hyades icon indicating copy to clipboard operation
hyades copied to clipboard
verified publisher icon DependencyTrack

Default to Apache Kafka instead of Redpanda

Open nscuro opened this issue 2 years ago • 3 comments

We chose to use Redpanda over Apache Kafka (AK) for our testing as it has a noticeably lower footprint.

However, Redpanda is licensed under BUSL which can be problematic for some organizations. Further, as Dependency-Track is an OSS project under a truly open foundation (OWASP), we should not depend on commercial solutions per default. Instead, we should default to Apache Kafka, which is Apache-2.0 licensed, just like DT itself.

Further, we may want to replace Redpanda Console with something like https://github.com/provectus/kafka-ui (for the same licensing reason).

In summary, the following needs to be done:

  • The default docker-compose.yml should use Apache Kafka
    • ~We can use the bitnami/kafka image which supports KRaft and does not depend on Zookeeper~
    • Should use official apache/kafka image, see https://github.com/DependencyTrack/hyades/issues/854#issuecomment-1980594100
    • Should consider using apache/kafka-native variant, see https://github.com/DependencyTrack/hyades/issues/854#issuecomment-2199485302
  • e2e tests should either:
    • Use AK instead of Redpanda
    • Run against both AK and Redpanda
  • Continuing to use Redpanda in unit and integration tests is fine
    • We should still test how AK behaves here, perhaps it's not as bad as we think
    • AK-powered dev services are available through Strimzi

nscuro avatar Oct 17 '23 10:10 nscuro

As of v3.7.0, Kafka has an official Docker image:

  • https://hub.docker.com/r/apache/kafka
  • https://github.com/apache/kafka/blob/trunk/docker/examples/README.md
  • https://github.com/apache/kafka/blob/trunk/docker/examples/jvm/single-node/plaintext/docker-compose.yml

nscuro avatar Mar 06 '24 10:03 nscuro

As per KIP-974, Apache Kafka will ship a native image version with v3.8: https://cwiki.apache.org/confluence/display/KAFKA/KIP-974%3A+Docker+Image+for+GraalVM+based+Native+Kafka+Broker

That will be useful for demo setups. The KIP does say explicitly though that production usage is not yet recommended:

The GraalVM native-image based container is recommended only for development, and testing and not for production workloads.

nscuro avatar Jul 01 '24 07:07 nscuro

Requested addition of Apache Kafka native to Quarkus Dev Services here: https://github.com/quarkusio/quarkus/issues/43272

nscuro avatar Oct 03 '24 00:10 nscuro

Not pursuing this anymore as a consequence of #1619

nscuro avatar Jan 11 '25 19:01 nscuro