AWS Marketplace LM

Kpow SE-LM is the Standard Edition of Kpow integrated with AWS License Manager for entitlement management.

Kpow SE-LM will check out a single Cluster Credit entitlement from the AWS License Manager for every Kafka cluster in use with Kpow.

Cluster Credit entitlements can be purchased via the AWS Marketplace. Kpow SE-LM can be used with EKS and Self-Managed Kubernetes clusters.

The Basics

Subscribe to Kpow SE-LM on the AWS Marketplace and follow the Marketplace launch instructions to download the Kpow SE-LM Helm Charts and launch Kpow in Kubernetes.

The Kpow SE-LM helm charts configure a default service account named 'kpow', this service account is expected to exist prior to deployment and is not automatically created.

You can specify a different service account name and cause it to be auto-created with the following switches:

helm install kpow \
    --namespace factorhouse ./* \
    --set serviceAccount.create=true \
    --set serviceAccount.name=<YOUR_SERVICE_ACCOUNT_NAME> \

IRSA for EKS Deployments

When deploying in EKS, Kpow is required to run with an IAM role that allows access to the LicenseManager in order to checkout and renew Cluster Credit entitlements.

Note: If you intend to connect Kpow to an AWS MSK cluster that uses IAM authentication you will need to add a corresponding IAM policy for MSK to the service account.

Create a 'kpow' service account with an auto-generated IAM role and the correct IAM Policy for AWS License Manager access like so:

eksctl create iamserviceaccount \
    --name kpow \
    --namespace factorhouse \
    --cluster <YOUR_CLUSTER_NAME> \
    --attach-policy-arn "arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy" \
    --approve \
    --override-existing-serviceaccounts

License Token for Self-Managed Kubernetes Deployments

When deploying to Self-Managed Kubernetes, Kpow is required to run with access to a License Token Secret that allows access to to AWS License Manager.

Follow the instructions on the AWS Marketplace 'Launch' details page to create a token, and make sure the aws.licenseConfigSecretName is set like so:

helm install kpow \
    --namespace factorhouse ./* \
    --set serviceAccount.create=false \
    --set serviceAccount.name=kpow \
    --set aws.licenseConfigSecretName=awsmp-license-token-secret \

Accessing the UI

On a successful deployment, Kpow starts a web-server with a UI running on port 3000.

There are many different options to configure network egress allowing access to the Kpow pod on port 3000, one simple option to validate a deployment is to follow the notes provided by the output of the Helm install command:

NOTES:
1. Get the application URL by running these commands:
  export POD_NAME=$(kubectl get pods --namespace factorhouse -l "app.kubernetes.io/name=kpow,app.kubernetes.io/instance=kpow-1-0-29" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:3000 to use your application"
  kubectl --namespace factorhouse port-forward $POD_NAME 3000:3000

This command temporarily port-forwards from localhost:3000 to your-pod:3000, meaning you can view the Kpow UI at http://localhost:3000 while that command runs.

Using the Configuration Wizard

Start Kpow with no further configuration and Kpow will start a server with a configuration wizard running on port 3000

e.g. This helm command runs Kpow without specifying any further environment variables:

helm install kpow --namespace factorhouse ./*

Use the configuration wizard running on port 3000 to configure a Kafka Cluster, Schema Registry, and Connect Cluster.

This mode of configuration is suitable for an initial Kpow setup. Any more complex configration requires specifying variables at startup.

Providing Configuration at Startup

Kpow is configured primarily with environment variables, with yaml files and truststores being provided for certain installations.

There are many ways of providing configuration via Helm, one simple approach is to specify environment variables as you install:

helm install kpow \
    --namespace factorhouse ./* \
    --set serviceAccount.create=false \
    --set serviceAccount.name=kpow \
    --set aws.licenseConfigSecretName=awsmp-license-token-secret \
    --set env.BOOTSTRAP="pkc-abc1.us-east-12.aws.confluent.cloud:9092" \
    --set env.SECURITY_PROTOCOL="SASL_SSL" \
    --set env.SASL_MECHANISM="PLAIN" \
    --set env.SASL_JAAS_CONFIG="org.apache.kafka.common.security.plain.PlainLoginModule required username=\"SOME_USERNAME\" password=\"SOME_PASSWORD";" \
    --set env.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM="https"

Get Help!

For assistance installing and configuring Kpow on the AWS Marketplace contact [email protected]

Next
Introduction

Copyright © 2022 Factor House.