The Charmed Karapace K8s Operator delivers automated operations management from day 0 to day 2 on Karapace.
This operator can be found on Charmhub and it comes with production-ready features such as:
- Fault-tolerance, replication and scalability out-of-the-box.
- Authentication of users.
- Access control management supported with user-provided ACL lists.
The Karapace K8s Operator uses the latest upstream Karapace package released, made available using the charmed-karapace rock distributed by Canonical.
As Karapace requires a running Kafka cluster, this operator makes use of the Kafka K8s Operator in order to work.
Before using Karapace, a Kafka cluster needs to be deployed. The Kafka and ZooKeeper operators can both be deployed as follows:
$ juju deploy zookeeper-k8s --channel latest/edge -n 5
$ juju deploy kafka-k8s --channel latest/edge -n 3After this, it is necessary to connect them:
$ juju integrate kafka-k8s zookeeper-k8sTo watch the process, juju status can be used. Once all the units show as active|idle Karapace can be connected with Kafka:
$ juju deploy karapace-k8s --channel latest/edge
$ juju integrate karapace-k8s kafka-k8sThe credentials to access the server can be queried with:
juju run karapace-k8s/leader get-password username="operator"With these credentials, the server can be queried now. An example showing all registered schemas:
$ curl -u operator:<password> -X GET http://localhost:8081/subjectsThe operator user is used internally by the Charmed Karapace K8s Operator, the set-password action can be used to rotate its password.
# to set a specific password for the operator user
juju run karapace-k8s/leader set-password password=<password>
# to randomly generate a password for the operator user
juju run karapace-k8s/leader set-passwordSupported relations:
The karapace_client interface is used with any requirer charm. This interface will allow to create users and acls. At the moment the interface can be found under /src/relations/karapace.py
The tls-certificates interface is used with the tls-certificates-operator charm.
To enable TLS:
# deploy the TLS charm
juju deploy tls-certificates-operator --channel=edge
# add the necessary configurations for TLS
juju config tls-certificates-operator generate-self-signed-certificates="true" ca-common-name="Test CA"
# to enable TLS relate the applications
juju integrate tls-certificates-operator zookeeper-k8s
juju integrate tls-certificates-operator kafka-k8s:certificates
juju integrate tls-certificates-operator karapace-k8sUpdates to private keys for certificate signing requests (CSR) can be made via the set-tls-private-key action.
# Updates can be done with auto-generated keys with
juju run karapace-k8s/0 set-tls-private-keyTo disable TLS remove the relation
juju remove-relation karapace-k8s tls-certificates-operator
juju remove-relation kafka-k8s tls-certificates-operator
juju remove-relation zookeeper-k8s tls-certificates-operatorNote: The TLS settings here are for self-signed-certificates which are not recommended for production clusters, the tls-certificates-operator charm offers a variety of configurations, read more on the TLS charm here
Please see the Juju SDK docs for guidelines on enhancements to this charm following best practice guidelines, and CONTRIBUTING.md for developer guidance.
Also, if you truly enjoy working on open-source projects like this one and you would like to be part of the OSS revolution, please don't forget to check out the open positions we have at Canonical.
The Charmed Karapace K8s Operator is free software, distributed under the Apache Software License, version 2.0. See LICENSE for more information.