Merge pull request #16 from factorhouse/feature/FAC-167_consolidate-aws-charts

Consolidate the Helm chart for Kpow Annual

Author: jaehyeon-kim

.github/workflows/release.yml

@@ -57,6 +57,8 @@ jobs:
 
       - name: Run chart-releaser #this is used to generate new version of helm chart along with some file with extension .prov
         uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 #v1.6.0
+        with:
+          skip_existing: true
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
           CR_KEY: "${{ secrets.CR_KEY }}" # Key name used while creating key

README.md

@@ -7,6 +7,7 @@ Official Helm Charts for Factor House products. Currently supported:
 
 * [Kpow](charts/kpow/README.md) (`factorhouse/kpow`)
 * [Kpow Community Edition](charts/kpow-ce/README.md) (`factorhouse/kpow-ce`)
+* [Kpow AWS Marketplace (Kpow Annual)](charts/kpow-annual/README.md)(`factorhouse/kpow-annual-chart`)
 * [Flex](charts/flex/README.md) (`factorhouse/flex`)
 * [Flex Community Edition](charts/flex-ce/README.md) (`factorhouse/flex-ce`)
 

charts/flex-ce/values.schema.json

@@ -114,6 +114,17 @@
                 "allowPrivilegeEscalation": {
                     "type": "boolean"
                 },
+                "capabilities": {
+                    "type": "object",
+                    "properties": {
+                        "drop": {
+                            "type": "array",
+                            "items": {
+                                "type": "string"
+                            }
+                        }
+                    }
+                },
                 "privileged": {
                     "type": "boolean"
                 },

charts/flex/values.schema.json

@@ -114,6 +114,17 @@
                 "allowPrivilegeEscalation": {
                     "type": "boolean"
                 },
+                "capabilities": {
+                    "type": "object",
+                    "properties": {
+                        "drop": {
+                            "type": "array",
+                            "items": {
+                                "type": "string"
+                            }
+                        }
+                    }
+                },
                 "privileged": {
                     "type": "boolean"
                 },

charts/kpow-annual/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/kpow-annual/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+name: kpow-annual-chart
+description: Run Kpow Annual from the AWS Marketplace in Kubernetes
+type: application
+version: 1.0.59
+appVersion: "94.5"
+keywords:
+  - kafka
+  - kafka-ui
+  - kafka-connect
+  - schema-registry
+  - monitoring
+home: "https://factorhouse.io/kpow"
+sources:
+  - "https://github.com/factorhouse/kpow"
+  - "https://github.com/factorhouse/helm-charts/"
+maintainers:
+  - name: "Factor House Support"
+    email: "[email protected]"
+annotations:
+  artifacthub.io/signKey: |
+      fingerprint: 9686853629F9810E63A72373BA3D0FAE1A26981F
+      url: https://keybase.io/factorhouse/pgp_keys.asc

charts/kpow-annual/README.md

@@ -0,0 +1,29 @@
+## Run Kpow for Apache Kafka in Kubernetes with AWS License Manager
+
+[Helm](https://helm.sh) is the package manager for Kubernetes.
+
+[Kpow](https://kpow.io) is the all-in-one toolkit to manage, monitor, and learn about your Kafka resources.
+
+This Helm chart is applicable to the **AWS License Manager** version of Kpow [sold on the AWS Marketplace](https://aws.amazon.com/marketplace/pp/prodview-vgghgqdsplhvc).
+
+Find our general-purpose Helm charts for regular Kubernetes deploys [right here](https://github.com/factorhouse/kpow-helm-charts).
+
+## Helm Charts
+
+This repository contains a single Helm chart that uses the Kpow AWS Marketplace LM Docker container provided to you when you subscribe to the Kpow AWS Marketplace LM product on the [AWS Marketplace](https://aws.amazon.com/marketplace/pp/prodview-vgghgqdsplhvc).
+
+### Installation
+
+Follow the instructions provided to you via your AWS Marketplace subscription.
+
+For more information on configuring IAM Roles for Service Accounts see our [Kpow AWS-LM Documentation](https://docs.kpow.io/installation/aws-marketplace-lm/).
+
+For general purpose configuration instructions see our [general-purpose Helm charts](https://github.com/factorhouse/kpow-helm-charts).
+
+### Get Help!
+
+If you have any issues or errors, please contact [email protected].
+
+### Licensing and Modifications
+
+This repository is Apache 2.0 licensed, you are welcome to clone and modify as required.

