing Kafka Broker endpoints with Cloudflared Tunnel on K8s

We have Kafka running on a Kubernetes cluster and we want to expose its URLs publicly using Cloudflared tunnel. We have been using Cloudflared tunnel for a while now but only with HTTP Protocol. Since Kafka uses TCP protocol, this is the configuration we have:

 - hostname: broker-0.<domain>
   service: tcp://istio-ingressgateway.istio-system.svc.cluster.local:31400               
- hostname: broker-1.<domain>                                                          
   service: tcp://istio-ingressgateway.istio-system.svc.cluster.local:31400                        
- hostname: broker-2.<domain>                                                              
   service: tcp://istio-ingressgateway.istio-system.svc.cluster.local:31400

But when we try to connect to the public URL, it does not seem to be able to reach it, there is no log at all about the brokers ( i have debug logging on).
I know that when we connect to kafka it will use SSL protocol: ssl://broker-0./bootstrap
If we disable SSL then the protocol would be: localhost:31400/bootstrap (i guess TCP is implied?)
AFAIK there is not ssl over tcp protocol supported for cloudflared tunnel; ref: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/local-management/ingress/#supported-protocols

Any insight on what I can try looking into would be much appreciated :pray:

Connection string used to connect to kafka is: broker-0.<domain>:9092

How are you connecting? With TCP, you can connect directly to the hostname and instead need to have Cloudflared installed locally Arbitrary TCP ยท Cloudflare Zero Trust docs

My Kafka server is running inside a Kubernetes cluster, we are using Cloudflared tunnel to expose it with a public URL

You can not expose TCP connections to public hostnames like you can with HTTP/S. All client that you want to connect need to have Cloudflared installed locally. Please see this section of the docs that shows how to connect from a client.

I see, thank you very much.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.