1. Build Applications
  2. Kafka Clients
  3. Advanced Features

Multi-Tenancy

Topic Naming Rule

Pulsar supports multi-tenancy. The client side should specifies a long topic name URL like "persistent://tenant/ns/topic". StreamNative leverages Pulsar's multi-tenancy feature and keeps the compatibility with the short topic names in Kafka.

For Kafka client users, they should follow the topic naming rule in this section. Otherwise, unexpected behaviors might happen.

You should specific topic names like:

  • topic: it refers the topic persistent://public/default/topic in the public/default namespace.
  • tenant.ns.topic: it refers the topic persistent://tenant/ns/topic in the tenant/ns namespace.
  • tenant.ns.xxx.yyy: it refers the topic persistent://tenant/ns/xxx.yyy in the tenant/ns namespace.

In short, use a short topic name if you don't use the multi-tenancy feature. Otherwise, add the namespace prefix for topics in non-default namespaces. Besides, Kafka clients can only access namespaces whose name doe not contain any dot character.

Note

In early versions of StreamNative Cloud clusters, the topic naming style is similar to Pulsar, i.e. you need to specify tenant/ns/topic rather than tenant.ns.topic to access topic topic in namespace tenant/ns.

Listing topics

By default, when listing topics via Kafka clients or Kafka CLI, only topics in the default namespace will be listed. This behavior is intended to avoid accessing other namespaces that you might not have permission to access.

If you want to list topics in some other namespaces (e.g. tenant1/ns1 and tenant2/ns2), you can use Pulsar admin CLI to update the configuration dynamically:

./bin/pulsar-admin brokers update-dynamic-config --config kopAllowedNamespaces --value "tenant1/ns1,tenant2/ns2"

For the permission to list topics, you need to grant produce or consume permissions on all namespaces in the kopAllowedNamespaces config to the role you have. See Kafka ACLs on StreamNative Cloud for more details.

Take the command above for example and assume the role is user, you need to run the following commands to grant the permissions:

./bin/pulsar-admin namespaces grant-permission --actions produce --role user tenant1/ns1
./bin/pulsar-admin namespaces grant-permission --actions produce --role user tenant2/ns2

You can also grant the permissions simply in the cloud console UI.

Note

It's highly recommended to add the namespace to the kopAllowedNamespaces config when you created a topic used by Kafka clients in a new namespace. For now, you need to execute the pulsar-admin brokers command manually to update this config. In future, this step will be done automatically in the cloud console.

Previous
Compacted Topic