-
Notifications
You must be signed in to change notification settings - Fork 5
/
kpow-config.yaml.example
166 lines (125 loc) · 6.12 KB
/
kpow-config.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
apiVersion: v1
kind: ConfigMap
metadata:
name: kpow-config
data:
### See https://docs.kpow.io for full configuration and installation guides
### Note: The simplest Kpow configuration requires only LICENSE_* and BOOTSTRAP.
### License Configuration (https://kpow.io/try <- 30 day trial licenses available)
### Note: If using the AWS Marketplace Kpow Container you do not need to supply LICENSE* parameters
### (https://aws.amazon.com/marketplace/seller-profile?id=ab356f1d-3394-4523-b5d4-b339e3cca9e0)
LICENSE_ID: "replace-me"
LICENSE_CODE: "replace-me"
LICENSEE: "replace-me"
LICENSE_EXPIRY: "replace-me"
LICENSE_SIGNATURE: "replace-me"
### Resource Set Configuration
### Kpow manages sets of Kafka resources. Clusters, Schema Registries and Kafka Connect Installations.
### To configure multiple kafka resources prepend environment variables with _2, _3, etc.
### Resources with the same set-id are considered related.
### E.g. cluster with BOOTSTRAP_2 can decode messages from with registry SCHEMA_REGISTRY_URL_2.
## Optional Resource Set Name (this is displayed in the Kpow UI for each set of resources)
ENVIRONMENT_NAME: "Change Me"
## Kafka Cluster Configuration
## Required parameters for configuring a Kafka Cluster
## You must configure at least one Kafka Booktstrap to use Kpow.
BOOTSTRAP: "replace-with-your-bootstrap-url"
