This repository contains an example for a local development environment on kubernetes It contains:
- Strimzi Kafka Operator
- Preconfigured Kafka Cluster
- Strimzi Registry Operator
- Preconfigured Schema Registry
- keycloak
- traefik
- cert-manager
Traefik and cert-manager is configured for local DNS resolution and tls with valid certificates
- Docker Installed https://www.docker.com/
- Kind Installed https://kind.sigs.k8s.io/
- Helm Installed https://helm.sh/docs/intro/install/
- mkcert installed https://github.com/FiloSottile/mkcert?tab=readme-ov-file#installation
flowchart TD
client --> controlPlane
subgraph Computer
subgraph docker
subgraph kind
controlPlane --> traefic
traefic --> kafka
traefic --> keycloak
end
end
end
Follow these steps to set up a local test environment
mkcert will create a rootCa that is trusted on your local maschine. Due to the installation of local kind cluster, a secret containing the rootCa key is created so cert-manager will use it as a cluster issuer.
mkcert -installkind create cluster --config=./kind/kind-cluster.yamlAfter the installation is done, verify that correct context is used:
kubectl config current-contextIt should print kind-lgc. If not see Set Context
helm dep up charts/strimzi-kafka-operator
helm dep up charts/traefik
helm dep up charts/cert-manager
helm dep up charts/strimzi-registry-operatorexport PROJECT_DOMAIN="local.lgc"
helm upgrade --install --create-namespace --namespace cert-manager cert-manager charts/cert-manager --atomic
helm upgrade --install --create-namespace --namespace traefik traefik charts/traefik --atomic
helm upgrade --install --create-namespace --namespace strimzi-kafka-operator strimzi-kafka-operator charts/strimzi-kafka-operator --atomic
kubectl create secret tls root-ca-secret \
--cert="$(mkcert -CAROOT)/rootCA.pem" \
--key="$(mkcert -CAROOT)/rootCA-key.pem" \
--namespace=cert-manager
helm upgrade --install -n strimzi-kafka-operator strimzi-registry-operator charts/strimzi-registry-operator
helm upgrade --create-namespace --install -n glue glue ./charts/dev-glue --atomic --set "global.projectDomain=${PROJECT_DOMAIN}"
helm upgrade --install --create-namespace --atomic --namespace keycloak keycloak ./charts/keycloak --set "global.projectDomain=${PROJECT_DOMAIN}"You can also use the Earthly scripts to install or recreate the cluster within minutes. NOTE: This will not install prerequisities
earthly +kind-create-localearthly +kind-recreate-localkubectl get secrets -n glue kafka-super-user -o jsonpath='{.data.user\.password}' | base64 -d > userpass.txt
cat "$(mkcert -CAROOT)/rootCA.pem" > ca.crt
kubectl get secrets -n glue kafka-super-user -o jsonpath='{.data.ca\.crt}' | base64 -d >> ca.crt
kubectl get secrets -n glue kafka-super-user -o jsonpath='{.data.user\.p12}' | base64 -d > user.p12 Please replace the [PATH_TO_CERT] and [content of userpass.txt] with the config below
security.protocol=SSL
bootstrap.servers=bootstrap.local.lgc:9094
ssl.keystore.type=PKCS12
ssl.keystore.location=[PATH_TO_CERT]/user.p12
ssl.keystore.password=[content of userpass.txt]
ssl.truststore.type=PEM
ssl.truststore.location=[PATH_TO_CERT]/ca.crtTo access your ingresses you should add them to your /etc/hosts
127.0.0.1 keycloak.local.lgc
127.0.0.1 b0.local.lgc
127.0.0.1 bootstrap.local.lgc
127.0.0.1 sr.local.lgckind export kubeconfig --name lgckind delete cluster --name lgckeycloak is running in dev mode
- admin:admin
- reader:reader
- writer:writer
- admins
- readers
- writers
- admin-action
- reader-action
- writer-action
Usage within
import {AuthProviderProps} from "react-oidc-context";
const oidcConfig: AuthProviderProps = {
authority: "https://keycloak.local.lgc/realms/sandbox",
client_id: "sandbox-ui",
redirect_uri: document.baseURI,
};The schema registry is available at https://sr.local.lgc