cloudhut / charts Goto Github PK
View Code? Open in Web Editor NEWHelm chart for deploying Kowl (Business) in Kubernetes
License: Apache License 2.0
charts's People
Stargazers
Watchers
Forkers
amuraru foobaar louislang zlosim harshadranganathan vadimshech heubeck iliassk vitaliyf rafalkorepta sproutfi fishst1k-globality benceszikora rafaeljesus bakdata bachden misternobody rickauhc seekiat kruthi-k-murthy alinataxual dominikhuembeli bmh10 magicniko nv30 phu-xyt praksha24 quoc9x ouesfa kratos-wang aravindjeev monkman08 chris93111charts's Issues
Kowl chart does not setting a priorityClassName
Can you add the possibility to set a priorityClassName via the values.yaml for the kowl deployment
secrets: not clear how to set TLS ones
I got already a secret containing tls certificate. It is not clear to me how to point to it using this chart.
Secret keys should be configurable
We're using the strimzi kafka operator and the secret with the certificate is automatically created by the operator. It would be great to be able to configure the keys for an existing secret, e.g.
secret:
existingSecret: kafka-cluster-ca-cert
kafka-tls-cert: ca.crtUnable to use extraVolumes and Mounts
Hello,
How should I define values.yaml file to include existing tls configuration
tried with below setup but getting helm related errors:
extraVolumes:
- name: tls-ca
secret:
secretName: kafka-cluster-ca
items:
- key: ca.crt
path: ca.crt
- name: tls-user
secret:
secretName: kafka-user
items:
- key: user.crt
path: user.crt
- key: user.key
path: user.key
Add missing space for volume name
Reference brokers in different clusters
Is there a way to reference brokers from different kafka clusters? I have 2 kafka clusters in 2 separate k8s clusters. Each cluster has its own set of ssl certificates for tls authentication.
I see in the chart, I can only reference brokers and tls once.
Do not set default podSecurityContext in values.yaml
Do not set default podSecurityContext in values.yaml, because security policies of a k8s cluster might force a specific range. Helm does not allow to unset a dictionary in values.yaml. It only allows to override given entries or add addional ones.
E.g. OpenShift allows only a specific user range which it will automatically pick if there is no (pod)securityContext set. If you cannot unset the podSecurityContext you need to pick a valid value in the range, which is different for every cluster.
Sidecar feature
We would use kowl behind the oauth2-proxy, because we haven't the need for the "business" feature to authenticate with roles and so on.
So my question is, will you support an additional container beside the deployment in the future?
I can create a Pull request when you haven't time/need to implement such a feature.
[helm chart] Set log level
Ho do i set the log level in values.yaml?
Kowl buissness chart args don't match application
I've beening implementing the helm chart for our organization and I noticed that the flag for the okta directory token differs between the chart and the application itself.
In the chart it's defined as
--login.okta.directory.api-token
while the app expects
-login.okta.api-token string
This causes the helm chart not to work when trying the buissness application.
I can create a PR to fix this. But I don't know which one has the wrong name the chart or the application.
Chart Versions
Hey @weeco
It is possible to tag or use version branches in this repository?
This way it will be possible to pin the version in ArgoCD to avoid undesirable automatic rollouts.
Thanks =)
Pod annotations should be configurable
Pod labels should be configurable
Please allow for a mechanism that allows users to add additional labels.
Using TLS with the existing secret option is not user friendly
As reported in redpanda-data/console#104 users are not perfectly aware of what's happening in the Chart when they use existing secrets. The usage of existing secrets is a bit tricky and involves a bit of magic in the chart. We should investigate whether we can make this more transparent for the user and at least document the current behaviour.
Configure Okta access via secrets
There's any way to use secrets for okta authentication?
I have tried to edit the chart in a fork following the other authentication methods, but maybe I'm not using the right variable names at the deployment template when mounting the secrets.
Add chart in artifacthub.io
I mostly searching for charts on artifacthub.io. Is it possible to reference this chart repository there?
See documentation how can achieve. Sould be very simple
tls: bad record MAC
I having the above error with the following configuration:
kowl:
# Config.yaml is required for Kowl and Kowl Business.
# See reference config: https://github.com/cloudhut/kowl/blob/master/docs/config/kowl.yaml)
config:
kafka:
brokers:
- kafka-prod-kafka-bootstrap.kafka.svc:9093
tls:
enabled: true
caFilepath: /etc/kowl/secrets/kafka-tls-ca
certFilepath: /etc/kowl/secrets/kafka-tls-cert
keyFilepath: /etc/kowl/secrets/kafka-tls-key
insecureSkipTlsVerify: true
schemaRegistry:
enabled: true
urls: [ "http://cp-schema-registry:8081" ] # Url with scheme is required, e.g. ["http://localhost:8081"]
logger:
level: debug
Secret is correctly created and contains the right certificate:
apiVersion: v1
data:
kafka-sasl-password: [...]
