Dhall Configuration Language Use Case: deploy Kafka to Kubernetes Alexey Novakov, EPAM, Germany 

Problem • App configuration in YAML is error-prone • Config error may cost you days of ops work • Code duplications leads to maintenance hell Typical mistakes: • Incorrect value semantic (string vs. number) • Incorrect object structure (no schema) • Incorrect indent (spaces) 

Solution We need programmable configuration files Configuration Programming Laguage: • Non-turing complete -> better security • Deterministic • Staticly-typed • It should support YAML/JSON/XML 

Dhall Configuration Language • JSON + functions + types + imports • Strong safety guarantees and more powerful tooling -- example.dhall let user = "bill" in { home = "/home/${user}" , privateKey = "/home/${user}/.ssh/id_ed25519" , publicKey = "/home/${user}/.ssh/id_ed25519.pub" } $ dhall-to-yaml < ./example.dhall home: /home/bill privateKey: /home/bill/.ssh/id_ed25519 publicKey: /home/bill/.ssh/id_ed25519.pub Dhall programs never fail, hang, crash, leak secrets, or compromise your system. 

Dhall ecosystem • CLI (static binaries): • dhall-to-yaml, dhall-to-json, dhall-to- text, others • yaml-to-dhall • dhall (REPL, format, + many other options) • Plugins: VSCode, Emacs, Vim • Documentation: docs.dhall-lang.org • Community: Packages Languages 

Example: Kafka Deployment 1. Customized Confluent Helm Charts (YAML) • Kafka Brokers • ZooKeeper • Custom volumes for jaas.conf, krb5.conf, keytabs 2. Security Configs (Dhall) • ConfigMaps: • jaas.conf • client.properties • Client Pod spec https://github.com/novakov-alexey/dhall-kafka-kuberentes-deployment 

Kafka Authentication • SSL • SASL: • GSSAPI (Kerberos) • OAUTHBEARER • SCRAM • PLAIN • Delegation Tokens • LDAP 

Deploy Kafka $ helm install $(PLAIN_RELEASE) ./kafka/helm/cp-kafka \ --values ./kafka/helm/cp-kafka/sasl-plain-values.yaml -n $(NAMESPACE) kubectl get po -n kafka -l 'app in (cp-kafka,cp-zookeeper)' NAME READY STATUS RESTARTS AGE plain-cp-kafka-0 1/1 Running 1 55s plain-cp-zookeeper-0 1/1 Running 0 55s $ dhall-to-yaml --documents < ./krb/krb5.dhall | kubectl create -n $(NAMESPACE) -f – $ dhall-to-yaml --documents < ./kafka/manifest/brokerConf.dhall | kubectl create -n $(NAMESPACE) -f - 

Deploy Client $ SASL_MECHANISM=".PLAIN" \ dhall-to-yaml < ./kafka/manifest/clientPod.dhall | kubectl create -n $(NAMESPACE) -f - $ kubectl get po -n kafka -l app=cp-kafka-client NAME READY STATUS RESTARTS AGE plain-kafka-client 1/1 Running 0 47s Consumer Producer 

Links • Example: https://github.com/novakov-alexey/dhall-kafka-kuberentes- deployment • Main site: https://dhall-lang.org/ • Wiki/Docs: https://docs.dhall-lang.org/index.html • Forum: https://discourse.dhall-lang.org/ • Dhall-Kubernetes package: https://github.com/dhall-lang/dhall- kubernetes/blob/master/README.md