Helm
This page describes installing Lenses in Kubernetes via Helm.
Last updated
This page describes installing Lenses in Kubernetes via Helm.
Last updated
2024 © Lenses.io Ltd. Apache, Apache Kafka, Kafka and associated open source project names are trademarks of the Apache Software Foundation.
Only Helm version 3 is supported.
On start-up, Lenses will be in bootstrap mode unless it has an existing Kafka Connection. Enable provisioning to automate the creation of connections.
First, add the Helm Chart repository using the Helm command line:
Use helm to install Lenses with default values:
The default install of Lenses will place Lenses in bootstrap mode, you can add the connections to Kafka manually and upload your license or automation with provisioning. Please refer to the GitHub values.yaml
for all options.
To automatically provision the connections to Kafka and other systems set the .Values.lenses.provision.connections
to be the YAML definition of your connections. For a full list of the connection types supported see Provisioning.
The chart will render the full YAML specified under this setting as the provisioning.yaml
file.
Alternatively you can use a second YAML file, which contains only the connections pass them at the command line when installing:
You must explicitly enable provisioning via lenses.provision.enabled: true otherwise Lenses will start in bootstrap mode.
The chart uses:
Secrets to store Lenses Postgres credentials and authentication credentials
Secrets to store connection credentials such as Kafka SASL_SCRAM password or password for SSL JKS stores.
Secrets to hold the base64 encoded values of the JKS stores
ConfigMap for Lenses configuration overrides
Cluster roles and role bindings (optional).
Secrets and config maps are mounted as files under the mount /mnt
:
settings - holds the lenses.conf
secrets - holds the secrets Lenses and license
provision-secrets - holds the secrets for connections in the provisioning.yaml
file
provision-secrets/files - holds any file needed for a connection, e.g. JKS files.
The Helm chart creates Cluster roles and bindings, these are used by SQL Processors if the deployment mode is set to KUBERENTES. They are used so that Lenses can deploy and monitor SQL Processor deployments in namespaces.
To disable the RBAC set: rbacEnabled: false
If you want to limit the permissions Lenses has against your Kubernetes cluster, you can use Role/RoleBinging
resources instead.
To achieve this you need to create a Role
and a RoleBinding
resource in the namespace you want the processors deployed to.
For example:
Lenses namespace = lenses-ns
Processor namespace = lenses-proc-ns
Finally you need to define in Lenses configuration which namespaces can Lenses access. To achieve this amend values.yaml
to contain the following:
The main configurable options for lenses.conf
are available in the values.yaml
under the lenses
object. These include:
Authentication
Database connections
SQL processor configurations
To apply other static configurations use lenses.append.conf
, for example:
Set accordingly under**lenses.security.
**
For SSO set lenses.security.saml
To use Postgres as the backing store for Lenses set the details in the lenses.storage.postgres object
.
If Postgres is not enabled a default embedded H2 database is used. To enable persistence for this data:
The chart relies on secrets for sensitive information such as Passwords. Secrets can rotate and are commonly stored in an external store such as Azure KeyVault, Hashicorp Vault or AWS Secrets Manager.
If you wish to have the chart use external secrets that are synchronized with these providers, set the following for the Lenses user:
For Postgres, add additional ENV variables via the lenses.additionalEnv
object to point to your secret and set the username and password to external in the Postgres section.
While the chart supports setting TLS on Lenses itself we recommend placing it on the Ingress resource
Ingress and service resources are supported.
Enabled an Ingress resource in the values.yaml
:
Enable a service resource in the values.yaml
:
To control the resources used by Lenses:
To enable SQL processor in KUBERENTES mode and control the defaults:
To control the namespace Lenses can deploy processors, use the sql.namespaces
value.
Prometheus metrics are automatically exposed on port 9102 under /metrics
.
For Connections, see Provisioning examples. You can also find examples in the Helm chart repo.
Helm
Helm Chart Repo