-
-
Notifications
You must be signed in to change notification settings - Fork 661
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(docs): helm example with basic auth and aws msk (#1192)
Co-authored-by: Ludovic DEHON <[email protected]>
- Loading branch information
1 parent
3079b22
commit c8eb057
Showing
2 changed files
with
93 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,92 @@ | ||
| # Helm | ||
|
|
||
| Basically to create your helm values, you can take a look to the default values and you can see how your values could be defined: | ||
| https://github.com/tchiotludo/akhq/blob/dev/helm/akhq/values.yaml | ||
|
|
||
| Nextone we will present some helm chart value example used in an AWS MSK that maybe could show how to use and define stuff in the helm chart and understand better how to define that. | ||
|
|
||
|
|
||
| ## Examples | ||
|
|
||
| ### AWS MSK with Basic Authentication and ALB controller ingress | ||
|
|
||
| The following HELM chart is an example of AWS MSK with a basic authentication and also using AWS load balancer controller. | ||
|
|
||
| So mixing the default values.yaml previously linked and adding the basic idea of basic AKHQ authentication (more info here: https://akhq.io/docs/configuration/authentifications/basic-auth.html) and the documentation about how to connect to the AWS MSK here https://akhq.io/docs/configuration/authentifications/aws-iam-auth.html, we created the following example. | ||
|
|
||
| And of course, about `ingress` and `service` is using similar Helm configurations like other external helm charts are using in the opensource community. | ||
|
|
||
| Also, if you need to add more stuff like ACL defintions, LDAP integrations or other stuff. In the main documentation there are present a lot of examples https://akhq.io/docs/ . | ||
|
|
||
| ```yaml | ||
|
|
||
| # This is an example with basic auth and a AWS MSK and using a AWS loadbalancer controller ingress | ||
|
|
||
| configuration: | ||
| micronaut: | ||
| security: | ||
| enabled: true | ||
| default-group: no-roles | ||
| token: | ||
| jwt: | ||
| signatures: | ||
| secret: | ||
| generator: | ||
| secret: changeme | ||
| akhq: | ||
| security: | ||
| enabled: true | ||
| default-group: no-roles | ||
| basic-auth: | ||
| - username: changeme | ||
| password: changeme | ||
| groups: | ||
| - admin | ||
| - username: changeme | ||
| password: changeme | ||
| groups: | ||
| - reader | ||
| server: | ||
| access-log: | ||
| enabled: true | ||
| name: org.akhq.log.access | ||
| connections: | ||
| my-cluster-sasl: | ||
| properties: | ||
| bootstrap.servers: <your bootsrapservers:9096> | ||
| security.protocol: SASL_SSL | ||
| sasl.mechanism: SCRAM-SHA-512 | ||
| sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="username" password="password"; | ||
|
|
||
| ingress: | ||
| enabled: true | ||
| portnumber: 8080 | ||
| apiVersion: networking.k8s.io/v1 | ||
| annotations: | ||
| kubernetes.io/ingress.class: 'alb' | ||
| alb.ingress.kubernetes.io/group.name: "akhq" | ||
| alb.ingress.kubernetes.io/scheme: internal | ||
| alb.ingress.kubernetes.io/target-type: ip | ||
| alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443},{"HTTPS":80}]' | ||
| alb.ingress.kubernetes.io/load-balancer-attributes: 'routing.http2.enabled=true,idle_timeout.timeout_seconds=60' | ||
| alb.ingress.kubernetes.io/healthcheck-path: "/api/me" | ||
| alb.ingress.kubernetes.io/subnets: <your_subnets> | ||
| external-dns.alpha.kubernetes.io/hostname: "akhq.domain" | ||
| alb.ingress.kubernetes.io/certificate-arn: "your_acm_here" | ||
| alb.ingress.kubernetes.io/ssl-policy: "ELBSecurityPolicy-TLS-1-2-2017-01" | ||
| service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tls" | ||
| service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443,80" | ||
| service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS-1-2-2017-01" | ||
| labels: | ||
| app: akhq | ||
| service: | ||
| port: 443 | ||
| annotations: | ||
| service.beta.kubernetes.io/target-type: "ip" | ||
| hosts: [ 'akhq.domain' ] | ||
| paths: [ "/*" ] | ||
| tls: | ||
| - secretName: tls-credential | ||
| hosts: | ||
| - 'akhq.domain' | ||
| ``` |