zookeeper-operator icon indicating copy to clipboard operation
zookeeper-operator copied to clipboard

Published 20 hours ago verified publisher icon pravega

Want to set publishNotReadyAddresses: true in statefulset's headless service permanenetly

Open subhranil05 opened this issue 1 year ago • 9 comments

Description

I am using latest zookeeper-operator/zookeeper helm charts. Here I want to set publishNotReadyAddresses: true in headless service for zookeeper permanenetly. I'm using annotaions Service.spec.publishNotReadyAddresses: "true" in headless service through values file, but seems not doing the job, please let me know if any other way to do it

Importance

Zookeeper followers couldn't connect the leader, failing all the time with unknow host exception

Location

(Where is the piece of code, package, or document affected by this issue?)

Suggestions for an improvement

Option to update in spec of headless service with values file

subhranil05 avatar Apr 06 '23 07:04 subhranil05

@AKamyshnikova @anishakj Mentioning your names as active contributor to this repo, thanks for the cooperating. Guys could you please guide me on this? its really urgent requirement for me I need to add publishNotReadyAddresses: true on spec section of headless service permanently

subhranil05 avatar Apr 06 '23 16:04 subhranil05

@subhranil05 Hi! Creation of headless service is done here https://github.com/pravega/zookeeper-operator/blob/72bea545a73130c82b530e508a2a14daaa824435/pkg/zk/generators.go#L239

AKamyshnikova avatar Apr 12 '23 09:04 AKamyshnikova

add 'publishNotReadyAddresses: true' to headless svc may cause zk server is unable to join quorum after connection broken to other peers

sys-liqian avatar Apr 23 '23 09:04 sys-liqian

@sys-liqian without that there is failure for follower to join leader and timeout, any alternatives to fix this?

subhranil05 avatar Apr 27 '23 06:04 subhranil05

@subhranil05 can you provide the zookeeper config from /data/conf/zoo.cfg please check your kubernetes default cluster domain, default is cluster.local image

sys-liqian avatar Apr 27 '23 09:04 sys-liqian

@sys-liqian yeah domain is cluster.local and its correct for me here is the config I'm using

config:
    additionalConfig:
      portUnification: "false"
      secureClientPort: "2281"
      serverCnxnFactory: org.apache.zookeeper.server.NettyServerCnxnFactory
      ssl.quorum.hostnameVerification: "false"
      ssl.quorum.keyStore.location: /path/keystore.jks
      ssl.quorum.keyStore.password: <password>
      ssl.quorum.trustStore.location: /path/truststore.jks
      ssl.quorum.trustStore.password: <password>
      sslQuorum: "true"
    autoPurgePurgeInterval: 1
    autoPurgeSnapRetainCount: 3
    commitLogCount: 500
    globalOutstandingLimit: 1000
    initLimit: 10
    maxClientCnxns: 60
    maxSessionTimeout: 40000
    minSessionTimeout: 4000
    preAllocSize: 65536
    snapCount: 10000
    snapSizeLimitInKb: 4194304
    syncLimit: 5
    tickTime: 2000

subhranil05 avatar Apr 27 '23 11:04 subhranil05

@sys-liqian I have another one to add, when implementing tls to zk quorum I'm using 2281 as secureclientport but how can I add this port permanently to zk-client-service. There is only one client port available now which is 2181 in client service. Can u help me also on this?

subhranil05 avatar Apr 27 '23 12:04 subhranil05

@subhranil05 https://github.com/pravega/zookeeper-operator/blob/72bea545a73130c82b530e508a2a14daaa824435/pkg/zk/generators.go#L258 sorry, the latest release does not implement tls

sys-liqian avatar Apr 28 '23 01:04 sys-liqian

@sys-liqian with the above configuration my zookeeper quorum tls is working fine. Just need to add that new port to service. Are you planning for tls thing? Can I expect it little sooner?

subhranil05 avatar Apr 28 '23 05:04 subhranil05