Clusters
A cluster is one managed Apache Kafka deployment, reached through a single TLS bootstrap endpoint. It runs in KRaft mode with a replication factor of 3 and min.insync.replicas of 2. Topic, user, and ACL operations live in
Topics and
Users & ACLs.
Create
exc stream create \
--name events-prod \
--zone_id 1 \
--subnet_id 1 \
--instance_type m1a.medium \
--root_volume_size_gib 100 \
--allowed_cidrs 203.0.113.0/24 \
--security_group_ids 12 \
--baseline_iops 3000 \
--baseline_throughput_mbps 125 \
--waitRequired: name, instance_type, root_volume_size_gib, subnet_id, zone_id.
Optional: allowed_cidrs, security_group_ids, ssh_pubkey, baseline_iops, baseline_throughput_mbps.
name must be 3–43 characters, lowercase a–z, 0–9, and hyphens, and may not start or end with a hyphen. Only m1a instance types are supported.
The response returns:
| Field | Notes |
|---|---|
cluster.cluster_id | Cluster ID — pin this in your config |
cluster.public_bootstrap_endpoint | What clients connect to, e.g. events-prod.stream.excloud.co.in:9092 |
cluster.state | CREATING initially |
bootstrap | CA certificate, auth mode, client_properties |
admin_username / admin_password | Shown once. Save them immediately |
allowed_cidrs
allowed_cidrs controls who can reach the client port (:9092). 0.0.0.0/0 makes the endpoint reachable from anywhere — clients still need valid SCRAM credentials, but for production you should scope this to your own networks.
List
exc stream listReturns non-terminated clusters owned by your organization with their state, bootstrap endpoint, and metadata. Admin passwords are never returned.
Get
exc stream get --id <cluster_id>Returns the cluster’s current state and connection metadata. Use --wait on create when you want the CLI to wait until state is RUNNING.
States
| State | Meaning |
|---|---|
CREATING | Provisioning; not yet reachable |
RUNNING | Healthy and serving clients |
DEGRADED | Reachable but not fully healthy |
RESTARTING | A restart is in progress |
TERMINATING | Teardown in progress |
TERMINATED | Gone; data released |
FAILED | Provisioning or operation failed |
Bootstrap metadata
exc stream bootstrap --id <cluster_id>Returns the connection bundle:
| Field | Value |
|---|---|
bootstrap_servers | The single public endpoint |
security_protocol | SASL_SSL |
sasl_mechanism | SCRAM-SHA-512 |
auth_mode | SASL_SCRAM |
ca_cert | PEM CA certificate |
client_properties | Ready-to-use client.properties |
Restart
exc stream restart --id <cluster_id> --waitRolls the cluster. Producers and consumers may briefly fail over and should be configured to retry and reconnect on the bootstrap endpoint.
Terminate
exc stream terminate --id <cluster_id> --waitIrreversible. Terminate removes the cluster, releases its storage, and drops the public DNS records. Stored data is lost — consume or copy anything you need first.
Bootstrap endpoint stability
The bootstrap endpoint returned at create time is stable for the life of the cluster — it doesn’t change across restarts. Clients should resolve the DNS name and reconnect on failure rather than caching the underlying IPs.
Required permissions
| Action | Permission |
|---|---|
| Create | stream:cluster:create |
| List | stream:cluster:list |
| Get / bootstrap | stream:cluster:get |
| Restart | stream:cluster:restart |
| Terminate | stream:cluster:terminate |
See the Policies guide.