Memphis is an intelligent, frictionless message broker.
Made to enable developers to build real-time and streaming apps fast.
Cloud - Docs - Twitter - YouTube
Memphis.dev is more than a broker. It's a new streaming stack.
It significantly accelerates the development of real-time applications that require a streaming platform with
high throughput, low latency, easy troubleshooting, fast time-to-value,
minimal platform operations, and all the observability you can think of.
Helm is a k8s package manager that allows users to deploy apps in a single, configurable command.
More information about Helm can be found here.
Memphis is cloud-native and cloud-agnostic to any Kubernetes on any cloud.
Minimum Requirements (Without high availability)
Resource | Quantity | |
---|---|---|
Minimum Kubernetes version | 1.20 and above | |
K8S Nodes | 1 | |
CPU | 2 CPU | |
Memory | 4GB RAM | |
Storage | 12GB PVC |
Recommended Requirements (With high availability)
Resource | Minimum Quantity |
---|---|
Minimum Kubernetes version | 1.20 and above |
K8S Nodes | 3 |
CPU | 4 CPU |
Memory | 8GB RAM |
Storage | 12GB PVC Per node |
Production
Production-grade Memphis with three memphis brokers configured in cluster-mode
helm repo add memphis https://k8s.memphis.dev/charts/ --force-update && helm install memphis memphis/memphis --set global.cluster.enabled="true" --create-namespace --namespace memphis --wait
Dev
Standard installation of Memphis with a single broker
helm repo add memphis https://k8s.memphis.dev/charts/ --force-update &&
helm install memphis memphis/memphis --create-namespace --namespace memphis --wait
Option | Description | Default Value | Example |
---|---|---|---|
global.cluster.enabled | Cluster mode for HA and Performance | "false" |
"false" |
exporter.enabled | Prometheus exporter | "false" |
"false" |
cluster.enabled | Enables Memphis cluster deployment. For fully HA configuration use global.cluster.enabled | "false" |
"true" |
cluster.replicas | Memphis broker replicas | "3" |
"5" |
memphis.image | Memphis image name | "memphisos/memphis:x.x.x-stable" | "memphisos/memphis:latest" |
memphis.ui.port | Dashboard's (GUI) port | 9000 | 9000 |
memphis.hosts.uiHostName | Which URL should be seen as the "UI hostname" | "" | "https://memphis.example.com" |
memphis.hosts.restgwHostName | Which URL should be seen as the "REST Gateway hostname" | "" | "https://restgw.memphis.example.com" |
memphis.hosts.brokerHostName | Which URL should be seen as the "broker hostname" | "" | "memphis.example.com" |
memphis.configFile.logsRetentionInDays | Amount of days to retain system logs | 3 | 3 |
memphis.configFile.gcProducerConsumerRetentionInHours | Amount of hours to retain producer/consumer in system | 3 | 3 |
memphis.configFile.tieredStorageUploadIntervalSeconds | Interval in seconds between uploads to tiered storage | 8 | 8 |
memphis.configFile.dlsRetentionHours | Amount of hours to retain messages in DLS | 3 | 3 |
memphis.configFile.userPassBasedAuth | Authentication method selector. true = User + pass false = User + connection token |
"true" |
"true" |
memphis.creds.rootPwd | Root password for the dashboard. Randomly generated. | "" | "superpass" |
memphis.creds.connectionToken | Token for connecting an app to the Memphis Message Queue. Auto generated.Randomly generated. | "" | "connectionToken |
memphis.creds.jwtSecret | For internal traffic. Randomly generated. | "" | "<JWT_TOKEN>" |
memphis.creds.refreshJwtSecret | For internal traffic. Randomly generated. | "" | "<JWT_TOKEN>" |
memphis.creds.encryptionSecretKey | Encryption secret key for internal encryption. Randomly generated. | "" | "" |
memphis.secretConfig.name | *Optional* Name of the secret |
"memphis-creds" | "memphis-creds" |
memphis.secretConfig.existingSecret | *Optional* Is this secret an existing secret |
"false" | "false" |
memphis.secretConfig.rootPwd_key | *Optional* Name of the key in secret |
"ROOT_PASSWORD" | "rootPwd" |
memphis.secretConfig.connectionToken_key | *Optional* Name of the key in secret |
"CONNECTION_TOKEN" | "connectionToken" |
memphis.secretConfig.jwtSecret_key | *Optional* Name of the key in secret |
"JWT_SECRET" | "jwtSecret" |
memphis.secretConfig.refreshJwtSecret_key | *Optional* Name of the key in secret |
"REFRESH_JWT_SECRET" | "refreshJwtSecret" |
memphis.secretConfig.encryptionSecretKey_key | *Optional* Name of the key in secret |
"ENCRYPTION_SECRET_KEY" | "encryptionSecretKey" |
memphis.secretConfig.refreshJwtSecretRestGW_key | *Optional* Name of the key in secret |
"REFRESH_JWT_SECRET_REST_GW" | "refreshJwtSecretRestGW" |
memphis.secretConfig.jwtSecretRestGW_key | *Optional* Name of the key in secret |
"JWT_SECRET_REST_GW" | "jwtSecretRestGW" |
memphis.extraEnvironmentVars.enabled | *Optional* List of additional environment variables for memphis. |
"" | vars: - name: KEY - valye: value |
