Confluent for Kubernetes Blueprints Quick Start¶
The quick start tutorials in this document describe how to deploy and run the basic configuration of Confluent for Kubernetes (CFK) Blueprints.
For more CFK Blueprints use cases, see the example GitHub repo.
Prepare¶
Install Helm 3 on your local machine.
Install
kubectlcommand-line tool on your local machine.Install cfssl on your local machine.
Have the Kubernetes clusters you want to use for the Control Plane and the Data Plane. Kubernetes versions 1.22+ are required.
Rename the Kubernetes contexts for easy identification:
kubectl config rename-context <Kubernetes control plane context> control-plane
From the
<CFK examples directory>on your local machine, clone the example repo:git clone git@github.com:confluentinc/confluent-kubernetes-examples.git
Set the tutorial directory for this tutorial:
export TUTORIAL_HOME=<CFK examples directory>/blueprints/quickstart-deploy
Single-site Deployment using CFK Blueprints¶
This tutorial walks you through the configuration and deployment of CFK Blueprints in a single-site environment where the Control Plane and Data Plane run in the same cluster. For clarity, we will call out the Control Plane and Data Plane separately in this tutorial.
You will go through the following scenarios.
- Deploy the Control Plane.
- Deploy the local Data Plane in the same cluster as the Control Plane.
- Deploy the Blueprint in the Control Plane.
- Using the Blueprint, deploy Confluent Platform in the Data Plane.
Deploy Control Plane¶
In the Kubernetes cluster you want to install the Control Plane, take the following steps:
Create a namespace for the Blueprint system resources. These examples use:
cpc-systemkubectl create namespace cpc-system --context control-plane
Create a CA key pair to be used for the Blueprint and the Orchestrator:
cat << EOF > openssl.cnf [req] distinguished_name=dn [ dn ] [ v3_ca ] basicConstraints = critical,CA:TRUE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always EOF
If
/tmpdoes not exist in your local system, create the folder:mkdir /tmpGenerate a CA key pair:
openssl req -x509 -new -nodes -newkey rsa:4096 -keyout /tmp/cpc-ca-key.pem \ -out /tmp/cpc-ca.pem \ -subj "/C=US/ST=CA/L=MountainView/O=Confluent/OU=CPC/CN=CPC-CA" \ -reqexts v3_ca \ -config openssl.cnf
Install the Orchestrator Helm chart:
helm repo add confluentinc https://packages.confluent.io/helm helm repo update
helm upgrade --install confluent-orchestrator confluentinc/cfk-blueprint \ --set orchestrator.enabled=true \ --namespace cpc-system \ --kube-context control-plane
Deploy Local Data Plane¶
For the local deployment, install the Data Plane in the same Kubernetes cluster where you installed the Control Plane.
Install the Agent Helm chart in
Localmode:helm upgrade --install confluent-agent confluentinc/cfk-blueprint \ --set agent.mode=Local \ --set agent.enabled=true \ --namespace cpc-system \ --kube-context control-plane
Register the Data Plane Kubernetes cluster.
Get the Kubernetes ID:
kubectl get namespace kube-system -oyaml | grep uid
Edit
$TUTORIAL_HOME/registration/control-plane-k8s.yamland setspec.k8sIDto the Kubernetes ID retrieved in the previous step.Create the KubernetesCluster custom resource (CR) and the HealthCheck CR in the Control Plane Kubernetes cluster:
kubectl apply -f $TUTORIAL_HOME/registration/control-plane-k8s.yaml \ --context control-plane --namespace cpc-system
Verify that the Agent is up and running:
kubectl get cpcHealthCheck \ --context control-plane --namespace cpc-system
Install the CFK Helm chart in cluster mode (
--set namespaced=false):helm upgrade --install confluent-operator confluentinc/confluent-for-kubernetes \ --set namespaced="false" \ --namespace cpc-system \ --kube-context control-plane
Deploy Blueprint¶
Deploy the Blueprint and the Confluent cluster class CRs:
kubectl apply -f $TUTORIAL_HOME/deployment/confluentplatform_blueprint.yaml \
--context control-plane --namespace cpc-system
Deploy Confluent Platform in Local Data Plane¶
Create a namespace for deploying the Confluent components. These examples use:
org-confluentkubectl create namespace org-confluent --context control-plane
Deploy Confluent Platform:
kubectl apply -f $TUTORIAL_HOME/deployment/control-plane/confluentplatform_prod.yaml \ --namespace org-confluent \ --context control-plane
Validate the deployment.
Check that the Confluent components are up and running:
kubectl get pods --namespace org-confluent --context control-plane -w
Set up port forwarding to the Control Center web UI from the local machine:
kubectl port-forward controlcenter-prod-0 9021:9021 --context control-plane --namespace org-confluent
Navigate to Control Center in a browser and check the cluster:
Uninstall Confluent Platform:
kubectl delete -f $TUTORIAL_HOME/deployment/control-plane/confluentplatform_prod.yaml \ --namespace org-confluent \ --context control-plane
Multi-site Deployment using CFK Blueprints¶
This tutorial walks you through the configuration and deployment of CFK Blueprints in a multi-cluster environment. You will go through the following scenarios:
- Deploy the Control Plane.
