search

bitnami / charts

Bitnami Helm Charts
https://bitnami.com
Other
8.93k stars 9.18k forks source link

[bitnami/kafka] failing to build a kafka 3 pod cluster using helm chart #26387

Closed acharbha closed 3 months ago

acharbha commented 4 months ago

Name and Version

bitnami/kafka 28.3.0

What architecture are you using?

amd64

What steps will reproduce the bug?

kubectl create namespace my-kafka helm -n my-kafka install my-kafka oci://registry-1.docker.io/bitnamicharts/kafka -f .\my-kafka\values.yml

Are you using any custom parameters or values?

Yes

global:
  storageClass: "nfs-lab"
extraConfig: "authorizer.class.name=org.apache.kafka.metadata.authorizer.StandardAuthorizer"

sasl:
  client:
    users:
      - user1
    passwords: "user1pass"

controller:
  extraConfig: "authorizer.class.name=org.apache.kafka.metadata.authorizer.StandardAuthorizer"
  podSecurityContext:
    enabled: false
  containerSecurityContext:
    enabled: false
  automountServiceAccountToken: true
  logPersistence:
    enabled: true

broker:
  extraConfig: "authorizer.class.name=org.apache.kafka.metadata.authorizer.StandardAuthorizer"
  podSecurityContext:
    enabled: false
  containerSecurityContext:
    enabled: false
  automountServiceAccountToken: true
  logPersistence:
    enabled: true

externalAccess:
  enabled: true
  controller:
    service:
      loadBalancerIPs:
      - 10.11.XX.Y1
      - 10.11.XX.Y2
      - 10.11.XX.Y3
      publishNotReadyAddresses: true

  broker:
    service:
      loadBalancerIPs:
      - 10.11.XX.Y1
      - 10.11.XX.Y2
      - 10.11.XX.Y3
      publishNotReadyAddresses: true

networkPolicy:
  enabled: true
rbac:
  create: true

What is the expected behavior?

Zero restarts of pods.

What do you see instead?

controller pods restarts always

PS C:\Users\acharbha> .\kubectl.exe get pods -n my-kafka
NAME                    READY   STATUS    RESTARTS      AGE
my-kafka-controller-0   1/1     Running   3 (91s ago)   5m43s
my-kafka-controller-1   1/1     Running   3 (96s ago)   5m43s
my-kafka-controller-2   1/1     Running   3 (95s ago)   5m43s
PS C:\Users\acharbha>