charts/kpow-annual/kpow-config.yaml.example

@@ -0,0 +1,167 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kpow-config
+data:
+
+  ### See https://docs.kpow.io for full configuration and installation guides
+
+  ### Note: The simplest Kpow configuration requires only LICENSE_* and BOOTSTRAP.
+
+  ### License Configuration (https://kpow.io/try <- 30 day trial licenses available)
+  ### Note: If using the AWS Marketplace Kpow Container you do not need to supply LICENSE* parameters
+  ###       (https://aws.amazon.com/marketplace/seller-profile?id=ab356f1d-3394-4523-b5d4-b339e3cca9e0)
+
+  LICENSE_ID: "replace-me"
+  LICENSE_CODE: "replace-me"
+  LICENSEE: "replace-me"
+  LICENSE_EXPIRY: "replace-me"
+  LICENSE_SIGNATURE: "replace-me"
+
+  ### Resource Set Configuration
+
+  ### Kpow manages sets of Kafka resources. Clusters, Schema Registries and Kafka Connect Installations.
+  ### To configure multiple kafka resources prepend environment variables with _2, _3, etc.
+  ### Resources with the same set-id are considered related.
+  ###   E.g. cluster with BOOTSTRAP_2 can decode messages from with registry SCHEMA_REGISTRY_URL_2.
+
+  ## Optional Resource Set Name (this is displayed in the Kpow UI for each set of resources)
+
+  ENVIRONMENT_NAME: "Change Me"
+
+  ## Kafka Cluster Configuration
+  ## Required parameters for configuring a Kafka Cluster
+  ## You must configure at least one Kafka Booktstrap to use Kpow.
+
+  BOOTSTRAP: "replace-with-your-bootstrap-url"
+
+  ## Optional Kafka Cluster Configuration
+
+  # SECURITY_PROTOCOL: SASL_SSL
+  # SASL_MECHANISM: PLAIN
+  # SASL_JAAS_CONFIG: "org.apache.kafka.common.security.plain.Plain.."
+  # SASL_LOGIN_CALLBACK_HANDLER_CLASS: "com.corp.kafka.security.sasl.oauth.KafkaBrokerTokenCreator"
+  # SSL_KEYSTORE_LOCATION: "/ssl/kafka.keystore.jks"
+  # SSL_KEYSTORE_PASSWORD: "keystore-pass-123"
+  # SSL_KEY_PASSWORD: "key-pass-123"
+  # SSL_KEYSTORE_TYPE: JKS
+  # SSL_KEYMANAGER_ALGORITHM: SunX509
+  # SSL_TRUSTSTORE_LOCATION: "/ssl/kafka.truststore.jks"
+  # SSL_TRUSTSTORE_PASSWORD: "trust-pass-123"
+  # SSL_TRUSTSTORE_TYPE: JKS
+  # SSL_TRUSTMANAGER_ALGORITHM: PKIX
+  # SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: https
+  # SSL_PROVIDER: default
+  # SSL_CIPHER_SUITES: default
+  # SSL_PROTOCOL: TLS
+  # SSL_ENABLED_PROTOCOLS: "TLSv.12,TLSv1.1,TLSv1"
+  # SSL_SECURE_RANDOM_IMPLEMENTATION: SHA1PRNG
+
+  ## Schema Registry Configuration
+
+  # SCHEMA_REGISTRY_URL: https://registry-host
+  # SCHEMA_REGISTRY_AUTH: USER_INFO
+  # SCHEMA_REGISTRY_USER: registry-user
+  # SCHEMA_REGISTRY_PASSWORD: registry-pass
+  # SCHEMA_REGISTRY_NAME: registry-label (optional)
+
+  ## Kafka Connect Configuration
+
+  # CONNECT_REST_URL: http://localhost:8083
+  # CONNECT_AUTH: BASIC (optional)
+  # CONNECT_BASIC_AUTH_USER: connect-user (optional)
+  # CONNECT_BASIC_AUTH_PASS: connect-pass (optional)
+  # CONNECT_GROUP_ID: connect-group-id (optional)
+  # CONNECT_OFFSET_STORAGE_TOPIC: connect-topic (optional)
+
+  ### System Configuration
+
+  # PORT: 3000 - the port to serve content
+  # REPLICATION_FACTOR: 3 - the replication factor of internal kpow topics (reduce if you have fewer than 3 brokers)
+  # SNAPSHOT_PARALLELISM: 3 - the parallelism of kpow snapshot execution (increase for very big resource-sets)
+  # SHOW_SPLASH: true - turn on/off the initial splash screen for new user sessions
+
+  ### Live Mode Configuration
+
+  # LIVE_MODE_ENABLED=true
+  # LIVE_MODE_PERIOD_MS=60000
+  # LIVE_MODE_INTERVAL_MS=5000
+  # LIVE_MODE_MAX_CONCURRENT_USERS=2
+
+  ## System HTTPS Configuration
+
+  # ENABLE_HTTPS: "true"
+  # HTTPS_KEYSTORE_LOCATION: "/ssl/https.keystore.jks"
+  # HTTPS_KEYSTORE_TYPE: "JKS"
+  # HTTPS_KEYSTORE_PASSWORD: "ssl-key-pass"
+  # HTTPS_TRUSTSTORE_LOCATION: "/ssl/https.truststore.jks"
+  # HTTPS_TRUSTSTORE_TYPE: "JKS"
+  # HTTPS_TRUSTSTORE_PASSWORD: "ssl-trust-pass"
