Skip to content

dedovicnermin/ps-cfk

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

113 Commits
.buildkite
.buildkite
 
 
assets
assets
 
 
ps-cfk-app
ps-cfk-app
 
 
ps-cfk-infra
ps-cfk-infra
 
 
ps-cfk-tf
ps-cfk-tf
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

PS-CFK Build status

what it does, and when and how you should use it…

This repository allows PS to configure/build/deploy and deliver environment-specific CFK clusters for customers on GKE/EKS/AKS K8-clusters. Use this repository as a reference for a kustomized-approach to a secure RBAC-enabled CFK environment that customers can depend on. One should use this repository using kustomize to build specific external dependencies, environment scoped CFK infra / resources (CRDs).

BEFORE YOU BEGIN:

  1. operator_base expects file license-secret.yml to exist
  2. Paste your license into license-secret_changeme_and_rename_to_license-secret.yml
  3. Rename the file to become license-secret.yml
export TARGET="ps-cfk-infra/bases/01_operator/"
mv $TARGET/license-secret_changeme_and_rename_to_license-secret.yml $TARGET/license-secret.yml

NOTE: If you don't have a license, comment out license.secretRef line within operator config values.yml. Additionally, one can either comment out kustomization resource license-secret.yml in operator kustomization definition or follow the #3 step above.

GKE Deployment (with prometheus)

1. Deploy gke with terraform

  1. Ensure you have gcloud installed and authenticated (gcloud auth login)
  2. modify terraform.tfvars. Required changes:
    • cluster_name
    • owner_label

tf_gke


NOTE: terraform init will not work if you have not authenticated with gcloud cli or if your accound does not have the required APIs enabled to deploy GKE.




2. Deploy pre-requisites (operator / ingress controller / ldap server / prometheus + grafana)

prereq_gke




3. Deploy CFK components (Internal:MTLS | External: SASL_SSL/PLAIN (ldap supported))

cfkinfra_gke



NOTE: Pasting the output of output_hosts.sh into /etc/hosts enables communication with cfk-components / observability-related resources from your local machine. To verify connectivity, ping each endpoint. Additionally, in web browser, navigate to http://grafana.confluentps.io or http://prometheus.confluentps.io. Credentials to access grafana : pscfk / pscfk-secret. Dashboards are created automatically.



4. Deploy CFK CFRBs

cfkapp_gke



NOTE: At this point, you can head over to browser and navigate to https://c3.<env>.<site>.confluentps.io. If you've been following 1-3 above, the endpoint is https://c3.dev.gke.confluentps.io (admin1 / admin1-secret)




Misc: Inspect ldap entries with ldapsearch

ldapsearch





Misc: Datagen connectors

datagen




NOTE: avro and protobuf can be modified to include/exclude connectors that get deployed. Connectors deployed determined by values listed under resources

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages