Installation

AWS Marketplace

See our AWS Marketplace Seller Profile to purchase Kpow on AWS.

Kpow works beautifully with Amazon MSK and runs perfectly in ECS / Fargate / EKS / EKS Anywhere.

Subscribe to Kpow on the AWS Marketplace and get an automatically licensed container billed to your AWS account.

We release every Kpow update to the AWS Marketplace, updating Kpow is as simple as upgrading to the newest container.

Kpow on the AWS Marketplace

When you subscribe to a Kpow product on the AWS Marketplace you gain access to a Kpow AWS Marketplace container that is functionally the same as the Kpow Standard Edition (SE) container available via Dockerhub.

The Kpow AWS Marketplace container integrates with AWS, allowing AWS to check your subscription, meter your usage, and checkout entitlements, depending on the version of Kpow you choose to purchase on the AWS Marketplace.

The Kpow AWS Marketplace container is automatically licensed to the AWS account that subscribes to a product and that account is billed for the subscription. You do not need to arrange a separate license with us directly if you subscribe to a Kpow product on the AWS Marketplace. It just works.

AWS Enterprise Discount Program

The Kpow LM product can be purchased within an AWS Enterprise Discount Program (EDP).

EDP applicable purchases require a private offer, contact [email protected] for assistance.

Kpow products on the AWS Marketplace

Each Kpow product is functionally the same, only the billing and licensing change.

There are four Kpow products on the AWS Marketplace.

Kpow SE-1 - Hourly metered

Subscribe to Kpow SE-1 to gain access to a Standard Edition Kpow container that can connect to a single Kafka cluster and associated Schema Registries, Kafka Connect, and ksqlDB resources.

Start as many instances of Kpow as you need from the provided container. Usage of each instance is metered and billed by the hour at the Kpow metered rate.

Kpow SE-1 allows you to pay only for the Kpow hours you use with no ongoing commitment.

Kpow SE-6 - Monthly subscription

Subscribe to Kpow SE-6 to gain access to a Standard Edition Kpow container that can connect to up to six Kafka clusters and their associated Schema Registries, Kafka Connect, and ksqlDB resources.

Kpow SE-6 comes with a license to use the Kpow container with at most six Kafka clusters, regardless of how many separate instances of Kpow you start. Usage is not metered and the subscriber AWS account is billed monthly at the SE-6 subscription price.

Kpow SE-12 - Monthly subscription

The Kpow SE-12 product is the same as Kpow SE-6 but licensed for up to twelve Kafka clusters and their associated Schema Registries, Kafka Connect, and ksqlDB resources.

Usage is not metered and the subscriber AWS account is billed monthly at the SE-12 subscription price.

Kpow SE-LM - License manager entitlements

Subscribe to Kpow SE-LM to gain access to a Standard Edition Kpow container that can connect to any number of Kafka clusters.

Kpow SE-LM is integrated with AWS License Manager. Select the number of Cluster credits you require when you subscribe to this product, then install as many Kpow instances as you like. Your license entitlements are checked automatically.

The Kpow marketplace container

Getting started is easy, just choose a product from our Marketplace Seller Profile:

  • Selected a product and click 'Continue to Subscribe'
  • Review and accept the Terms and Conditions
  • Once your subscription is activated, click 'Continue to Configuration'
  • Choose the delivery method, and the latest software version available
  • Click 'Continue to Launch'
  • Copy the instructions to pull the Kpow AWS Marketplace container image

You can now the Kpow container docker image into your own docker repository, or use it directly in a ECS / Fargate / EKS to launch Kpow instances with the correct IAM permissions.

Check your subscription regularly for new releases of Kpow and update accordingly!

General technical requirements

Target platforms

The SE-1/6/12 containers can be run in ECS (including Fargate), or EKS.

The SE-LM container can be run in EKS or EKS Anywhere.

IAM roles

The Kpow Marketplace container integrates with AWS APIs to check your marketplace subscription and meter your usage.

Integrating with AWS APIs requires you to run the Kpow container with an IAM role. The role differs depending on the product you select.

Deploy Kpow SE-1/6/12

Kpow SE-1/6/12 is the Standard Edition of Kpow integrated with AWS Marketplace Metering API to manage license metering.

Required IAM role

The Kpow Marketplace container for SE-1/6/12 must be run with the AWSMarketplaceMeteringRegisterUsage IAM policy.

This policy allows the Kpow container to interact with the AWSMarketplaceMetering/registerUsage API.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "aws-marketplace:RegisterUsage"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

Launch Kpow on ECS

Use the Marketplace container obtained from your marketplace subscription to configure an ECS task with an IAM Role that has the AWSMarketplaceMeteringRegisterUsage Policy, then launch that task in either Fargate or EC2.

Launch Kpow on EKS

You might find our Helm chart for Kpow useful to deploy the container, simply update the chart container reference to point to the AWS Marketplace container instead.

Deploying the Marketplace Kpow container to EKS is slightly more complicated due to the requirement to run the container with the correct IAM Role and Policy - this means configuring a Service Account that has the correct IAM role.

Fine-grained IAM roles for Service Accounts are available in EKS Clusters v1.14+.

Configure your EKS Cluster and Deploy Kpow

The following steps guide you through a simple installation of Kpow in EKS.

See this article for further background reading on Fine Grained IAM Roles for Service Accounts.

Update your KubeConfig

$ aws eks --region [EKS-REGION] update-kubeconfig --name [EKS-CLUSTER-NAME]

> Added new context arn:aws:eks:us-east-1:[YOUR-ACCOUNT-ID]:cluster/[EKS-CLUSTER-NAME] to /Users/you/.kube/config

Test you Cluster Connectivity

$ kubectl get svc

> NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AG
> kubernetes ClusterIP 10.100.0.1 443/TCP 3h34m

Enable an IAM OIDC Identity Provider for your Cluster

IAM Roles for Service Accounts (IRSA) requires that your cluster has an OIDC Identity Provider associated with it.

Follow the AWS Guide to determine if you have to create and associate an OIDC Identity Provider to your cluster.

Create the Service Account IAM Role

eksctl create iamserviceaccount \
    --name kpow \
    --namespace factorhouse \
    --cluster <ENTER_YOUR_CLUSTER_NAME_HERE> \
    --attach-policy-arn arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage \
    --approve \
    --override-existing-serviceaccounts

You can now deploy Kpow to EKS using the Service Account with an IAM Role and attached AWSMarketplaceMeteringRegisterUsage policy.

Deploy Kpow SE-LM

Kpow SE-LM is the Standard Edition of Kpow integrated with AWS License Manager for entitlement management.

Kpow SE-LM will check out a single Cluster Credit entitlement from the AWS License Manager for every Kafka cluster in use with Kpow.

Cluster Credit entitlements can be purchased via the AWS Marketplace. Kpow SE-LM can be used with EKS and Self-Managed Kubernetes clusters.

Required IAM role

The Kpow Marketplace container for SE-LM must be run with the AWSLicenseManagerConsumptionPolicy IAM policy.

This policy allows the Kpow container to checkout license entitlements from the AWS License Manager.

Launch Target

Once you have subscribed to Kpow SE-LM on the AWS Marketplace click through to the 'Launch' page. You will be asked to choose a Launch Target.

Choose either AWS Managed Kubernetes (EKS) or Self-Managed Kubernetes (EKS Anywhere) to see the following instructions:

Launch Kpow on EKS

These instructions are taken from the Launch page of the Kpow SE-LM product on AWS Marketplace.

Step 1: Create an AWS IAM role and Kubernetes service account

Use the following command to create an AWS IAM role and Kubernetes service account.

kubectl create namespace factorhouse
            
eksctl create iamserviceaccount \
    --name kpow \
    --namespace factorhouse \
    --cluster <ENTER_YOUR_CLUSTER_NAME_HERE> \
    --attach-policy-arn arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess \
    --attach-policy-arn arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage \
    --attach-policy-arn arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy \
    --approve \
    --override-existing-serviceaccounts

Step 2: Launch the software

Use the following commands to launch this software by installing a Helm chart on your Amazon EKS cluster. The Helm CLI version in your launch environment must be 3.7.1.

export HELM_EXPERIMENTAL_OCI=1

aws ecr get-login-password \
    --region us-east-1 | helm registry login \
    --username AWS \
    --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com

mkdir awsmp-chart && cd awsmp-chart

helm pull oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/operator-io/kpow-lm-chart --version 1.0.45

tar xf $(pwd)/* && find $(pwd) -maxdepth 1 -type f -delete

helm install kpow-1-0-45 \
    --namespace factorhouse ./* \
    --set serviceAccount.create=false \
    --set serviceAccount.name=kpow 
    --set env.BOOTSTRAP=...

Configure the Kpow SE-LM container

Kpow is configured primarily with environment variables with yaml files, keystores, and truststores being provided for certain installations.

The AWS Marketplace SE-LM container provided in your subscription exposes the same configuration options as our standard Kpow Helm charts, you might find the README.md documentation of those charts useful in configuring Kpow SE-LM.

One simple approach is to specify environment variables as you install:

helm install kpow \
    --namespace factorhouse ./* \
    --set serviceAccount.create=false \
    --set serviceAccount.name=kpow \
    --set aws.licenseConfigSecretName=awsmp-license-token-secret \
    --set env.BOOTSTRAP="pkc-abc1.us-east-12.aws.confluent.cloud:9092" \
    --set env.SECURITY_PROTOCOL="SASL_SSL" \
    --set env.SASL_MECHANISM="PLAIN" \
    --set env.SASL_JAAS_CONFIG="org.apache.kafka.common.security.plain.PlainLoginModule required username=\"SOME_USERNAME\" password=\"SOME_PASSWORD";" \
    --set env.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM="https"

Launch Kpow on EKS Anywhere

Running Kpow SE-LM on self-managed Kubernetes via EKS Anywhere requires generating an access token and associating it to an IAM account.

These actions, and the following instructions to launch the product, can be found on the Launch page of the Kpow SE-LM AWS Marketplace product.

Accessing the UI

On a successful deployment, Kpow starts a web-server with a UI running on port 3000.

There are many different options to configure network egress allowing access to the Kpow pod on port 3000, one simple option to validate a deployment is to follow the notes provided by the output of the Helm install command:

NOTES:
1. Get the application URL by running these commands:
  export POD_NAME=$(kubectl get pods --namespace factorhouse -l "app.kubernetes.io/name=kpow,app.kubernetes.io/instance=kpow-1-0-29" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:3000 to use your application"
  kubectl --namespace factorhouse port-forward $POD_NAME 3000:3000

This command temporarily port-forwards from localhost:3000 to your-pod:3000, meaning you can view the Kpow UI at http://localhost:3000 while that command runs.

Get help!

For assistance installing and configuring Kpow on the AWS Marketplace contact [email protected]