+
+  ## Data Inspect Configuration
+  ## Provide custom serdes, set the default serdes, and restrict serdes available to users.
+
+  # CUSTOM_SERDES: "io.kpow.SerdeOne,io.kpow.SerdeTwo"
+  # DEFAULT_KEY_SERDES: "JSON"
+  # DEFAULT_VALUE_SERDES: "AVRO"
+  # AVAILABLE_KEY_SERDES: "JSON,String,Transit / JSON"
+  # AVAILABLE_VALUE_SERDES: "JSON,String,io.kpow.SerdeOne"
+
+  ## Prometheus Endpoints
+
+  # PROMETHEUS_EGRESS: "true"
+
+  ### User Authentication and Authorization
+
+  ## RBAC Configuration (requires SSO provider configured, e.g. Okta, Github, Azure AD, AWS SSO, SAML, etc.)
+
+  # RBAC_CONFIGURATION_FILE: /opt/kpow/rbac-config.yaml
+
+  ## Global Access Controls Configuration (default to false, apply to all users, overriden if you configure RBAC)
+
+  # ALLOW_TOPIC_CREATE: "true"
+  # ALLOW_TOPIC_DELETE: "true"
+  # ALLOW_TOPIC_INSPECT: "true"
+  # ALLOW_TOPIC_PRODUCE: "true"
+  # ALLOW_TOPIC_EDIT: "true"
+  # ALLOW_BROKER_EDIT: "true"
+  # ALLOW_GROUP_EDIT: "true"
+  # ALLOW_SCHEMA_CREATE: "true"
+  # ALLOW_SCHEMA_EDIT: "true"
+  # ALLOW_CONNECT_CREATE: "true"
+  # ALLOW_CONNECT_EDIT: "true"
+  # ALLOW_ACL_EDIT: "true"
+
+  ## Data Policy (Masking / Redaction) Configuration
+
+  # DATA_POLICY_CONFIGURATION_FILE: /opt/kpow/data-config.yml
+
+  ## Slack Integration (Send Audit Log records to a Slack channel)
+
+  # SLACK_WEBHOOK_URL: https://hooks.slack.com/services/...
+
+  ## Okta SSO (OpenID)
+
+  # AUTH_PROVIDER_TYPE: "okta"
+  # OKTA_ORGANISATION: "your-organisation"
+  # OPENID_CLIENT_ID: "The 'Client ID' found in the "Client Credentials" section of your Okta integration"
+  # OPENID_CLIENT_SECRET: "The 'Client Secret' found in the "Client Credentials" section of your Okta integration"
+  # OPENID_LANDING_URI: "https://staging.kpow.z-corp.com"
+
+  ## Github SSO (OpenID)
+
+  # AUTH_PROVIDER_TYPE: "github"
+  # OPENID_TOKEN_URI: "https://github.com/login/oauth/access_token" or "[GHE Server URL]/login/oauth/access_token"
+  # OPENID_AUTH_URI: "https://github.com/login/oauth/authorize" or "[GHE Server URL]/login/oauth/authorize"
+  # OPENID_API_URI: "https://api.github.com/user" or, "[GHE Server URL]/api/v3/user"
+  # OPENID_CLIENT_ID: "The 'Client ID' found in your configured Github Oath App"
+  # OPENID_CLIENT_SECRET: "The 'Client Secret' found in your configured Github Oath App"
+  # OPENID_LANDING_URI: "https://staging.kpow.z-corp.com/"
+
+  ## SAML SSO
+
+  # AUTH_PROVIDER_TYPE: "saml"
+  # SAML_RELYING_PARTY_IDENTIFIER: "kpow.io"
+  # SAML_ACS_URL: "https://kpow.corp.com/saml"
+  # SAML_METADATA_FILE: "/opt/kpow/aws-metadata.xml"
+  # SAML_CERT: "/var/certs/saml-cert.cer"

charts/kpow-annual/templates/NOTES.txt

@@ -0,0 +1,21 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "kpow.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "kpow.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "kpow.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kpow.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:3000 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 3000:3000
+{{- end }}

charts/kpow-annual/templates/_helpers.tpl

@@ -0,0 +1,72 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kpow.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kpow.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kpow.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kpow.labels" -}}
+helm.sh/chart: {{ include "kpow.chart" . }}
+{{ include "kpow.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kpow.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kpow.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Provided labels
+*/}}
+{{- define "kpow.providedLabels" -}}
+{{- if .Values.labels }}
+{{- toYaml .Values.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kpow.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kpow.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}