Kafka binding spec

Detailed documentation on the Kafka binding component

Component format

To setup Kafka binding create a component of type bindings.kafka. See this guide on how to create and apply a binding configuration. For details on using secretKeyRef, see the guide on how to reference secrets in components.

All component metadata field values can carry templated metadata values, which are resolved on Dapr sidecar startup. For example, you can choose to use {namespace} as the consumerGroup, to enable using the same appId in different namespaces using the same topics as described in this article.

apiVersion: dapr.io/v1alpha1
kind: Component
  name: kafka-binding
  type: bindings.kafka
  version: v1
  - name: topics # Optional. Used for input bindings.
    value: "topic1,topic2"
  - name: brokers # Required.
    value: "localhost:9092,localhost:9093"
  - name: consumerGroup # Optional. Used for input bindings.
    value: "group1"
  - name: publishTopic # Optional. Used for output bindings.
    value: "topic3"
  - name: authRequired # Required.
    value: "true"
  - name: saslUsername # Required if authRequired is `true`.
    value: "user"
  - name: saslPassword # Required if authRequired is `true`.
      name: kafka-secrets
      key: "saslPasswordSecret"
  - name: saslMechanism
    value: "SHA-512"
  - name: initialOffset # Optional. Used for input bindings.
    value: "newest"
  - name: maxMessageBytes # Optional.
    value: "1024"
  - name: version # Optional.
    value: "1.0.0"
  - name: direction
    value: "input, output"

Spec metadata fields

Field Required Binding support Details Example
topics N Input A comma-separated string of topics. "mytopic1,topic2"
brokers Y Input/Output A comma-separated string of Kafka brokers. "localhost:9092,dapr-kafka.myapp.svc.cluster.local:9093"
clientID N Input/Output A user-provided string sent with every request to the Kafka brokers for logging, debugging, and auditing purposes. "my-dapr-app"
consumerGroup N Input A kafka consumer group to listen on. Each record published to a topic is delivered to one consumer within each consumer group subscribed to the topic. "group1"
consumeRetryEnabled N Input/Output Enable consume retry by setting to "true". Default to false in Kafka binding component. "true", "false"
publishTopic Y Output The topic to publish to. "mytopic"
authRequired N Deprecated Enable SASL authentication with the Kafka brokers. "true", "false"
authType Y Input/Output Configure or disable authentication. Supported values: none, password, mtls, or oidc "password", "none"
saslUsername N Input/Output The SASL username used for authentication. Only required if authRequired is set to "true". "adminuser"
saslPassword N Input/Output The SASL password used for authentication. Can be secretKeyRef to use a secret reference. Only required if authRequired is set to "true". "", "KeFg23!"
saslMechanism N Input/Output The SASL authentication mechanism you’d like to use. Only required if authtype is set to "password". If not provided, defaults to PLAINTEXT, which could cause a break for some services, like Amazon Managed Service for Kafka. "SHA-512", "SHA-256", "PLAINTEXT"
initialOffset N Input The initial offset to use if no offset was previously committed. Should be “newest” or “oldest”. Defaults to “newest”. "oldest"
maxMessageBytes N Input/Output The maximum size in bytes allowed for a single Kafka message. Defaults to 1024. "2048"
oidcTokenEndpoint N Input/Output Full URL to an OAuth2 identity provider access token endpoint. Required when authType is set to oidc https://identity.example.com/v1/token"
oidcClientID N Input/Output The OAuth2 client ID that has been provisioned in the identity provider. Required when authType is set to oidc "dapr-kafka"
oidcClientSecret N Input/Output The OAuth2 client secret that has been provisioned in the identity provider: Required when authType is set to oidc "KeFg23!"
oidcScopes N Input/Output Comma-delimited list of OAuth2/OIDC scopes to request with the access token. Recommended when authType is set to oidc. Defaults to "openid" "openid,kafka-prod"
version N Input/Output Kafka cluster version. Defaults to 2.0.0. Please note that this needs to be mandatorily set to 1.0.0 for EventHubs with Kafka. "1.0.0"
direction N Input/Output The direction of the binding. "input", "output", "input, output"


The metadata version must be set to 1.0.0 when using Azure EventHubs with Kafka.

Binding support

This component supports both input and output binding interfaces.

This component supports output binding with the following operations:

  • create


Kafka supports a variety of authentication schemes and Dapr supports several: SASL password, mTLS, OIDC/OAuth2. Learn more about Kafka’s authentication method for both the Kafka binding and Kafka pub/sub components.

Specifying a partition key

When invoking the Kafka binding, its possible to provide an optional partition key by using the metadata section in the request body.

The field name is partitionKey.


curl -X POST http://localhost:3500/v1.0/bindings/myKafka \
  -H "Content-Type: application/json" \
  -d '{
        "data": {
          "message": "Hi"
        "metadata": {
          "partitionKey": "key1"
        "operation": "create"


An HTTP 204 (No Content) and empty body will be returned if successful.

Last modified September 28, 2023: Jaeger otlp updates (#3771) (7ed281a)