Installation
AWS Marketplace
See our AWS Marketplace Seller Profile to purchase Kpow on AWS.
Kpow works beautifully with Amazon MSK and is easily configured to run in ECS / Fargate / EKS / EKS Anywhere.
Subscribe to Kpow on the AWS Marketplace and get an automatically licensed container billed to your AWS account.
We release every Kpow update to the AWS Marketplace, updating Kpow is as simple as upgrading to the newest container.
Kpow on the AWS Marketplace
When you subscribe to a Kpow product on the AWS Marketplace you gain access to a Kpow AWS Marketplace container that is functionally the same as the Kpow container available via Dockerhub.
The Kpow AWS Marketplace container integrates with AWS, allowing AWS to check your subscription, meter your usage, and checkout entitlements, depending on the version of Kpow you choose to purchase on the AWS Marketplace.
The Kpow AWS Marketplace container is automatically licensed to the AWS account that subscribes to a product and that account is billed for the subscription. You do not need to arrange a separate license with us directly if you subscribe to a Kpow product on the AWS Marketplace. It just works.
AWS Enterprise Discount Program
Kpow for Apache Kafka (Annual) can be purchased within an AWS Enterprise Discount Program (EDP).
Kpow for Apache Kafka (Hourly) does not qualify for EDP purchases.
EDP applicable purchases require a private offer, contact [email protected] for assistance.
Kpow products on the AWS Marketplace
There are two Kpow products on the AWS Marketplace.
Kpow for Apache Kafka (Hourly)
Subscribe to Kpow (Hourly) to gain access to a Team Edition Kpow container that can connect to a single Kafka cluster and associated Schema Registries, Kafka Connect, and ksqlDB resources.
Start as many instances of Kpow as you need from the provided container. Usage of each instance is metered and billed by the hour at the Kpow metered rate.
Kpow (Hourly) allows you to pay only for the Kpow hours you use with no ongoing commitment.
Kpow for Apache Kafka (Annual)
Subscribe to Kpow (Annual) to gain access to a Team or Enterpise Edition Kpow container that can connect to any number of Kafka clusters.
Kpow (Annual) is integrated with AWS License Manager. Select the number and type of Cluster credits you require when you subscribe to this product, then install as many Kpow instances as you like. Your license entitlements are checked automatically.
The Kpow marketplace container
Getting started is easy, just choose a product from our Marketplace Seller Profile:
- Selected a product and click 'Continue to Subscribe'
- Review and accept the Terms and Conditions
- Once your subscription is activated, click 'Continue to Configuration'
- Choose the delivery method, and the latest software version available
- Click 'Continue to Launch'
- Copy the instructions to pull the Kpow AWS Marketplace container image
You can now push the Kpow container docker image into your own docker repository, or use it directly in a ECS / Fargate / EKS to launch Kpow instances with the correct IAM permissions or LM integrations.
Check your subscription regularly for new releases of Kpow and update accordingly!
General technical requirements
Target platforms
Kpow (Hourly) containers can be run in ECS (including Fargate), or EKS.
Kpow (Annual) containers can be run in ECS (including Fargate), EKS, or EKS Anywhere.
Deploy Kpow (Hourly)
Kpow (Hourly) is the Team Edition of Kpow integrated with AWS Marketplace Metering API to manage license metering.
Required IAM role for Kpow (Hourly)
The Kpow Marketplace container Kpow (Hourly) must be run with the AWSMarketplaceMeteringRegisterUsage IAM policy.
This policy allows the Kpow container to interact with the AWSMarketplaceMetering/registerUsage API.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"aws-marketplace:RegisterUsage"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
Launch Kpow (Hourly) on ECS
Use the Marketplace container obtained from your marketplace subscription to configure an ECS task with an IAM Role that has the AWSMarketplaceMeteringRegisterUsage Policy, then launch that task in either Fargate or EC2.
Launch Kpow (Hourly) on EKS
You might find our Helm chart for Kpow useful to deploy the container, simply update the chart container reference to point to the AWS Marketplace container instead.
Deploying the Marketplace Kpow container to EKS is slightly more complicated due to the requirement to run the container with the correct IAM Role and Policy - this means configuring a Service Account that has the correct IAM role.
Fine-grained IAM roles for Service Accounts are available in EKS Clusters v1.14+.
Configure your EKS Cluster and Deploy Kpow (Hourly)
The following steps guide you through a simple installation of Kpow in EKS.
See this article for further background reading on Fine Grained IAM Roles for Service Accounts.
Update your KubeConfig
$ aws eks --region [EKS-REGION] update-kubeconfig --name [EKS-CLUSTER-NAME]
> Added new context arn:aws:eks:us-east-1:[YOUR-ACCOUNT-ID]:cluster/[EKS-CLUSTER-NAME] to /Users/you/.kube/config
Test you Cluster Connectivity
$ kubectl get svc
> NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AG
> kubernetes ClusterIP 10.100.0.1 443/TCP 3h34m
Enable an IAM OIDC Identity Provider for your Cluster
IAM Roles for Service Accounts (IRSA) requires that your cluster has an OIDC Identity Provider associated with it.