kafka-tls-ca: IiI=
kafka-tls-cert: [...]
kafka-tls-key: [...]
kafka-tls-passphrase: IiI=
kind: Secret
metadata:
creationTimestamp: "2020-12-17T09:12:13Z"
labels:
app.kubernetes.io/instance: kowl
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kowl
app.kubernetes.io/version: v1.2.2
helm.sh/chart: kowl-1.2.0
name: kowl
namespace: kafka
ownerReferences:
- apiVersion: kubernetes-client.io/v1
controller: true
kind: ExternalSecret
name: kowl
uid: 39e02a07-e535-4aa9-9346-a828e87013b6
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: false
kind: Deployment
name: kowl
uid: bb895019-d2ab-43ea-a20e-9baa1ec527f9
resourceVersion: "13463764"
selfLink: /api/v1/namespaces/kafka/secrets/kowl
uid: 36c34e14-d9ff-4d91-868a-8c2e3ef95caf
type: Opaque
here the full log:
oauth2-proxy [2020/12/17 09:10:40] [logger.go:490] mapping path "/" => upstream "http://127.0.0.1:8080"
oauth2-proxy [2020/12/17 09:10:40] [logger.go:490] OAuthProxy configured for Keycloak Client ID: kafka-client
oauth2-proxy [2020/12/17 09:10:40] [logger.go:490] Cookie settings: name:_oauth2_proxy secure(https):true httponly:true expiry:168h0m0s domains: path:/ samesite: refresh:disabled
oauth2-proxy [2020/12/17 09:10:40] [logger.go:490] HTTP: listening on :4180
kowl {"level":"info","msg":"started Kowl","version":"v1.2.2","built":"2020-11-23T15:49:59Z","git_sha":"284eb140e520ee647f8801992c54e7ad05b3c0c3"}
kowl {"level":"info","ts":"2020-12-17T09:16:43.972Z","msg":"connecting to Kafka cluster"}
kowl {"level":"debug","ts":"2020-12-17T09:16:43.972Z","msg":"Initializing new client","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:43.972Z","msg":"client/metadata fetching metadata for all topics from broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:43.974Z","msg":"Connected to broker at kafka-prod-kafka-bootstrap.kafka.svc:9093 (unregistered)","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.004Z","msg":"client/metadata got error from broker -1 while fetching metadata: local error: tls: bad record MAC","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.004Z","msg":"Closed connection to broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.004Z","msg":"client/metadata no available broker to send metadata request to","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.004Z","msg":"client/brokers resurrecting 1 dead seed brokers","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.004Z","msg":"client/metadata retrying after 250ms... (3 attempts remaining)","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.255Z","msg":"client/metadata fetching metadata for all topics from broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.256Z","msg":"Connected to broker at kafka-prod-kafka-bootstrap.kafka.svc:9093 (unregistered)","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.267Z","msg":"client/metadata got error from broker -1 while fetching metadata: local error: tls: bad record MAC","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.267Z","msg":"Closed connection to broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.268Z","msg":"client/metadata no available broker to send metadata request to","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.268Z","msg":"client/brokers resurrecting 1 dead seed brokers","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.268Z","msg":"client/metadata retrying after 250ms... (2 attempts remaining)","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.518Z","msg":"client/metadata fetching metadata for all topics from broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.519Z","msg":"Connected to broker at kafka-prod-kafka-bootstrap.kafka.svc:9093 (unregistered)","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.530Z","msg":"client/metadata got error from broker -1 while fetching metadata: local error: tls: bad record MAC","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.530Z","msg":"Closed connection to broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.530Z","msg":"client/metadata no available broker to send metadata request to","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.530Z","msg":"client/brokers resurrecting 1 dead seed brokers","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.530Z","msg":"client/metadata retrying after 250ms... (1 attempts remaining)","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.781Z","msg":"client/metadata fetching metadata for all topics from broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.782Z","msg":"Connected to broker at kafka-prod-kafka-bootstrap.kafka.svc:9093 (unregistered)","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.811Z","msg":"client/metadata got error from broker -1 while fetching metadata: local error: tls: bad record MAC","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.811Z","msg":"Closed connection to broker kafka-prod-kafka-bootstrap.kafka.svc:9093","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.811Z","msg":"client/metadata no available broker to send metadata request to","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.811Z","msg":"client/brokers resurrecting 1 dead seed brokers","source":"sarama"}
kowl {"level":"debug","ts":"2020-12-17T09:16:44.811Z","msg":"Closing Client","source":"sarama"}
kowl {"level":"fatal","ts":"2020-12-17T09:16:44.811Z","msg":"failed to create kafka service","error":"failed to create kafka client: kafka: client has run out of available brokers to talk to (Is your cluster reachable?)"}
kowl stream closed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.