cloudhut / charts Goto Github PK
View Code? Open in Web Editor NEWHelm chart for deploying Kowl (Business) in Kubernetes
License: Apache License 2.0
Helm chart for deploying Kowl (Business) in Kubernetes
License: Apache License 2.0
Can you add the possibility to set a priorityClassName via the values.yaml for the kowl deployment
I got already a secret containing tls certificate. It is not clear to me how to point to it using this chart.
We're using the strimzi kafka operator and the secret with the certificate is automatically created by the operator. It would be great to be able to configure the keys for an existing secret, e.g.
secret:
existingSecret: kafka-cluster-ca-cert
kafka-tls-cert: ca.crt
Hello,
How should I define values.yaml file to include existing tls configuration
tried with below setup but getting helm related errors:
extraVolumes:
- name: tls-ca
secret:
secretName: kafka-cluster-ca
items:
- key: ca.crt
path: ca.crt
- name: tls-user
secret:
secretName: kafka-user
items:
- key: user.crt
path: user.crt
- key: user.key
path: user.key
Is there a way to reference brokers from different kafka clusters? I have 2 kafka clusters in 2 separate k8s clusters. Each cluster has its own set of ssl certificates for tls authentication.
I see in the chart, I can only reference brokers and tls once.
Do not set default podSecurityContext in values.yaml, because security policies of a k8s cluster might force a specific range. Helm does not allow to unset a dictionary in values.yaml. It only allows to override given entries or add addional ones.
E.g. OpenShift allows only a specific user range which it will automatically pick if there is no (pod)securityContext set. If you cannot unset the podSecurityContext you need to pick a valid value in the range, which is different for every cluster.
We would use kowl behind the oauth2-proxy, because we haven't the need for the "business" feature to authenticate with roles and so on.
So my question is, will you support an additional container beside the deployment in the future?
I can create a Pull request when you haven't time/need to implement such a feature.
Ho do i set the log level in values.yaml?
I've beening implementing the helm chart for our organization and I noticed that the flag for the okta directory token differs between the chart and the application itself.
In the chart it's defined as
--login.okta.directory.api-token
while the app expects
-login.okta.api-token string
This causes the helm chart not to work when trying the buissness application.
I can create a PR to fix this. But I don't know which one has the wrong name the chart or the application.
Hey @weeco
It is possible to tag or use version branches in this repository?
This way it will be possible to pin the version in ArgoCD to avoid undesirable automatic rollouts.
Thanks =)
Please allow for a mechanism that allows users to add additional labels.
As reported in redpanda-data/console#104 users are not perfectly aware of what's happening in the Chart when they use existing secrets. The usage of existing secrets is a bit tricky and involves a bit of magic in the chart. We should investigate whether we can make this more transparent for the user and at least document the current behaviour.
There's any way to use secrets for okta authentication?
I have tried to edit the chart in a fork following the other authentication methods, but maybe I'm not using the right variable names at the deployment template when mounting the secrets.
I mostly searching for charts on artifacthub.io. Is it possible to reference this chart repository there?
See documentation how can achieve. Sould be very simple
I having the above error with the following configuration:
kowl:
# Config.yaml is required for Kowl and Kowl Business.
# See reference config: https://github.com/cloudhut/kowl/blob/master/docs/config/kowl.yaml)
config:
kafka:
brokers:
- kafka-prod-kafka-bootstrap.kafka.svc:9093
tls:
enabled: true
caFilepath: /etc/kowl/secrets/kafka-tls-ca
certFilepath: /etc/kowl/secrets/kafka-tls-cert
keyFilepath: /etc/kowl/secrets/kafka-tls-key
insecureSkipTlsVerify: true
schemaRegistry:
enabled: true
urls: [ "http://cp-schema-registry:8081" ] # Url with scheme is required, e.g. ["http://localhost:8081"]
logger:
level: debug
Secret is correctly created and contains the right certificate:
apiVersion: v1
data:
kafka-sasl-password: [...]
kafka-tls-ca: IiI=
kafka-tls-cert: [...]
kafka-tls-key: [...]
kafka-tls-passphrase: IiI=
kind: Secret
metadata:
creationTimestamp: "2020-12-17T09:12:13Z"
labels:
app.kubernetes.io/instance: kowl
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kowl
app.kubernetes.io/version: v1.2.2
helm.sh/chart: kowl-1.2.0
name: kowl
namespace: kafka
ownerReferences:
- apiVersion: kubernetes-client.io/v1
controller: true
kind: ExternalSecret
name: kowl
uid: 39e02a07-e535-4aa9-9346-a828e87013b6
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: false
kind: Deployment
name: kowl
uid: bb895019-d2ab-43ea-a20e-9baa1ec527f9
resourceVersion: "13463764"
selfLink: /api/v1/namespaces/kafka/secrets/kowl
uid: 36c34e14-d9ff-4d91-868a-8c2e3ef95caf
type: Opaque
here the full log:
oauth2-proxy [2020/12/17 09:10:40] [logger.go:490] mapping path "/" => upstream "http://127.0.0.1:8080"
oauth2-proxy [2020/12/17 09:10:40] [logger.go:490] OAuthProxy configured for Keycloak Client ID: kafka-client
oauth2-proxy [2020/12/17 09:10:40] [logger.go:490] Cookie settings: name:_oauth2_proxy secure(https):true httponly:true expiry:168h0m0s domains: path:/ samesite: refresh:disabled
oauth2-proxy [2020/12/17 09:10:40] [logger.go:490] HTTP: listening on :4180
kowl {"level":"info","msg":"started Kowl","version":"v1.2.2","built":"2020-11-23T15:49:59Z","git_sha":"284eb140e520ee647f8801992c54e7ad05b3c0c3"}
kowl {"level":"info","ts":"2020-12-17T09:16:43.972Z","msg":"connecting to Kafka cluster"}
kowl {"level":"debug","ts":"2020-12-17T09:16:43.972Z","msg":"Initializing new client","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:43.972Z","msg":"client/metadata fetching metadata for all topics from broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:43.974Z","msg":"Connected to broker at kafka-prod-kafka-bootstrap.kafka.svc:9093 (unregistered)","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.004Z","msg":"client/metadata got error from broker -1 while fetching metadata: local error: tls: bad record MAC","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.004Z","msg":"Closed connection to broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.004Z","msg":"client/metadata no available broker to send metadata request to","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.004Z","msg":"client/brokers resurrecting 1 dead seed brokers","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.004Z","msg":"client/metadata retrying after 250ms... (3 attempts remaining)","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.255Z","msg":"client/metadata fetching metadata for all topics from broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.256Z","msg":"Connected to broker at kafka-prod-kafka-bootstrap.kafka.svc:9093 (unregistered)","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.267Z","msg":"client/metadata got error from broker -1 while fetching metadata: local error: tls: bad record MAC","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.267Z","msg":"Closed connection to broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.268Z","msg":"client/metadata no available broker to send metadata request to","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.268Z","msg":"client/brokers resurrecting 1 dead seed brokers","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.268Z","msg":"client/metadata retrying after 250ms... (2 attempts remaining)","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.518Z","msg":"client/metadata fetching metadata for all topics from broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.519Z","msg":"Connected to broker at kafka-prod-kafka-bootstrap.kafka.svc:9093 (unregistered)","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.530Z","msg":"client/metadata got error from broker -1 while fetching metadata: local error: tls: bad record MAC","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.530Z","msg":"Closed connection to broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.530Z","msg":"client/metadata no available broker to send metadata request to","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.530Z","msg":"client/brokers resurrecting 1 dead seed brokers","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.530Z","msg":"client/metadata retrying after 250ms... (1 attempts remaining)","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.781Z","msg":"client/metadata fetching metadata for all topics from broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.782Z","msg":"Connected to broker at kafka-prod-kafka-bootstrap.kafka.svc:9093 (unregistered)","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.811Z","msg":"client/metadata got error from broker -1 while fetching metadata: local error: tls: bad record MAC","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.811Z","msg":"Closed connection to broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.811Z","msg":"client/metadata no available broker to send metadata request to","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.811Z","msg":"client/brokers resurrecting 1 dead seed brokers","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.811Z","msg":"Closing Client","source":"sarama"}
kowl {"level":"fatal","ts":"2020-12-17T09:16:44.811Z","msg":"failed to create kafka service","error":"failed to create kafka client: kafka: client has run out of available brokers to talk to (Is your cluster reachable?)"}
kowl stream closed
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.