Skip to main content
Conduktor Self-service lets application teams request Kafka topics and access without going through the platform team for every change. Platform teams set the rules upfront; everything else flows from there.

How it works

Self-service introduces two roles:
  • Platform teams — assign application’s owner a set of resources and define the governance rules they will be restricted by.
  • Application teams — create resources within their ownership scope, approve access requests, and subscribe to other teams’ topics. Approved requests are applied automatically without platform team intervention for each change.
Topic creation is a direct API call that passes if the request is policy-compliant — no approval workflow needed. Access requests between teams go through the owning application team, not the platform team: Every change goes into Git. You get a full history and can review anything before it lands on Kafka.

Key concepts

ConceptDescription
ApplicationA logical grouping for a team or service — owns its topics and ACLs
Application teamGroup of people not owning the application’s topics, but interacting with them, and that should inherit from the same permissions (e.g., support team)
Access requestA request for read or write access to a topic owned by another application
PolicyRules that constrain what teams can request (e.g., max partitions, naming conventions)
OwnershipEach resource has a declared owner; access requests go through that owner for approval

Benefits

  • Less bottleneck — teams don’t wait on platform for routine requests
  • Guardrails, not gatekeeping — policies constrain what can be requested, not who can work
  • Full audit trail — every change is in Git, reviewable and revertible
  • Explicit ownership — each resource has a declared owner, so access requests go to the right person
  • Data discovery — Kafka is made to open access to data. Our data catalog is here for that and exposes topics metadata to add context