You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: security/production-secure-deploy/README.rst
+105
Original file line number
Diff line number
Diff line change
@@ -198,6 +198,71 @@ Provide RBAC principal credentials
198
198
--from-file=basic.txt=$TUTORIAL_HOME/bearer.txt \
199
199
--namespace confluent
200
200
201
+
============================
202
+
Configure Confluent Platform
203
+
============================
204
+
205
+
You install Confluent Platform components as custom resources (CRs).
206
+
207
+
You can configure all Confluent Platform components as custom resources. In this
208
+
tutorial, you will configure all components in a single file and deploy all
209
+
components with one ``kubectl apply`` command.
210
+
211
+
The CR configuration file contains a custom resource specification for each
212
+
Confluent Platform component, including replicas, image to use, resource
213
+
allocations.
214
+
215
+
Edit the Confluent Platform CR file: ``$TUTORIAL_HOME/confluent-platform.yaml``
216
+
217
+
Specifically, note that external accesses to Confluent Platform components are
218
+
configured using the Load Balance services.
219
+
220
+
The Kafka section of the file is set as follow for load balancer access:
221
+
222
+
::
223
+
224
+
Spec:
225
+
listeners:
226
+
external:
227
+
externalAccess:
228
+
type: loadBalancer
229
+
loadBalancer:
230
+
domain: --- [1]
231
+
232
+
Component section of the file is set as follows for load balancer access:
233
+
234
+
::
235
+
236
+
spec:
237
+
externalAccess:
238
+
type: loadBalancer
239
+
loadBalancer:
240
+
domain: --- [1]
241
+
242
+
* [1] Set this to the value of ``$DOMAIN``, Your Kubernetes cluster domain. You need to provide this value for this tutorial.
243
+
244
+
* The prefixes are used for external DNS hostnames. In this tutorial, Kafka bootstrap server will use the default prefix, ``kafka``, and the brokers will use the default prefix, ``b``.
245
+
246
+
Kafka is configured with 3 replicas in this tutorial. So, the access endpoints
247
+
of Kafka will be:
248
+
249
+
* kafka.$DOMAIN for the bootstrap server
250
+
* b0.$DOMAIN for the broker #1
251
+
* b1.$DOMAIN for the broker #2
252
+
* b2.$DOMAIN for the broker #3
253
+
254
+
The access endpoint of each Confluent Platform component will be:
255
+
256
+
::
257
+
258
+
<Component CR name>.$DOMAIN
259
+
260
+
For example, in a brower, you will access Control Center at:
261
+
262
+
::
263
+
264
+
http://controlcenter.$DOMAIN
265
+
201
266
=========================
202
267
Deploy Confluent Platform
203
268
=========================
@@ -233,6 +298,46 @@ If you'd like to see how the RoleBindings custom resources are structured, so th
233
298
you can create your own RoleBindings, take a look at the custom resources in this
234
299
directory: $TUTORIAL_HOME/internal-rolebindings
235
300
301
+
===============
302
+
Add DNS records
303
+
===============
304
+
305
+
Create DNS records for the externally exposed components:
306
+
307
+
#. Retrieve the external IP addresses of bootstrap load balancers of the brokers and components:
308
+
309
+
::
310
+
311
+
kubectl get svc
312
+
313
+
Get the ``EXTERNAL-IP`` values of the following services from the output:
314
+
315
+
* ``connect-bootstrap-lb``
316
+
* ``controlcenter-bootstrap-lb``
317
+
* ``kafka-0-lb``
318
+
* ``kafka-1-lb``
319
+
* ``kafka-2-lb``
320
+
* ``kafka-bootstrap-lb``
321
+
* ``ksqldb-bootstrap-lb``
322
+
* ``schemaregistry-bootstrap-lb``
323
+
324
+
#. Add DNS records for the components and the brokers using the IP addresses and the hostnames above, replacing ``$DOMAIN`` with the actual domain name of your Kubernetes cluster.
325
+
326
+
In this tutorial, we are using the default prefixes for components and brokers as shown below:
0 commit comments