This repository comprise a few examples of simple deployments using CKF.
- notls-noauth - Most basic setup without Authentication and no TLS (Encryption)
- tls-noauth - No Authentication, "internal" TLS encryption (self-signed & auto genereated certs)
- tls-basic - Basic/Plain (username & password) Authentication for all services, using "internal" TLS encryption (self-signed & auto generated certs)
- ext-basic-tls - Basic/Plain (username & password) Authentication, "internal" TLS encryption, "external" provided certs via Ingress (SR, Connect, ksqldb & C3) and LB for Kafka
- ext-rbac-tls - RABC Authorization and "external" provided certs, Includes an "embedded" LDAP deployment
- Helm - to install confluentinc operator and nginx ingress charts
- kubectl - to operate you deployments
- Kubernetes Cluster (and kubectl configured to managed such cluster)
See to tlscerts folder
For these demos we will be using confluent namespace. To segregate your deployment in multiple namespaces, you need to deploy a customized CFK operator to manage Confluent Platform across several namespaces. Additionally for the examples that use nginx Ingress, this need to be deployed on each namespace that requires it.
kubectl create namespace confluent
kubectl config set-context --current --namespace confluentConfluent for Kubernetes (CFK) deployed from a Helm chart, asuming v.+2.4.0
helm repo add confluentinc https://packages.confluent.io/helm
helm repo add confluentinc https://packages.confluent.io/helmYou will need to set up and Ingress controller, for some exercises (ext-basic-tls and ext-rbac-tls) that require TLS termination of the request for HTTPS based services, and re-encrypt the response with an "external" facing certificate.
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx -n confluent