Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/confluentinc/confluent-kubernetes-examples

Example scenario workflows for Confluent for Kubernetes
https://github.com/confluentinc/confluent-kubernetes-examples

Last synced: 3 days ago
JSON representation

Example scenario workflows for Confluent for Kubernetes

Awesome Lists containing this project

README

        

# Confluent for Kubernetes Scenario Examples

This GitHub repository accompanies the official [Confluent for Kubernetes documentation](https://docs.confluent.io/operator/current/overview.html).

This repository contains scenario workflows to deploy and manage Confluent
on Kubernetes for various use cases.

## Prerequisites

The following prerequisites are assumed for each scenario workflow:

* A Kubernetes cluster - any CNCF conformant version
* Helm 3 installed on your local machine
* Kubectl installed on your local machine
* A namespace created in the Kubernetes cluster - `confluent`
* Kubectl configured to target the `confluent` namespace:
```
kubectl config set-context --current --namespace=confluent
```
* This repo cloned to your workstation:
```
git clone [email protected]:confluentinc/confluent-kubernetes-examples.git
```

# Next Steps
You can browse through our curated example scenarios and try out the ones that matter to you.

If you are looking for inspiration, below are some of the popular scenarios.

## Quickstart
In this workflow scenario, you'll set up a simple non-secure (no authn, authz or encryption) Confluent Platform, consisting of all components. You can also setup up a simple KRaft based deployment as well.

The goal for this scenario is for you to:

Quickly set up the complete Confluent Platform on the Kubernetes.
Configure a producer to generate sample data.
Head to [CFK Quickstart](https://github.com/confluentinc/confluent-kubernetes-examples/tree/master/quickstart-deploy).

We are adopting KRaft in place of Zookeeper. Give it a quick try [here](https://github.com/confluentinc/confluent-kubernetes-examples/tree/master/quickstart-deploy/kraft-quickstart).

## Security
We have curated a comprehensive list of examples of commonly used security configurations. Some of the notable ones are:

* SASL/Plain with LDAP for authentication & authorization, TLS for encryption using CFK auto-generated component certificates. You'll need to provide a certificate authority certificate for CFK to auto-generate the component certificates. [Example](https://github.com/confluentinc/confluent-kubernetes-examples/tree/master/security/production-secure-deploy-auto-gen-certs).
* TLS encryption using user provided certificates, mTLS authentication, Confluent RBAC authorization [Example](https://github.com/confluentinc/confluent-kubernetes-examples/tree/master/security/internal_external-tls_mtls_confluent-rbac).

For more security use cases, click [here](https://github.com/confluentinc/confluent-kubernetes-examples/tree/master/security/).

## Networking
### External Access Load Balancer Deployment in CFK
[This example](https://github.com/confluentinc/confluent-kubernetes-examples/tree/master/networking/external-access-load-balancer-deploy) provides a way to enable external access to Confluent Platform components using load balancers, enhancing the accessibility and flexibility of your Confluent Platform deployment. It demonstrates
* How to configure load balancers for external access to Confluent Platform components in a Kubernetes environment.
* Setting the domain name of your Kubernetes cluster and configuring session affinity.

## Advanced Configurations
### Blueprints
Blueprint is a configuration template for Confluent Platform deployments using Confluent for Kubernetes. You can use it to enforce infrastructure and deployment standards within your organization. To try out Blueprints, click [here](https://github.com/confluentinc/confluent-kubernetes-examples/tree/master/blueprints).

### Advanced Configuration with Pod Overlay
[This example](https://github.com/confluentinc/confluent-kubernetes-examples/tree/master/advanced-configuration/pod-overlay) provides a way to leverage additional Kubernetes features not currently supported in the Confluent for Kubernetes (CFK) API, enhancing the flexibility and control over your Confluent Platform deployments.

* The Pod Overlay feature allows you to use ConfigMap and configure a StatefulSet PodTemplate for Confluent Platform components like Zookeeper, Kafka, Connect, Schema Registry, Kafka Rest Proxy, and Control Center.
* The valid Pod Overlay configuration is strategically merged with the pod spec inside the StatefulSet generated by CFK to form the final pod configuration for the application.

### Configure Workloads Scheduling
You can control how the component pods are scheduled on Kubernetes nodes to get optimal performance out of Confluent components.

For example, you can configure pods not to be scheduled on the same node as other resource intensive applications, pods to be scheduled on dedicated nodes, or pods to be scheduled on the nodes with the most suitable hardware.

You can try it out [here](https://github.com/confluentinc/confluent-kubernetes-examples/tree/master/scheduling/pod-scheduling).

### Index

Following index (not exhaustive) provides a list of scenarios available in this repository.

| items | Tags |
| ------------------------------------------------------------------------------------------------- | ------------------------------------------------ |
| [autogenerated-tls_only](security%2Fautogenerated-tls_only) | |
| [blueprints](blueprints) | #control-plane/data-plane, #multiple-k8s-cluster |
| [ccloud-connect-confluent-hub](hybrid%2Fccloud-connect-confluent-hub) | #confluent-cloud-kafka |
| [ccloud-integration](hybrid%2Fccloud-integration) | |
| [external-access-load-balancer-deploy](networking%2Fexternal-access-load-balancer-deploy) | #loadbalancer |
| [external-access-nodeport-deploy](networking%2Fexternal-access-nodeport-deploy) | #nodePort |
| [external-access-static-host-based](networking%2Fexternal-access-static-host-based) | #static-host |
| [external-access-static-port-based](networking%2Fexternal-access-static-port-based) | #static-port |
| [hashicorp vault ](security%2Fconfigure-with-vault) | #security #3rd-party |
| [kafka-additional-listeners](networking%2Fkafka-additional-listeners) | #custom-listener |
| [kraft_sasl_ssl_autogenerated](security%2Fkraft_sasl_ssl_autogenerated) | |
| [kubernetes-rbac](security%2Fkubernetes-rbac) | #k8s-rbac,#k8s-namespace |
| [monitoring](monitoring) | #grafana |
| [mtls-without-rbac](security%2Fmtls-without-rbac) | |
| [mtls-without-rbac](security%2Fmtls-without-rbac) | #mtls |
| [multi-Region-Clusters (MRC)](hybrid%2Fmulti-region-clusters) | #multiple-k8s-cluster |
| [openshift-security](security%2Fopenshift-security) | |
| [plaintext-basic-auth-Connect](security%2Fplaintext-basic-auth-Connect) | #basic-auth |
| [pod-overlay](advanced-configuration%2Fpod-overlay) | #advanced-configuration |
| [quickstart-deploy ](quickstart-deploy) | #Beginner |
| [replicator](hybrid%2Freplicator) | |
| [schemalink](hybrid%2Fschemalink) | |
| [separate-listener-tls-rbac](security%2Fseparate-listener-tls-rbac) | #tls, #rbac |
| [separate/mutiple kafka listener, ](security%2Fseparate-listener-tls) | #tls |
| [userprovided-tls_mtls-sasl_confluent-rbac](security%2Fuserprovided-tls_mtls-sasl_confluent-rbac) | |
| [using-cert-manager](security%2Fusing-cert-manager) | #tls, #3rd-party, #cert-manager |

## Troubleshooting
If you run into issues, don't forget to check the [troubleshooting document](https://github.com/confluentinc/confluent-kubernetes-examples/blob/master/troubleshooting/README.md).