Charmed Karapace Operator

Overview

The Charmed Karapace Operator delivers automated operations management from day 0 to day 2 on Karapace.

This operator can be found on Charmhub and it comes with production-ready features such as:

• Fault-tolerance, replication and scalability out-of-the-box.
• Authentication of users.
• Access control management supported with user-provided ACL lists.

The Karapace Operator uses the latest upstream Karapace package released, made available using the charmed-karapace snap distributed by Canonical.

As Karapace requires a running Kafka cluster, this operator makes use of the Kafka Operator in order to work.

Usage

Basic usage

Before using Karapace, a Kafka cluster needs to be deployed. The Kafka and ZooKeeper operators can both be deployed as follows:

$ juju deploy zookeeper --channel latest/edge -n 5
$ juju deploy kafka --channel latest/edge -n 3

After this, it is necessary to connect them:

$ juju integrate kafka zookeeper

To watch the process, juju status can be used. Once all the units show as active|idle Karapace can be connected with Kafka:

$ juju deploy karapace --channel latest/edge
$ juju integrate karapace kafka

The credentials to access the server can be queried with:

juju run karapace/leader get-password username="operator"

With these credentials, the server can be queried now. An example showing all registered schemas:

$ curl -u operator:<password> -X GET http://localhost:8081/subjects

Password rotation

Internal operator user

The operator user is used internally by the Charmed Karapace Operator, the set-password action can be used to rotate its password.

# to set a specific password for the operator user
juju run karapace/leader set-password password=<password>

# to randomly generate a password for the operator user
juju run karapace/leader set-password

Relations

Supported relations:

karapace_client interface:

The karapace_client interface is used with any requirer charm. This interface will allow to create users and acls. At the moment the interface can be found under /src/relations/karapace.py

tls-certificates interface:

The tls-certificates interface is used with the tls-certificates-operator charm.

To enable TLS:

# deploy the TLS charm
juju deploy tls-certificates-operator --channel=edge
# add the necessary configurations for TLS
juju config tls-certificates-operator generate-self-signed-certificates="true" ca-common-name="Test CA"
# to enable TLS relate the applications
juju integrate tls-certificates-operator zookeeper
juju integrate tls-certificates-operator kafka
juju integrate tls-certificates-operator karapace

Updates to private keys for certificate signing requests (CSR) can be made via the set-tls-private-key action.

# Updates can be done with auto-generated keys with
juju run karapace/0 set-tls-private-key

To disable TLS remove the relation

juju remove-relation karapace tls-certificates-operator
juju remove-relation kafka tls-certificates-operator
juju remove-relation zookeeper tls-certificates-operator

Note: The TLS settings here are for self-signed-certificates which are not recommended for production clusters, the tls-certificates-operator charm offers a variety of configurations, read more on the TLS charm here

Contributing

Please see the Juju SDK docs for guidelines on enhancements to this charm following best practice guidelines, and CONTRIBUTING.md for developer guidance.

We are Hiring!

Also, if you truly enjoy working on open-source projects like this one and you would like to be part of the OSS revolution, please don't forget to check out the open positions we have at Canonical.

License

The Charmed Karapace Operator is free software, distributed under the Apache Software License, version 2.0. See LICENSE for more information.