- Build Applications
- Kafka Clients
- Advanced Features
Multi-Tenancy
Topic Naming Rule
Pulsar supports multi-tenancy. The client side should specifies a long topic name URL like "persistent://tenant/ns/topic"
. StreamNative leverages Pulsar's multi-tenancy feature and keeps the compatibility with the short topic names in Kafka.
For Kafka client users, they should follow the topic naming rule in this section. Otherwise, unexpected behaviors might happen.
You should specific topic names like:
topic
: it refers the topicpersistent://public/default/topic
in thepublic/default
namespace.tenant.ns.topic
: it refers the topicpersistent://tenant/ns/topic
in thetenant/ns
namespace.tenant.ns.xxx.yyy
: it refers the topicpersistent://tenant/ns/xxx.yyy
in thetenant/ns
namespace.
In short, use a short topic name if you don't use the multi-tenancy feature. Otherwise, add the namespace prefix for topics in non-default namespaces. Besides, Kafka clients can only access namespaces whose name doe not contain any dot character.
Note
In early versions of StreamNative Cloud clusters, the topic naming style is similar to Pulsar, i.e. you need to specify tenant/ns/topic
rather than tenant.ns.topic
to access topic topic
in namespace tenant/ns
.
Listing topics
By default, when listing topics via Kafka clients or Kafka CLI, only topics in the default namespace will be listed. This behavior is intended to avoid accessing other namespaces that you might not have permission to access.
If you want to list topics in some other namespaces (e.g. tenant1/ns1
and tenant2/ns2
), you can use Pulsar admin CLI to update the configuration dynamically:
./bin/pulsar-admin brokers update-dynamic-config --config kopAllowedNamespaces --value "tenant1/ns1,tenant2/ns2"
For the permission to list topics, you need to grant produce or consume permissions on all namespaces in the kopAllowedNamespaces
config to the role you have. See Kafka ACLs on StreamNative Cloud for more details.
Take the command above for example and assume the role is user
, you need to run the following commands to grant the permissions:
./bin/pulsar-admin namespaces grant-permission --actions produce --role user tenant1/ns1
./bin/pulsar-admin namespaces grant-permission --actions produce --role user tenant2/ns2
You can also grant the permissions simply in the cloud console UI.
Note
It's highly recommended to add the namespace to the kopAllowedNamespaces
config when you created a topic used by Kafka clients in a new namespace. For now, you need to execute the pulsar-admin brokers
command manually to update this config. In future, this step will be done automatically in the cloud console.