Prepare v0.10.0 release documentation

Signed-off-by: gracegrimwood <[email protected]>

Author: gracegrimwood

_data/kroxylicious.yml

@@ -1,6 +1,8 @@
 versions:
   - title: 'Development'
     url: '/kroxylicious'
+  - title: 'v0.10.0'
+    url: '/docs/v0.10.0/'
   - title: 'v0.9.0'
     url: '/docs/v0.9.0/'
   - title: 'v0.8.0'

docs/v0.10.0/_files/_assets/attributes.adoc

@@ -0,0 +1,53 @@
+// AsciiDoc settings
+:data-uri!:
+:doctype: book
+:experimental:
+:idprefix:
+:imagesdir: images
+:numbered:
+:sectanchors!:
+:sectnums:
+:source-highlighter: highlight.js
+:toc: left
+:linkattrs:
+:toclevels: 2
+:icons: font
+
+//Latest version
+:KroxyliciousVersion: 0.9
+:gitRef: releases/tag/v0.10.0
+:ApicurioVersion: 2.6.x
+
+//Proxy links
+:github: https://github.com/kroxylicious/kroxylicious
+:github-releases: https://github.com/kroxylicious/kroxylicious/{gitRef}
+:github-issues: https://github.com/kroxylicious/kroxylicious/issues
+:api-javadoc: https://javadoc.io/doc/io.kroxylicious/kroxylicious-api/{KroxyliciousVersion}
+:kms-api-javadoc: https://javadoc.io/doc/io.kroxylicious/kroxylicious-kms/{KroxyliciousVersion}
+:encryption-api-javadoc: https://javadoc.io/doc/io.kroxylicious/kroxylicious-encryption/{KroxyliciousVersion}
+:start-script: https://github.com/kroxylicious/kroxylicious/blob/{gitRef}/kroxylicious-app/src/assembly/kroxylicious-start.sh
+
+//Kafka links
+:ApacheKafkaSite: https://kafka.apache.org[Apache Kafka website^]
+:kafka-protocol: https://kafka.apache.org/protocol.html
+
+//java links
+:java-17-javadoc: https://docs.oracle.com/en/java/javase/17/docs/api
+:java-17-specs: https://docs.oracle.com/en/java/javase/17/docs/specs
+
+//Vault links
+:hashicorp-vault: https://developer.hashicorp.com/vault
+
+//Fortanix DSM links
+:fortanix-dsm: https://www.fortanix.com/platform/data-security-manager
+:fortanix-support: https://support.fortanix.com/
+
+//AWS links
+:aws:  https://docs.aws.amazon.com/
+
+// Apicurio links
+:apicurio-docs: https://www.apicur.io/registry/docs/apicurio-registry/{ApicurioVersion}/
+
+// Conditional inclusion flags
+:include-fortanix-dsm-kms: 1
+:include-aws-kms-service-config-identity-ec2-metadata: 1

docs/v0.10.0/_files/_assets/trademarks.adoc

@@ -0,0 +1,8 @@
+= Trademark notice
+
+* Hashicorp Vault is a registered trademark of HashiCorp, Inc.
+* AWS Key Management Service is a trademark of Amazon.com, Inc. or its affiliates.
+ifdef::include-fortanix-dsm-kms[]
+* Fortanix and Data Security Manager are trademarks of Fortanix, Inc.
+endif::[]
+* Apache Kafka is a registered trademark of The Apache Software Foundation.

docs/v0.10.0/_files/assemblies/assembly-aws-kms.adoc

@@ -0,0 +1,19 @@
+// file included in the following:
+//
+// assembly-record-encryption-filter.adoc
+
+[id='assembly-aws-kms-{context}']
+= Setting up AWS KMS
+
+[role="_abstract"]
+To use {aws}/kms/latest/developerguide/overview.html[AWS Key Management Service] with the Record Encryption filter, use the following setup:
+
+* Establish an AWS KMS aliasing convention for keys
+* Configure the AWS KMS 
+* Create AWS KMS keys
+
+You'll need a privileged AWS user that is capable of creating users and policies to perform the set-up.
+
+include::../modules/record-encryption/aws-kms/con-aws-kms-setup.adoc[leveloffset=+1]
+include::../modules/record-encryption/aws-kms/con-aws-kms-service-config.adoc[leveloffset=+1]
+include::../modules/record-encryption/aws-kms/con-aws-kms-key-creation.adoc[leveloffset=+1]

docs/v0.10.0/_files/assemblies/assembly-built-in-filters.adoc

@@ -0,0 +1,14 @@
+// file included in the following:
+//
+// index.adoc
+
+[id='assembly-built-in-filters-{context}']
+= Built-in filters
+
+[role="_abstract"]
+Kroxylicious comes with a suite of built-in filters designed to enhance the functionality and security of your Kafka clusters.
+
+include::assembly-record-encryption-filter.adoc[leveloffset=+1]
+include::assembly-multi-tenancy-filter.adoc[leveloffset=+1]
+include::assembly-record-validation-filter.adoc[leveloffset=+1]
+include::../modules/oauthbearer/con-oauthbearer.adoc[leveloffset=+1]