memphis.tls.verify | *Optional* For encrypted client-memphis communication. Verification for the CA autority. SSL. |
"" | "true" |
memphis.tls.secret.name | *Optional* For encrypted client-memphis communication. K8S secret name that holds the certs. SSL. |
"" | "memphis-client-tls-secret" |
memphis.tls.cert | *Optional* For encrypted client-memphis communication. .pem file to use. SSL. |
"" | "memphis_client.pem" |
memphis.tls.key | *Optional* For encrypted client-memphis communication. Private key file to use. SSL. |
"" | "memphis-key_client.pem" |
memphis.tls.ca | *Optional* For encrypted client-memphis communication. CA file to use. SSL. |
"" | "rootCA.pem" |
websocket.tls.secret.name | *Optional* Memphis GUI using websockets for live rendering. K8S secret name for the certs |
"" | "memphis-ws-tls-secret" |
websocket.tls.cert | *Optional* Memphis GUI using websockets for live rendering. .pem file to use |
"" | "memphis_local.pem" |
websocket.tls.key | *Optional* Memphis GUI using websockets for live rendering. key file |
"" | "memphis-key_local.pem" |
metadata.postgresql.username | *Optional* Username for postgres db |
"postgres" | "postgres" |
metadata.pgpool.tls.enabled | *Optional* Enabling TLS-based communication with PG |
"false" | "false" |
metadata.pgpool.tls.certificatesSecret | *Optional* PG TLS cert secret to be used |
"" | "tls-secret" |
metadata.pgpool.tls.certFilename | *Optional* PG TLS cert file to be used |
"" | "tls.crt" |
metadata.pgpool.tls.certKeyFilename | *Optional* PG TLS key to be used |
"" | "tls.key" |
metadata.pgpool.tls.certCAFilename | *Optional* PG TLS cert CA to be used |
"" | "ca.crt" |
metadata.external.enabled | *Optional* For using external PG instead of deploying dedicated one for Memphis |
"false" | "true" |
metadata.external.dbTlsMutual | *Optional* External PG TLS-basec communication |
"true" | "true" |
metadata.external.dbName | *Optional* External PG db name |
"" | "memphis" |
metadata.external.dbHost | *Optional* External PG db hostname |
"" | "metadata.example.url" |
metadata.external.dbPort | *Optional* External PG db port |
"" | 5432 |
metadata.external.dbUser | *Optional* External PG db user |
"" | "postgres" |
metadata.external.dbPass | *Optional* External PG db password |
"" | "12345678" |
metadata.external.secret.enabled | *Optional* Enable an option to use secret for password store |
"false" | "true" |
metadata.external.secret.name | *Optional* Secret name |
"" | "metadata-secret" |
metadata.external.secret.dbPass_key | *Optional* Name of the key in the secret |
"" | "dbPass" |
restGateway.enabled | *Optional* Memphis Rest Gateway can be disabled if not in use |
"true" | "false" |
restGateway.jwtSecret | *Optional* Manual Jwt Token configurtion |
"" | "" |
restGateway.refreshJwtSecret | *Optional* Manual Refresh Jwt Token configurtion |
"" | "" |
Here is how to run an installation command with additional options -
helm install memphis --set cluster.replicas=3,memphis.creds.rootPwd=rootpassword" memphis/memphis --create-namespace --namespace memphis
- memphis. Memphis broker.
- memphis-rest-gateway. Memphis REST Gateway.
- memphis-metadata. Metadata store.
- memphis-metadata-coordinator. Metadata coordinator
For more information on each component, please head to the architecture section.
a) Generate a self-signed certificate using mkcert
$ mkcert -client \
-cert-file memphis_client.pem \
-key-file memphis-key_client.pem \
"127.0.0.1" "localhost" "*.memphis.dev" ::1 \
email@localhost [email protected]
b) Find the rootCA
$ mkcert -CAROOT
c) Create self-signed certificates for client
$ mkcert -client -cert-file client.pem -key-file key-client.pem localhost ::1
a) Create a dedicated namespace for memphis
kubectl create namespace memphis
b) Create a k8s secret with the required certs
kubectl create secret generic memphis-client-tls-secret \
--from-file=memphis_client.pem \
--from-file=memphis-key_client.pem \
--from-file=rootCA.pem -n memphis
tls:
secret:
name: memphis-client-tls-secret
ca: "rootCA.pem"
cert: "memphis_client.pem"
key: "memphis-key_client.pem"
helm install memphis memphis \
--create-namespace --namespace memphis --wait \
--set \
global.cluster.enabled="true",\
memphis.tls.verify="true",\
memphis.tls.cert="memphis_client.pem",\
memphis.tls.key="memphis-key_client.pem",\
memphis.tls.secret.name="memphis-client-tls-secret",\
memphis.tls.ca="rootCA.pem"
- Create a k8s secret with the provided TLS certs
kubectl create secret generic memphis-client-tls-secret \
--from-file=memphis_client.pem \
--from-file=memphis-key_client.pem \
--from-file=rootCA.pem -n memphis
- Upgrade Memphis to use the TLS certs
helm upgrade memphis memphis -n memphis --reuse-values \
--set \
memphis.tls.verify="true",\
memphis.tls.cert="memphis_client.pem",\
memphis.tls.key="memphis-key_client.pem",\
memphis.tls.secret.name="tls-client-secret",\
memphis.tls.ca="rootCA.pem"