Skip to main content
We recommend deploying Conduktor Gateway on Kubernetes using the official Helm chart for the best experience and supportability. Kubernetes keeps stateless services like Gateway highly available with built-in routing, scaling and self-healing.

Local example

We recommend running the local-stack example from our Conduktor Reference Architecture repository. This stack creates a production-like local deployment of the entire Conduktor Platform using k3d as a local Kubernetes cluster. It includes:
ComponentRequired for Gateway?Details
Conduktor GatewayYesDeployed with security mode GATEWAY_MANAGED and SNI routing.
KafkaYesRequired by both Gateway and Console.
Conduktor ConsoleNoUI and API for managing Kafka resources.
PostgreSQLNoStores Console state. Required for Console
Conduktor CortexNoMetrics collection for Console.
Schema RegistryNoSchema management for Gateway and Console.
HashiCorp VaultNoSecret storage for Gateway encryption features.
MinIO S3NoS3-compatible storage for metrics.
Prometheus and GrafanaNoMonitoring dashboards for Gateway and Console.
Gateway will only start if a valid license is provided (version 3.18+). If you’d like to evaluate Gateway, contact us.

Helm values

Inspect the helm values for Gateway. The sensitive configurations are provided by reference to a Kubernetes Secret.
In production, manage secrets with a dedicated secret manager. Don’t store them unencrypted in a git repository.

Preserving client IP address

By default, the Kubernetes load balancer changes the client IP address to its own. If you need Gateway to log the actual client IP address, add externalTrafficPolicy to the Gateway Helm chart: 
service:
  external:
    extraSpecs:
      externalTrafficPolicy: Local
This is needed if you need to identify a client that failed to connect during handshake. For example in this log message: 
[WARN ] [ProxyChannelInitializer:109] - TLS handshake failed [fecd5b8b]: SslHandshakeCompletionEvent(java.nio.channels.ClosedChannelException) on source IP address /172.16.160.44:59321

Next steps

Chart dependencies

All charts in this repository depend on bitnami-common .

Compatibility matrix

This compatibility matrix is a resource to help you find which versions of Conduktor Gateway work on which version of our Conduktor Gateway Helm chart.
We recommend you use the version of Gateway that comes pre-configured with the Helm chart. You can adjust the version in your values property according to the supported Gateway version, if required. Notes column only lists chart-level changes. See Conduktor release notes to determine whether there are breaking changes within the artifacts.

Helm chart compatibility

Breaking changes: 🟡 - breaks additional services / small behavior changes (e.g. Grafana dashboard changes) 🔴 - breaks overall deployment of the product (e.g. renaming variables in .values, major product releases)
Chart versionDefault App VersionMin App VersionRelease dateNotes
conduktor-gateway-3.21.03.20.03.18.02026-06-17🔴 Deprecated gateway.portRange in favour of gateway.listeners - old gateway.portRange needs gateway.portRange.enable = true to work
conduktor-gateway-3.20.13.19.13.18.02026-06-11
conduktor-gateway-3.20.03.19.13.18.02026-05-27
conduktor-gateway-3.19.13.19.13.12.02026-05-26
conduktor-gateway-3.19.03.19.03.12.02026-05-05
conduktor-gateway-3.18.03.18.03.12.02026-03-18
conduktor-gateway-3.17.23.17.23.12.02026-02-19
conduktor-gateway-3.17.13.17.13.12.02026-02-10
conduktor-gateway-3.17.03.17.03.12.02026-01-29
conduktor-gateway-3.16.13.16.03.12.02026-01-08
conduktor-gateway-3.16.03.16.03.12.02025-12-12
conduktor-gateway-3.15.03.15.03.12.02025-11-17
conduktor-gateway-3.14.03.14.03.12.02025-10-27
conduktor-gateway-3.13.03.13.03.12.02025-10-01🟡 Added podAntiAffinity default preset
conduktor-gateway-3.12.13.12.03.12.02025-08-22🔴 Updated startupProbe, livenessProbe, readinessProbe endpoints
conduktor-gateway-3.12.03.12.03.1.02025-08-22
conduktor-gateway-3.11.03.11.03.1.02025-07-22
conduktor-gateway-3.10.03.10.03.1.02025-06-19🔴 The default value of the environment variable GATEWAY_ACL_ENABLED has been switched to true
🔴 Deprecated DELEGATED_SASL_PLAINTEXT and DELEGATED_SASL_SSL security protocols (they remain supported for backward compatibility)
Find out more from release notes.
conduktor-gateway-3.9.13.9.03.1.02025-06-02
conduktor-gateway-3.9.03.9.03.1.02025-05-14🔴 When using PLAIN tokens, Gateway service accounts are now always required
🔴 When using PLAIN tokens, Gateway JWT signing key must always be set
conduktor-gateway-3.8.23.8.13.1.02025-04-24
conduktor-gateway-3.8.13.8.03.1.02025-04-10
conduktor-gateway-3.8.03.8.03.1.02025-04-09
conduktor-gateway-3.7.13.7.03.1.02025-03-28
conduktor-gateway-3.7.03.7.03.1.02025-03-21🟡 Updated Grafana template
🟡 Removed dependency on in-built Kafka cluster . Now the chart checks that the KAFKA_BOOTSTRAP_SERVERS environment variable is set in gateway.extraSecretEnvVars or gateway.env before deploying the chart.
conduktor-gateway-3.6.13.6.13.1.02025-03-06
conduktor-gateway-3.6.03.6.03.1.02025-02-17
conduktor-gateway-3.5.13.5.23.1.02025-01-23
conduktor-gateway-3.5.03.5.03.1.02024-12-16
conduktor-gateway-3.4.13.4.03.1.02024-11-22
conduktor-gateway-3.4.03.4.03.1.02024-11-22🔴 Changed service account creation behavior
🟡 Updated Grafana template
conduktor-gateway-3.3.13.3.13.1.02024-09-27
conduktor-gateway-3.3.03.3.03.1.02024-09-05
conduktor-gateway-3.2.23.2.23.1.02024-08-28🟡 Updated Grafana template
conduktor-gateway-3.2.13.2.13.1.02024-08-01
conduktor-gateway-3.2.03.2.03.1.02024-07-19
conduktor-gateway-3.1.13.1.13.1.02024-06-21
conduktor-gateway-3.1.03.0.33.0.02024-06-12🟡 Updated Grafana template
conduktor-gateway-3.0.13.0.13.0.02024-04-15
conduktor-gateway-3.0.03.0.03.0.02024-04-05🔴 Major product update