Closed ph311o closed 7 months ago
Hi @ph311o,
Would you be so kind as to open a PR so our team can discuss the implementation of it?
Thank you!
Hi @fevisera ,
thank you for response. I will create a PR during week as I am busy at the moment.
Cheers
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
I added PR waiting for review.
Name and Version
bitnami/kafka
What architecture are you using?
amd64
What steps will reproduce the bug?
Upgrading Helm-Chart from 23.0.7 to 26.6.2
The secret of sasl.existingSecret has a key "zookeeper-password". All keystores are setup properly.
What is the expected behavior?
Kafka brokers connect to external zookeeper through sasl username and password.
What do you see instead?
Kafka brokers do not connect to external zookeeper through sasl username and password and shutdown.
Additional information
After startup the server.properties file of each broker includes these elements:
generated at https://github.com/bitnami/charts/blob/main/bitnami/kafka/templates/_helpers.tpl#L679-L683
Problem 1: The password placeholder is not replaced with proper password due to
{{- if (include "kafka.saslEnabled" .) }}
in https://github.com/bitnami/charts/blob/main/bitnami/kafka/templates/scripts-configmap.yaml#L286-L316kafka.saslEnabled checks only for SASL in listeners but not for zookeeper connection: https://github.com/bitnami/charts/blob/main/bitnami/kafka/templates/_helpers.tpl#L125-L146
Problem 2: In my opinion there is no property
sasl.jaas.config
for brokers in server.properties file: https://kafka.apache.org/documentation/#brokerconfigs_sasl.jaas.configSee also: https://kafka.apache.org/documentation/#security_jaas_broker
So if I include a test kafka_jaas.conf file as workaround with following content sasl connection to zookeeper works as expected:
In order to create a proper PR I need to discuss the following points:
{{- if .Values.sasl.zookeeper.user }}
as condition for creating zookeeper config and password replacement in a separate code block instead of{{- if (include "kafka.saslEnabled" .) }}
. Any objections?