Follow the AWS Guide to determine if you have to create and associate an OIDC Identity Provider to your cluster.
Create the Service Account IAM Role
eksctl create iamserviceaccount \
--name kpow \
--namespace factorhouse \
--cluster <ENTER_YOUR_CLUSTER_NAME_HERE> \
--attach-policy-arn arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage \
--approve \
--override-existing-serviceaccounts
You can now deploy Kpow to EKS using the Service Account with an IAM Role and attached AWSMarketplaceMeteringRegisterUsage policy.
Deploy Kpow (Annual)
Kpow (Annual) is either the Team or Enterprise Edition of Kpow depending on which Cluster Credits you have chosen to purchase, integrated with AWS License Manager for entitlement management.
Kpow (Annual) will check out a single Cluster Credit entitlement from the AWS License Manager for every Kafka cluster in use with Kpow.
Cluster Credit entitlements can be purchased via the AWS Marketplace. Kpow (Annual) can be used with EKS and Self-Managed Kubernetes clusters.
Required IAM role for Kpow (Annual)
The Kpow Marketplace container for Kpow (Annual) must be run with the AWSLicenseManagerConsumptionPolicy IAM policy.
This policy allows the Kpow container to checkout license entitlements from the AWS License Manager.
Launch Target
Once you have subscribed to Kpow (Annual) on the AWS Marketplace click through to the 'Launch' page. You will be asked to choose a Launch Target
.
Choose either AWS Managed Kubernetes
(EKS) or Self-Managed Kubernetes
(EKS Anywhere) to see the following instructions:
Launch Kpow on EKS
These instructions are taken from the Launch
page of the Kpow (Annual) product on AWS Marketplace.
Step 1: Create an AWS IAM role and Kubernetes service account
Use the following command to create an AWS IAM role and Kubernetes service account.
kubectl create namespace factorhouse
eksctl create iamserviceaccount \
--name kpow \
--namespace factorhouse \
--cluster <ENTER_YOUR_CLUSTER_NAME_HERE> \
--attach-policy-arn arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess \
--attach-policy-arn arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage \
--attach-policy-arn arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy \
--approve \
--override-existing-serviceaccounts
Step 2: Launch the software
Use the following commands to launch this software by installing a Helm chart on your Amazon EKS cluster. The Helm CLI version in your launch environment must be 3.7.1.
export HELM_EXPERIMENTAL_OCI=1
aws ecr get-login-password \
--region us-east-1 | helm registry login \
--username AWS \
--password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com
mkdir awsmp-chart && cd awsmp-chart
helm pull oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/operator-io/kpow-lm-chart --version 1.0.45
tar xf $(pwd)/* && find $(pwd) -maxdepth 1 -type f -delete
helm install kpow-1-0-45 \
--namespace factorhouse ./* \
--set serviceAccount.create=false \
--set serviceAccount.name=kpow
--set env.BOOTSTRAP=...
Configure the Kpow (Annual) container
Kpow is configured primarily with environment variables with yaml files, keystores, and truststores being provided for certain installations.
The AWS Marketplace Kpow (Annual) container provided in your subscription exposes the same configuration options as our standard Kpow Helm charts, you might find the README.md documentation of those charts useful in configuring Kpow (Annual).
One simple approach is to specify environment variables as you install:
helm install kpow \
--namespace factorhouse ./* \
--set serviceAccount.create=false \
--set serviceAccount.name=kpow \
--set aws.licenseConfigSecretName=awsmp-license-token-secret \
--set env.BOOTSTRAP="pkc-abc1.us-east-12.aws.confluent.cloud:9092" \
--set env.SECURITY_PROTOCOL="SASL_SSL" \
--set env.SASL_MECHANISM="PLAIN" \
--set env.SASL_JAAS_CONFIG="org.apache.kafka.common.security.plain.PlainLoginModule required username=\"SOME_USERNAME\" password=\"SOME_PASSWORD";" \
--set env.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM="https"
Launch Kpow on EKS Anywhere
Running Kpow (Annual) on self-managed Kubernetes via EKS Anywhere requires generating an access token and associating it to an IAM account.
These actions, and the following instructions to launch the product, can be found on the Launch
page of the Kpow (Annual) AWS Marketplace product.
Accessing the UI
On a successful deployment, Kpow starts a web-server with a UI running on port 3000.
There are many different options to configure network egress allowing access to the Kpow pod on port 3000, one simple option to validate a deployment is to follow the notes provided by the output of the Helm install command:
NOTES:
1. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace factorhouse -l "app.kubernetes.io/name=kpow,app.kubernetes.io/instance=kpow-1-0-29" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:3000 to use your application"
kubectl --namespace factorhouse port-forward $POD_NAME 3000:3000
This command temporarily port-forwards from localhost:3000 to your-pod:3000, meaning you can view the Kpow UI at http://localhost:3000 while that command runs.
Get help!
For assistance installing and configuring Kpow on the AWS Marketplace contact [email protected]