search

Aiven-Open / klaw

Klaw, the latest OS tool by Aiven, helps enterprises cope with Apache Kafka(r) topics, schema registry and connectors governance by introducing roles/authorizations to users of various teams of an org.
https://www.klaw-project.io/
Apache License 2.0
150 stars 60 forks source link

Docker & Helm Support #154

Closed wanisfahmyDE closed 2 years ago

wanisfahmyDE commented 2 years ago

Hi there,

Are there plans to provide klaw as a docker image or a helm chart?

The current approach with pulling the source code and providing cluster configuration inside springboot is not very intuitive ;)

Looking at examples from other vendors like provectus https://docs.aiven.io/docs/products/kafka/howto/provectus-kafka-ui.html

Cheers

muralibasani commented 2 years ago

Hello @wanisfahmyDE , thank you for asking. Indeed there is a plan to provide docker image. We are currently working on release 1.1.0, and a docker image of the same will be released. Will keep you updated.

jpalomaki commented 2 years ago

FWIW, here's a (multi-stage) Dockerfile we used when testing klaw in-container:

# syntax=docker/dockerfile:1.4

ARG VERSION=1.1.0

FROM maven:3-jdk-11 AS builder

ARG VERSION

WORKDIR /usr/src

RUN <<-EOF
    set -e
    git clone --depth 1 --branch v$VERSION https://github.com/aiven/klaw.git
    cd klaw
    mvn -B -ntp install
EOF

FROM eclipse-temurin:11

ARG VERSION

COPY --from=builder /usr/src/klaw/core/target/klaw-$VERSION.jar /opt/klaw/klaw.jar

RUN <<-EOF
  set -e
  mkdir -p /var/opt/klaw
  groupadd --system --gid 999 app
  useradd --system --comment "Application" \
    --create-home --uid 999 --gid 999 \
    --shell /usr/sbin/nologin app
  chown app:app /var/opt/klaw
EOF

WORKDIR /var/opt/klaw

USER app

CMD [ "java", "-jar", "/opt/klaw/klaw.jar" ]

Built with: DOCKER_BUILDKIT=1 docker build --no-cache -t klaw:0.1 .

muralibasani commented 2 years ago

@wanisfahmyDE it took sometime for the repos to be created. We have them now. https://hub.docker.com/orgs/aivenoy/repositories @jpalomaki copying.

wanisfahmyDE commented 2 years ago

Thank you @muralibasani, will try it. Maybe the install section in the readme can be updated. Closing issue for now.

advissor commented 1 year ago

@muralibasani two questions

1) Are the original Docker files available, that were used to build these images? 2) Cluster-api docker image misses how to pass the application.properties file. As without this, it is not possible to connect to Aiven managed Kafka cluster for example.

Thanks

muralibasani commented 1 year ago

@advissor https://hub.docker.com/r/aivenoy/klaw-core there is an example compose file here. You can add all the properties (https://github.com/aiven/klaw/blob/main/cluster-api/src/main/resources/application.properties) under 'environment:' in the compose file.

And reg your first question : the same images are uploaded. Are you facing any issues with the images ?

advissor commented 1 year ago

@muralibasani

Images are working, at least starting and I can browse the UI

Just wanted to understand how to pass the application properties properly, without to the Entrypoint

This is what i've tried for Entrypoing in klaw-cluster-api service :

entrypoint: ["/bin/sh", "-c", "java -jar cluster-api-1.1.0.jar","--spring.config.location=/certs/application.properties"]

Volume in klaw-cluster-api : 

    volumes:
          - ./certs:/certs #host directory:container directory

Apllication properties in certs/application.properties

Cluster name in UI/Core as klawssl

Kafka SSL block in app properties like : 

klawssl.kafkassl.protocol=TLS
klawssl.kafkassl.key.password=YYYYYYY
klawssl.kafkassl.keystore.location=/certs/client.keystore.p12
klawssl.kafkassl.keystore.password=Opetg89234
klawssl.kafkassl.keystore.type=PKCS12
klawssl.kafkassl.truststore.location=/certs/client.truststore.jks
klawssl.kafkassl.truststore.password=YYYYYYY
klawssl.kafkassl.truststore.type=JKS

/certs/client.truststore.jksgenerated with avn CLI

But in logs Properties are not recognised & are null: 

    ssl.keystore.key = null
    ssl.keystore.location = null
    ssl.keystore.password = null
    ssl.keystore.type = JKS
    ssl.protocol = TLSv1.3
    ssl.provider = null
    ssl.secure.random.implementation = null
    ssl.trustmanager.algorithm = PKIX
    ssl.truststore.certificates = null
    ssl.truststore.location = null
    ssl.truststore.password = null
    ssl.truststore.type = JKS

One thing found a long the way:

Thanks!

advissor commented 1 year ago

@muralibasani I found the answers and discrepancies in docs

1) Docker composes you provided can't be used, as cluster ID can only be known after looking into LOGS!!!

Apparently, there is a bug in the code

When you create a cluster-ID in CORE/UI for example DEV in clustet-api logs I can see identified DEV11. It appends 1 If you add one more cluster in UI, likeDEV , it made it DEV2. So, somehow UI/CORE increments the cluster IDs For this reason, only if you know this logic, can you properly set the Cluster ID value in application.properties

2) There is a command in the readme. Didn't work for me : -spring.config.location=cluster-api/target/classes/application.properties

I had to specify in Docker compose like this : "SPRING_CONFIG_ADDITIONAL_LOCATION=file:/cluster-api/target/classes/application.properties" Then it was picked up by spring boot properly Neither replacing the original file under cluster-api/target/classes/application.properties or using entry point with -spring.config.location didn't help

muralibasani commented 1 year ago

@advissor you can copy the cluster ID from UI clusters page. Last column.