strimzi-kafka-operator
strimzi-kafka-operator copied to clipboard
strimzi
Kafka is not started with external Ingress listener without class property
Hi, i setup my Kafka system with an external Ingress listener:
listeners:
- name: plain
port: 9092
type: internal
tls: false
- name: tls
port: 9093
type: internal
tls: true
- name: external
port: 9094
type: ingress
tls: true
configuration:
bootstrap:
host: bootstrap.dynv6.net
brokers:
- broker: 0
host: broker-0.dynv6.net
- broker: 1
host: broker-1.dynv6.net
Ingress objects were created, but aren't working:
:~$ kubectl get ingress -n kafka
NAME CLASS HOSTS ADDRESS PORTS AGE
dashboard-cluster-kafka-0 <none> broker-0.dynv6.net 80, 443 2m54s
dashboard-cluster-kafka-1 <none> broker-1.dynv6.net 80, 443 2m54s
dashboard-cluster-kafka-bootstrap <none> bootstrap.dynv6.net 80, 443 2m54s
:~$
ADDRESS fields are empty.
Here stops the Kafka Startup because the Strimzi Controller is waiting for the Ingresses to be reachable:
2022-09-21 09:33:55 WARN AbstractOperator:516 - Reconciliation #62(watch) Kafka(kafka/dashboard-cluster): Failed to reconcile io.strimzi.operator.common.operator.resource.TimeoutException: Exceeded timeout of 300000ms while waiting for Ingress resource dashboard-cluster-kafka-bootstrap in namespace kafka to be addressable
NGINX Ingress writes warnings:
I0920 18:40:30.250603 7 store.go:426] "Ignoring ingress because of error while validating ingress class" ingress="kafka/dashboard-cluster-kafka-1" error="ingress does not contain a valid IngressClass" I0920 18:40:30.250680 7 store.go:426] "Ignoring ingress because of error while validating ingress class" ingress="kafka/dashboard-cluster-kafka-bootstrap" error="ingress does not contain a valid IngressClass" I0920 18:40:30.250728 7 store.go:426] "Ignoring ingress because of error while validating ingress class" ingress="kafka/dashboard-cluster-kafka-0" error="ingress does not contain a valid IngressClass"
It turns out that without the parameter "configuration.class: nginx" the created Ingresses for bootstrap, broker-0, and broker-1 cannot be correctly initialized by NGINX Ingress and didn't get an endpoint assigned by the NGINX Ingress controller.
Only with the specified class property the created Ingresses are correctly initialized and started up:
listeners:
- name: plain
port: 9092
type: internal
tls: false
- name: tls
port: 9093
type: internal
tls: true
- name: external
port: 9094
type: ingress
tls: true
configuration:
class: nginx <============= this is the change
bootstrap:
host: bootstrap-proxia.dynv6.net
brokers:
- broker: 0
host: broker-0-proxia.dynv6.net
- broker: 1
host: broker-1-proxia.dynv6.net
Now Ingress objects were created, and get an working address:
:~$ kubectl get ingress -n kafka
NAME CLASS HOSTS ADDRESS PORTS AGE
dashboard-cluster-kafka-0 nginx broker-0.dynv6.net 51.158.129.38 80, 443 13h
dashboard-cluster-kafka-1 nginx broker-1.dynv6.net 51.158.129.38 80, 443 13h
dashboard-cluster-kafka-bootstrap nginx bootstrap.dynv6.net 51.158.129.38 80, 443 13h
:~$
CLASS and ADDRESS fields are set.
Bugfix: class must be mandatory for Ingress listeners with TLS encryption.
If you are using type: ingress then you are forced by Strimzi to set tls: true:
io.strimzi.operator.cluster.model.InvalidResourceException: Listener configuration is not valid: [listener external is Route or Ingress type listener and requires enabled TLS encryption]
"class" must also be forced mandatory and the documentation must be adapted.
Environment:
- Scaleway Kubernetes Cluster 1.24
- github.com/kubernetes/ingress-nginx helm-chart-4.2.5, controller-v1.3.1
- Strimzi-Operator 0.31
