redpanda-data
Superuser list are reset to default value if `auth.sasl.secretRef` is set
What happened?
There is race condition between post-upgrade job and config-watcher. Chain of events could be that config-watcher finishes whole reconciliation of superusers list, but post-upgrade job can reset superuser list to it's default value. That could break cluster if user is using superusers for authentication.
What did you expect to happen?
post-upgrade job should not reset superusers list to default.
How can we reproduce it (as minimally and precisely as possible)?. Please include values file.
$ helm install redpanda redpanda/redpanda --namespace redpanda --create-namespace
$ helm upgrade redpanda --set config.tunable.kafka_connection_rate_limit=1500
# Reset superuser list replicating post-upgrade job execution
$ kubectl exec -ti redpanda -- rpk cluster import -f /etc/redpanda/bootstrap.yaml
Anything else we need to know?
No response
Which are the affected charts?
Redpanda
Chart Version(s)
latest
Cloud provider
N/A
JIRA Link: K8S-99
This issue is solved with the following changes:
- https://github.com/redpanda-data/helm-charts/pull/1071
- https://github.com/redpanda-data/helm-charts/pull/1054
The crucial fact is that @chrisseto implemented config export, overwrite and config import.
I'm re-opening this issue as I need to implement test like in https://github.com/redpanda-data/helm-charts/pull/1058