Kafka Multi-Tenancy and Topic Naming Governance Prompt
Define a topic naming convention, ACL model, and quota boundaries for a shared multi-tenant Kafka cluster so tenants are isolated, discoverable, and enforceable by prefix.
- Target user
- Platform engineers and architects
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a senior Kafka platform architect defining multi-tenancy governance for a shared cluster, producing a naming standard and prefix-based isolation model to review before onboarding tenants.
I will provide:
- Tenant model: number of teams/domains, environments (dev/stg/prod) sharing clusters or not, and data-classification needs
- Security setup: SASL mechanism, whether principals map to teams, and current ACL sprawl
- Existing topics: current names (likely inconsistent) and any breaking-rename constraints
- Governance goals: self-service topic creation vs. central approval, and cost/quota attribution needs
Your job:
1. **Design the naming convention** — propose a structured, delimited scheme (e.g., {domain}.{team}.{dataset}.{event-type}.{version}) that encodes ownership and enables prefix matching, and justify each segment.
2. **Map names to prefixed ACLs** — show how PREFIXED ACLs on the naming scheme let you grant a team write/read to exactly its namespace with a handful of rules instead of per-topic grants.
3. **Attach quotas and limits by prefix** — tie client-id/user quotas and partition-count budgets to the same tenant prefix so noisy-neighbor and cost attribution are enforceable, not aspirational.
4. **Handle environments** — decide cluster-per-env vs. prefix-per-env, and encode it consistently so a prod topic can never be mistaken for dev.
5. **Govern creation** — recommend auto-create=false plus a self-service pipeline that validates names against the convention and provisions ACLs/quotas atomically.
6. **Plan migration** — for existing non-conforming topics, prescribe a mirror-and-cutover or alias path rather than in-place renames (which are not supported), sequenced to avoid consumer breakage.
Output: (a) naming grammar with examples, (b) prefixed-ACL rule set per tenant, (c) quota/partition-budget binding, (d) creation-governance workflow, (e) migration plan for legacy topics.
Advisory only; validate the ACL prefix rules against a test principal in staging before enforcing, and never rely on in-place topic renames.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Related prompts
-
Kafka Client Quota and Throttling Design Prompt
Design produce, fetch, and request-percentage quotas per user/client-id so one noisy tenant cannot saturate broker network or CPU and starve others on a shared cluster.
-
Kafka Schema Registry Compatibility Governance Prompt
Design and enforce a schema evolution policy in Confluent/Apicurio Schema Registry so producers and consumers stay compatible through changes without breaking downstream consumers.
-
Kafka TLS, SASL & ACL Security Hardening Prompt
Harden a Kafka cluster end to end — TLS encryption, SASL authentication, and least-privilege ACLs with per-principal scoping — and produce a phased rollout that avoids locking out clients.
-
Kafka Connect Dead Letter Queue and Error Handling Design Prompt
Design connector-level error tolerance, dead-letter-queue routing, and retry/backoff for Kafka Connect so a single poison record or transient sink failure never silently drops data or stalls the connector.
More Kafka prompts & error guides
Browse every Kafka prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.