- Deploy the Data Plane in a separate cluster.
- Deploy the Blueprint in the Control Plane.
- Using the Blueprint, deploy Confluent Platform in the Data Plane.
Deploy Control Plane¶
In the Kubernetes cluster you want to install the Control Plane, take the following steps:
Set the current context to the Control Plane cluster:
kubectl config use-context control-plane
Create a namespace for the Blueprint system resources.
cpc-systemis used in these examples:kubectl create namespace cpc-system --context control-plane
Create a CA key pair to be used for the Blueprint and the Orchestrator:
cat << EOF > openssl.cnf [req] distinguished_name=dn [ dn ] [ v3_ca ] basicConstraints = critical,CA:TRUE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always EOF
If
/tmpdoes not exist in your local system, create the folder:mkdir /tmpGenerate a CA key pair:
openssl req -x509 -new -nodes -newkey rsa:4096 -keyout /tmp/cpc-ca-key.pem \ -out /tmp/cpc-ca.pem \ -subj "/C=US/ST=CA/L=MountainView/O=Confluent/OU=CPC/CN=CPC-CA" \ -reqexts v3_ca \ -config openssl.cnf
Install the Orchestrator Helm chart:
helm repo add confluentinc https://packages.confluent.io/helm helm repo update
helm upgrade --install cpc-orchestrator confluentinc/cfk-blueprint \ --set orchestrator.enabled=true \ --namespace cpc-system \ --kube-context control-plane
Install the CFK Helm chart in the Control Plane:
helm upgrade --install confluent-operator confluentinc/confluent-for-kubernetes \ --set namespaced="false" \ --kube-context control-plane \ --namespace cpc-system
Deploy Remote Data Plane¶
In the remote deployment mode, the Data Plane is installed in a different Kubernetes cluster from the Control Plane cluster.
Rename the Kubernetes context for easy identification:
kubectl config rename-context <Kubernetes data plane context> data-plane
Create a namespace for the Blueprint system resources.
cpc-systemis used in these examples:kubectl create namespace cpc-system --context data-plane
In the Control Plane, generate the Kubeconfig for the Agent to communicate with the Orchestrator:
kubectl config use-context control-plane
$TUTORIAL_HOME/scripts/kubeconfig_generate.sh \ --name control-plane-sa \ --namespace cpc-system \ --kube-output-dir /tmp \ --regenerate
In the Data Plane, create the KubeConfig secret:
kubectl create secret generic control-plane-kubeconfig \ --from-file=kubeconfig=/tmp/kubeconfig \ --context data-plane \ --namespace cpc-system
In the Data Plane, install the Agent Helm chart in the
Remotemode:helm upgrade --install confluent-agent confluentinc/cfk-blueprint \ --set agent.mode=Remote \ --set agent.enabled=true \ --set agent.remoteKubeConfig.secretRef=control-plane-kubeconfig \ --kube-context data-plane \ --namespace cpc-system
In the Data Plane, install the CFK Helm chart in the cluster mode (
--set namespaced=false):helm upgrade --install confluent-operator confluentinc/confluent-for-kubernetes \ --set namespaced="false" \ --kube-context data-plane \ --namespace cpc-system
Register the Data Plane Kubernetes cluster with the Control Plane.
In the Data Plane cluster, get the Kubernetes ID:
kubectl get namespace kube-system -oyaml --context data-plane | grep uid
Edit
$TUTORIAL_HOME/registration/data-plane-k8s.yamland setspec.k8sIDto the Kubernetes ID from the previous step.In the Control Plane, register the Kubernetes cluster and the Health Check by creating the KubernetesCluster and the HealthCheck custom resources (CRs):
kubectl apply -f $TUTORIAL_HOME/registration/data-plane-k8s.yaml \ --context control-plane --namespace cpc-system
Verify that the Agent is up and running:
kubectl get cpcHealthCheck \ --context control-plane --namespace cpc-system
Deploy Blueprint¶
Deploy the Blueprint and the Confluent cluster class CRs:
kubectl apply -f $TUTORIAL_HOME/deployment/confluentplatform_blueprint.yaml \
--context control-plane --namespace cpc-system
Deploy Confluent Platform in Remote Data Plane¶
From the Control Plane cluster, deploy Confluent Platform.
Create the namespace
org-confluentto deploy the Confluent Platform clusters CR into:kubectl create namespace org-confluent --context control-plane
Deploy Confluent Platform:
kubectl create namespace confluent-dev --context data-plane
kubectl apply -f $TUTORIAL_HOME/deployment/data-plane/confluentplatform_dev.yaml \ --namespace org-confluent \ --context control-plane
The Confluent components are installed into the
confluent-devnamespace in the Data Plane.In the Data Plane, validate the deployment using Control Center.
Check that the Confluent components are up and running:
kubectl get pods --namespace confluent-dev --context data-plane -w
Set up port forwarding to the Control Center web UI from the local machine:
kubectl port-forward controlcenter-0 9021:9021 --context data-plane --namespace confluent-dev
Navigate to Control Center in a browser and check the cluster:
In the Control Plane, uninstall Confluent Platform:
kubectl delete -f $TUTORIAL_HOME/deployment/data-plane/confluentplatform_dev.yaml \ --context control-plane --namespace org-confluent