The official Helm chart is available on GitHub. Find bellow documentation and examples:
Add the contents of the license file under the lenses.license YAML property:
lenses.license
# Add the contents of your license file lenses: license: |- {"source":"Lenses.io","clientId":"123ab789-abc..","key":"eyJhb.."}
lenses.brokers contains the broker options. Multiple brokers are supported.
lenses.brokers
security.mechanism
bootstrapServers is a list of brokers, names and ports.
bootstrapServers
metrics used to monitor the health of your cluster and show metrics and information.
metrics
JMX
AWS
JOLOKIAP
JOLOKIAG
Example:
lenses: kafka: ssl: enabled: false trustStoreFileData: keyStoreFileData: trustStorePassword: keyStorePassword: keyPassword: sasl: enabled: false # keyTabData is the base64 encoded contents kerberos keytab file is using kerberos mounted in /mnt/secrets keyTabData: |- # jaasFileData is the contents of the kafka jaas file mounted in /mnt/secrets jaasFileData: |- # mechanism is the sasl authentication mechanism GSSAPI, SCRAM or PLAIN mechanism: "GSSAPI" # krb5Conf is the Kerberos config data to be mounted into /etc krb5Conf: |- metrics: type: "JMX" ssl: true username: admin password: admin ports: - id: 1 port: 9581 host: "host1" - id: 2 port: 9581 host: "host2" bootstrapServers: - name: kafka port: 9092 sslPort: 9093 saslSslPort: 9094 saslPlainTextPort: 9095
If you have one of more Zookeeper services, use the lenses.zookeepers.hosts options.
lenses: zookeepers: hosts: - host: zookeeper-1 port: 2181 metrics: type: "JMX" port: 9102 username: password: ssl: - host: zookeeper-2 port: 2181 metrics: type: "JMX" port: 9102 username: admin password: admin ssl: true
If you have one of more Schema Registry services, use the lenses.schemaRegistries options.
NONE
URL
USER_INFO
SASL_INHERIT
lenses: schemaRegistries: enabled: true hosts: - host: schema-registry-1 protocol: http port: 8081 metrics: type: "JMX" port: 9102 username: password: ssl: - host: schema-registry-2 protocol: http port: 8081 metrics: type: "JMX" port: 9102 username: password: ssl:
If you have one of more Kafka Connect clusters, us the lenses.connectClusters options and define your Connect clusters providing the cluster name, ports, backing topics and worker hosts.
connectClusters: enabled: true clusters: - name: datascience protocol: http port: 8083 jmxPort: 9102 offsetsTopic: connect-offsets-datascience statusTopic: connect-statuses-datascience configTopic: connect-configs-datascience hosts: - host: worker-ds-1 metrics: type: "JMX" port: 9102 username: password: ssl: - host: worker-ds-1 metrics: type: "JMX" port: 9102 username: password: ssl: - host: worker-ds-1 metrics: type: "JMX" port: 9102 username: password: ssl: - name: dataengineering protocol: http port: 8083 jmxPort: 9102 offsetsTopic: connect-offsets-dataengineering statusTopic: connect-statuses-dataengineering configTopic: connect-configs-dataengineering hosts: - host: worker-de-1 - host: worker-de-1 - host: worker-de-1 auth: URL username: myusername password: mypassword
To configure Streaming SQL options for Lenses use the lenses.sql options:
lenses: sql: mode: KUBERNETES heap: 900M memLimit: 1152M memRequest: 128M ssl: trustStoreFileData: |- keyStoreFileData: |- trustStorePassword: keyStorePassword: keyPassword:
lenses.tls contains tls options for configuring Lenses with TLS termination.
lenses.tls
lenses: tls: enabled: true # base64 encoded keystore data # openssl base64 < keystore.jks | tr -d '\n' keyStoreFileData: |- /u3+7QAAAAIAAAACAAAAAgAGY2Fyb290...== # base64 keystore password # echo "$password" | tr -d '\n' | base64 keyStorePassword: |- YWRtaW4xMjM0 # base64 encoded truststore data # openssl base64 < truststore.jks | tr -d '\n' trustStoreFileData: |- /u3+7QAAAAIAAAABAAAAAgAGY2Fyb290...== # base64 truststore password # echo "$password" | tr -d '\n' | base64 trustStorePassword: |- YWRtaW4xMjM0 # base64 key password # echo "$password" | tr -d '\n' | base64 keyPassword: |- YWRtaW4xMjM0 clientAuth: false
Users can authenticate via SSO (Single Sign On) using the SAML 2.0 protocol using one of the supported integrations. To use SSO remember to also enable TLS.
azure
google
keycloak
okta
onelogin
lenses: security: saml: enabled: true baseUrl: "https://lenses-prod.eastus2.cloudapp.azure.com" provider: "azure" keyStoreFileData: |- YmFzZTY0IG9mIGtleXN0b3JlIA== keyStorePassword: "password" keyPassword: "password" metadataFileData: |- LUlkUCBiYXNlNjQgWE1MIGZpbGUgY29udGVudC0=
The security user contains the default username and password for the super administrator. See how to secure your admin account.
lenses: security: defaultUser: username: admin password: admin
With sidecar containers configuration you may deploy supporting containers such as data extractors/generators, etc. alongside Lenses container. You can read more about sidecars.
# Simple example sidecarContainers: - name: sidecar-example image: alpine command: ["sh", "-c", "watch datetime"]
This allows the pods to have stable network identifiers. Each pods address should be added as an entry. The address takes the form of:
<statefulset-name-<pod ordinal identifier.<servicename.<namespace.svc.cluster.local
For example, if using statefulset of replicas called with a headless service the addresses would be:
zookeeper-0.zookeeper.defaut.svc.cluster.local zookeeper-1.zookeeper.defaut.svc.cluster.local zookeeper-2.zookeeper.defaut.svc.cluster.local schema-registry-0.schema.default.svc.cluster.local schema-registry-1.schema.default.svc.cluster.local connect-worker-0.connect.defaut.svc.cluster.local connect-worker-1.connect.defaut.svc.cluster.local
If you only have one instance of a service you can set the service name.
On this page
