How to deploy Conduktor?

Conduktor is a self-hosted solution running inside your environment. From single-cluster teams to global deployments, Conduktor adapts to your infrastructure.

How to deploy Conduktor?

Running at scale

Caisse des Dépôts
IKEA
ING
Vattenfall
Dick's Sporting Goods
Honda
Capital Group
Cigna
Flix
Lufthansa
Air France
Consolidated Communications
Caisse des Dépôts
IKEA
ING
Vattenfall
Dick's Sporting Goods
Honda
Capital Group
Cigna
Flix
Lufthansa
Air France
Consolidated Communications

Why self-hosted matters

Your sensitive data stays private, under your control, and compliant with your regional and corporate rules. You choose the architecture: cloud, hybrid, or on-prem. Conduktor connects to your stack and security tooling.

Architecture

Conduktor links your streaming applications, Kafka clusters, and security systems through a control and data plane architecture.

Architecture

Control Plane

Runs the management, policies, and identity logic. Exposes APIs, CLI, and UI. Designed to integrate with GitOps and automation tools.

Data Plane

Handles live Kafka connections. Enforces access rules, masking, and encryption inline without altering payloads.

Security & Automation Layer

Connects to your identity providers, secret managers, and CI/CD systems. Supports SSO, LDAP, Vault, and custom certificate chains.

Observability Layer

Streams metrics and events to your monitoring stack. Exports to Prometheus, Grafana, or OpenTelemetry for real-time visibility.

Deployment Scenarios

Single Cluster

Ideal for getting started or smaller teams. One Conduktor instance connects to one Kafka cluster.

Multi-Cluster

Manage multiple Kafka clusters from a single Conduktor deployment. Centralize governance and access control.

Regulated Industries

For finance, healthcare, or government. Deploy fully air-gapped with strict network segmentation and audit trails.

FAQ

Can Conduktor run in air-gapped environments?

Yes. Conduktor supports full offline installations with local registries. You can install and update all components without external network access.

Which clouds are supported?

Conduktor runs on AWS, Azure, GCP, or on-prem. It integrates with managed Kafka services such as AWS MSK, Confluent Cloud, and Aiven, as well as open-source clusters.

How long does deployment take?

A simple setup is ready in minutes using Helm or Docker Compose. Production-grade installs, including HA, external identity providers, security managers, completes in multiple days.

Can we integrate with Vault or KMS?

Yes. Conduktor integrates natively with HashiCorp Vault and all major KMS providers (AWS, Azure, GCP). Secrets can be injected through environment variables, mounted volumes, or API calls.

Does Conduktor support SSO and granular access control?

Yes. Conduktor supports SAML, OIDC, and LDAP synchronization. Access rules apply at the user, group, or application level and can be automated through APIs.

Need help with your deployment?

Whether you're planning a high-availability setup, optimizing for scale, or navigating compliance requirements, our team is here to guide you through architecture decisions and best practices.

Talk to an expert