## Optional Kafka Cluster Configuration
# SECURITY_PROTOCOL: "SASL_SSL"
# SASL_MECHANISM: "PLAIN"
# SASL_JAAS_CONFIG: "org.apache.kafka.common.security.plain.Plain.."
# SASL_LOGIN_CALLBACK_HANDLER_CLASS: "com.corp.kafka.security.sasl.oauth.KafkaBrokerTokenCreator"
# SSL_KEYSTORE_LOCATION: "/ssl/kafka.keystore.jks"
# SSL_KEYSTORE_PASSWORD: "keystore-pass-123"
# SSL_KEY_PASSWORD: "key-pass-123"
# SSL_KEYSTORE_TYPE: "JKS"
# SSL_KEYMANAGER_ALGORITHM: "SunX509"
# SSL_TRUSTSTORE_LOCATION: "/ssl/kafka.truststore.jks"
# SSL_TRUSTSTORE_PASSWORD: "trust-pass-123"
# SSL_TRUSTSTORE_TYPE: "JKS"
# SSL_TRUSTMANAGER_ALGORITHM: "PKIX"
# SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: "https"
# SSL_PROVIDER: "default"
# SSL_CIPHER_SUITES: "default"
# SSL_PROTOCOL: "TLS"
# SSL_ENABLED_PROTOCOLS: "TLSv.12,TLSv1.1,TLSv1"
# SSL_SECURE_RANDOM_IMPLEMENTATION: "SHA1PRNG"
## Schema Registry Configuration
# SCHEMA_REGISTRY_URL: "https://registry-host"
# SCHEMA_REGISTRY_AUTH: "USER_INFO"
# SCHEMA_REGISTRY_USER: "registry-user"
# SCHEMA_REGISTRY_PASSWORD: "registry-pass"
# SCHEMA_REGISTRY_NAME: "registry-label" (optional)
## Kafka Connect Configuration
# CONNECT_REST_URL: "http://localhost:8083"
# CONNECT_AUTH: "BASIC" (optional)
# CONNECT_BASIC_AUTH_USER: "connect-user" (optional)
# CONNECT_BASIC_AUTH_PASS: "connect-pass" (optional)
# CONNECT_GROUP_ID: "connect-group-id" (optional)
# CONNECT_OFFSET_STORAGE_TOPIC: "connect-topic" (optional)
### System Configuration
# PORT: "3000" - the port to serve content
# REPLICATION_FACTOR: "3" - the replication factor of internal kpow topics (reduce if you have fewer than 3 brokers)
# SNAPSHOT_PARALLELISM: "3" - the parallelism of kpow snapshot execution (increase for very big resource-sets)
### Live Mode Configuration
# LIVE_MODE_ENABLED="true"
# LIVE_MODE_PERIOD_MS="60000"
# LIVE_MODE_INTERVAL_MS="5000"
# LIVE_MODE_MAX_CONCURRENT_USERS="2"
## System HTTPS Configuration
# ENABLE_HTTPS: "true"
# HTTPS_KEYSTORE_LOCATION: "/ssl/https.keystore.jks"
# HTTPS_KEYSTORE_TYPE: "JKS"
# HTTPS_KEYSTORE_PASSWORD: "ssl-key-pass"
# HTTPS_TRUSTSTORE_LOCATION: "/ssl/https.truststore.jks"
# HTTPS_TRUSTSTORE_TYPE: "JKS"
# HTTPS_TRUSTSTORE_PASSWORD: "ssl-trust-pass"
## Data Inspect Configuration
## Provide custom serdes, set the default serdes, and restrict serdes available to users.
# CUSTOM_SERDES: "io.kpow.SerdeOne,io.kpow.SerdeTwo"
# DEFAULT_KEY_SERDES: "JSON"
# DEFAULT_VALUE_SERDES: "AVRO"
# AVAILABLE_KEY_SERDES: "JSON,String,Transit / JSON"
# AVAILABLE_VALUE_SERDES: "JSON,String,io.kpow.SerdeOne"
## Prometheus Endpoints
# PROMETHEUS_EGRESS: "true"
### User Authentication and Authorization
## RBAC Configuration (requires SSO provider configured, e.g. Okta, Github, Azure AD, AWS SSO, SAML, etc.)
# RBAC_CONFIGURATION_FILE: /opt/kpow/rbac-config.yaml
## Global Access Controls Configuration (default to false, apply to all users, overriden if you configure RBAC)
# ALLOW_TOPIC_CREATE: "true"
# ALLOW_TOPIC_DELETE: "true"
# ALLOW_TOPIC_INSPECT: "true"
# ALLOW_TOPIC_PRODUCE: "true"
# ALLOW_TOPIC_EDIT: "true"
# ALLOW_BROKER_EDIT: "true"
# ALLOW_GROUP_EDIT: "true"
# ALLOW_SCHEMA_CREATE: "true"
# ALLOW_SCHEMA_EDIT: "true"
# ALLOW_CONNECT_CREATE: "true"
# ALLOW_CONNECT_EDIT: "true"
# ALLOW_ACL_EDIT: "true"
## Data Policy (Masking / Redaction) Configuration
# DATA_POLICY_CONFIGURATION_FILE: "/opt/kpow/data-config.yml"
## Slack Integration (Send Audit Log records to a Slack channel)
# SLACK_WEBHOOK_URL: "https://hooks.slack.com/services/..."
## Okta SSO (OpenID)
# AUTH_PROVIDER_TYPE: "okta"
# OKTA_ORGANISATION: "your-organisation"
# OPENID_CLIENT_ID: "The 'Client ID' found in the "Client Credentials" section of your Okta integration"
# OPENID_CLIENT_SECRET: "The 'Client Secret' found in the "Client Credentials" section of your Okta integration"
# OPENID_LANDING_URI: "https://staging.kpow.z-corp.com"
## Github SSO (OpenID)
# AUTH_PROVIDER_TYPE: "github"
# OPENID_TOKEN_URI: "https://github.com/login/oauth/access_token" or "[GHE Server URL]/login/oauth/access_token"
# OPENID_AUTH_URI: "https://github.com/login/oauth/authorize" or "[GHE Server URL]/login/oauth/authorize"
# OPENID_API_URI: "https://api.github.com/user" or, "[GHE Server URL]/api/v3/user"
# OPENID_CLIENT_ID: "The 'Client ID' found in your configured Github Oath App"
# OPENID_CLIENT_SECRET: "The 'Client Secret' found in your configured Github Oath App"
# OPENID_LANDING_URI: "https://staging.kpow.z-corp.com/"
## SAML SSO
# AUTH_PROVIDER_TYPE: "saml"
# SAML_RELYING_PARTY_IDENTIFIER: "kpow.io"
# SAML_ACS_URL: "https://kpow.corp.com/saml"
# SAML_METADATA_FILE: "/opt/kpow/aws-metadata.xml"
# SAML_CERT: "/var/certs/saml-cert.cer"