docs/v0.10.0/_files/assemblies/assembly-configuring-proxy.adoc

@@ -0,0 +1,17 @@
+[id='assembly-configuring-proxy-{context}']
+= Configuring proxies
+
+[role="_abstract"]
+Fine-tune your deployment by configuring proxies to include additional features according to your specific requirements.
+
+include::../modules/configuring/con-configuration-outline.adoc[leveloffset=+1]
+include::../modules/configuring/con-configuring-filters.adoc[leveloffset=+1]
+include::../modules/configuring/con-configuring-virtual-clusters.adoc[leveloffset=+1]
+include::../modules/configuring/con-configuring-vc-network-addresses.adoc[leveloffset=+1]
+include::../modules/configuring/con-configuring-vc-client-tls.adoc[leveloffset=+1]
+include::../modules/configuring/con-configuring-vc-target-tls.adoc[leveloffset=+1]
+
+include::../modules/configuring/con-configuring-vc-other-settings.adoc[leveloffset=+1]
+include::../modules/configuring/con-configuring-toplevel-other-settings.adoc[leveloffset=+1]
+
+include::../modules/configuring/ref-configuring-proxy-example.adoc[leveloffset=+1]

docs/v0.10.0/_files/assemblies/assembly-fortanix-dsm.adoc

@@ -0,0 +1,17 @@
+// file included in the following:
+//
+// assembly-record-encryption-filter.adoc
+
+[id='assembly-fortanix-dsm-{context}']
+= Setting up Fortanix Data Security Manager (DSM)
+
+[role="_abstract"]
+To use Fortanix Data Security Manager (DSM) with the Record Encryption filter, use the following setup:
+
+* Establish a naming convention for keys and decide in which group the keys will live
+* Create an application identity, with an API key, for use by the Record Encryption filter.
+* Create keys within Fortanix DSM.
+
+include::../modules/record-encryption/fortanix-dsm/con-fortanix-dsm-setup.adoc[leveloffset=+1]
+include::../modules/record-encryption/fortanix-dsm/con-fortanix-dsm-service-config.adoc[leveloffset=+1]
+include::../modules/record-encryption/fortanix-dsm/con-fortanix-dsm-key-creation.adoc[leveloffset=+1]

docs/v0.10.0/_files/assemblies/assembly-hashicorp-vault.adoc

@@ -0,0 +1,17 @@
+// file included in the following:
+//
+// assembly-record-encryption-filter.adoc
+
+[id='assembly-hashicorp-vault-{context}']
+= Setting up HashiCorp Vault
+
+[role="_abstract"]
+To use HashiCorp Vault with the Record Encryption filter, use the following setup:
+
+* Enable the Transit Engine as the Record Encryption filter relies on its APIs.
+* Create a Vault policy specifically for the filter with permissions for generating and decrypting Data Encryption Keys (DEKs) for envelope encryption.
+* Obtain a Vault token that includes the filter policy.
+
+include::../modules/record-encryption/hashicorp-vault/con-vault-setup.adoc[leveloffset=+1]
+include::../modules/record-encryption/hashicorp-vault/con-vault-service-config.adoc[leveloffset=+1]
+include::../modules/record-encryption/hashicorp-vault/con-vault-key-creation.adoc[leveloffset=+1]

docs/v0.10.0/_files/assemblies/assembly-monitoring-proxy.adoc

@@ -0,0 +1,19 @@
+// file included in the following:
+//
+// index.adoc
+
+[id='con-operating-{context}']
+= Monitoring proxies
+
+[role="_abstract"]
+Monitoring data allows you to monitor the performance and health of proxy operations. 
+You can configure your deployment to capture metrics data for analysis and notifications.
+
+* Introduce custom logging configurations using `log4j2` and set appropriate root log levels.
+* Set up an admin HTTP endpoint for Prometheus metrics scraping.
+* Integrate Micrometer for enhanced observability.
+* Configure common tags and standard binders for JVM and system metrics to ensure comprehensive monitoring and efficient proxy operation.
+
+include::../modules/monitoring/proc-introducing-metrics.adoc[leveloffset=+1]
+include::../modules/monitoring/con-setting-logs.adoc[leveloffset=+1]
+include::../modules/monitoring/con-integrating-micrometer.adoc[leveloffset=+1]

docs/v0.10.0/_files/assemblies/assembly-multi-tenancy-filter.adoc

@@ -0,0 +1,31 @@
+// file included in the following:
+//
+// assembly-built-in-filters.adoc
+
+[id='assembly-multi-tenancy-filter-{context}']
+= (Preview) Multi-tenancy filter
+
+[role="_abstract"]
+Kroxylicious’s Multi-tenancy filter presents a single Kafka cluster to tenants as if it were multiple clusters.
+Operations are isolated to a single tenant by prefixing resources with an identifier.
+
+NOTE: This filter is currently in incubation and available as a preview. 
+We would not recommend using it in a production environment.
+
+The Multi-tenancy filter works by intercepting all Kafka RPCs (remote procedure calls) that reference resources, such as topic names and consumer group names:
+
+Request path:: On the request path, resource names are prefixed with a tenant identifier.
+Response path:: On the response path, the prefix is removed.
+
+Kafka RPCs that list resources are filtered so that only resources belonging to the tenant are returned, effectively creating a private cluster experience for each tenant.
+
+To set up the filter, configure it in Kroxylicious.
+
+IMPORTANT: While the Multi-tenancy filter isolates operations on resources, it does not isolate user identities across tenants. 
+User authentication and ACLs (Access Control Lists) are shared across all tenants, meaning that identity is not scoped to individual tenants. 
+For more information on open issues related to this filter, see {github-issues}[Kroxylicious issues^].
+
+NOTE: For more information on Kafka's support for multi-tenancy, see the {ApacheKafkaSite}.
+
+//configuring the multi-tenancy filter
+include::../modules/multi-tenancy/proc-multi-tenancy.adoc[leveloffset=+1]