Additional information

.\kubectl.exe logs -n my-kafka my-kafka-controller-0 -c kafka -f

[2024-05-23 16:19:50,384] ERROR [ControllerApis nodeId=0] Unexpected error handling request RequestHeader(apiKey=VOTE, apiVersion=0, clientId=raft-client-2, correlationId=611, headerVersion=2) -- VoteRequestData(clusterId='knyUZWzg8qXhJSuja02kyn', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=393, candidateId=2, lastOffsetEpoch=105, lastOffset=4014)])]) with context RequestContext(header=RequestHeader(apiKey=VOTE, apiVersion=0, clientId=raft-client-2, correlationId=611, headerVersion=2), connectionId='10.42.97.135:9093-10.42.205.27:38834-0', clientAddress=/10.42.205.27, principal=User:controller_user, listenerName=ListenerName(CONTROLLER), securityProtocol=SASL_PLAINTEXT, clientInformation=ClientInformation(softwareName=apache-kafka-java, softwareVersion=3.7.0), fromPrivilegedListener=false, principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@726c8c1]) (kafka.server.ControllerApis)
org.apache.kafka.common.errors.AuthorizerNotReadyException
[2024-05-23 16:19:50,384] ERROR [ControllerApis nodeId=0] Unexpected error handling request RequestHeader(apiKey=VOTE, apiVersion=0, clientId=raft-client-1, correlationId=646, headerVersion=2) -- VoteRequestData(clusterId='knyUZWzg8qXhJSuja02kyn', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=387, candidateId=1, lastOffsetEpoch=105, lastOffset=4013)])]) with context RequestContext(header=RequestHeader(apiKey=VOTE, apiVersion=0, clientId=raft-client-1, correlationId=646, headerVersion=2), connectionId='10.42.97.135:9093-10.42.203.208:47656-0', clientAddress=/10.42.203.208, principal=User:controller_user, listenerName=ListenerName(CONTROLLER), securityProtocol=SASL_PLAINTEXT, clientInformation=ClientInformation(softwareName=apache-kafka-java, softwareVersion=3.7.0), fromPrivilegedListener=false, principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@a9ab7ea]) (kafka.server.ControllerApis)
org.apache.kafka.common.errors.AuthorizerNotReadyException
[2024-05-23 16:19:50,386] ERROR [RaftManager id=0] Unexpected error UNKNOWN_SERVER_ERROR in VOTE response: InboundResponse(correlationId=769, data=VoteResponseData(errorCode=-1, topics=[]), sourceId=2) (org.apache.kafka.raft.KafkaRaftClient)
[2024-05-23 16:19:50,386] ERROR [RaftManager id=0] Unexpected error UNKNOWN_SERVER_ERROR in VOTE response: InboundResponse(correlationId=768, data=VoteResponseData(errorCode=-1, topics=[]), sourceId=1) (org.apache.kafka.raft.KafkaRaftClient)
[2024-05-23 16:19:50,405] ERROR [ControllerApis nodeId=0] Unexpected error handling request RequestHeader(apiKey=VOTE, apiVersion=0, clientId=raft-client-1, correlationId=648, headerVersion=2) -- VoteRequestData(clusterId='knyUZWzg8qXhJSuja02kyn', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=387, candidateId=1, lastOffsetEpoch=105, lastOffset=4013)])]) with context RequestContext(header=RequestHeader(apiKey=VOTE, apiVersion=0, clientId=raft-client-1, correlationId=648, headerVersion=2), connectionId='10.42.97.135:9093-10.42.203.208:47656-0', clientAddress=/10.42.203.208, principal=User:controller_user, listenerName=ListenerName(CONTROLLER), securityProtocol=SASL_PLAINTEXT, clientInformation=ClientInformation(softwareName=apache-kafka-java, softwareVersion=3.7.0), fromPrivilegedListener=false, principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@a9ab7ea]) (kafka.server.ControllerApis)
org.apache.kafka.common.errors.AuthorizerNotReadyException
[2024-05-23 16:19:50,406] ERROR [ControllerApis nodeId=0] Unexpected error handling request RequestHeader(apiKey=VOTE, apiVersion=0, clientId=raft-client-2, correlationId=613, headerVersion=2) -- VoteRequestData(clusterId='knyUZWzg8qXhJSuja02kyn', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=393, candidateId=2, lastOffsetEpoch=105, lastOffset=4014)])]) with context RequestContext(header=RequestHeader(apiKey=VOTE, apiVersion=0, clientId=raft-client-2, correlationId=613, headerVersion=2), connectionId='10.42.97.135:9093-10.42.205.27:38834-0', clientAddress=/10.42.205.27, principal=User:controller_user, listenerName=ListenerName(CONTROLLER), securityProtocol=SASL_PLAINTEXT, clientInformation=ClientInformation(softwareName=apache-kafka-java, softwareVersion=3.7.0), fromPrivilegedListener=false, principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@726c8c1]) (kafka.server.ControllerApis)
org.apache.kafka.common.errors.AuthorizerNotReadyException
[2024-05-23 16:19:50,407] ERROR [RaftManager id=0] Unexpected error UNKNOWN_SERVER_ERROR in VOTE response: InboundResponse(correlationId=771, data=VoteResponseData(errorCode=-1, topics=[]), sourceId=2) (org.apache.kafka.raft.KafkaRaftClient)
[2024-05-23 16:19:50,407] ERROR [RaftManager id=0] Unexpected error UNKNOWN_SERVER_ERROR in VOTE response: InboundResponse(correlationId=770, data=VoteResponseData(errorCode=-1, topics=[]), sourceId=1) (org.apache.kafka.raft.KafkaRaftClient)
[2024-05-23 16:19:50,426] ERROR [ControllerApis nodeId=0] Unexpected error handling request RequestHeader(apiKey=VOTE, apiVersion=0, clientId=raft-client-1, correlationId=650, headerVersion=2) -- VoteRequestData(clusterId='knyUZWzg8qXhJSuja02kyn', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=387, candidateId=1, lastOffsetEpoch=105, lastOffset=4013)])]) with context RequestContext(header=RequestHeader(apiKey=VOTE, apiVersion=0, clientId=raft-client-1, correlationId=650, headerVersion=2), connectionId='10.42.97.135:9093-10.42.203.208:47656-0', clientAddress=/10.42.203.208, principal=User:controller_user, listenerName=ListenerName(CONTROLLER), securityProtocol=SASL_PLAINTEXT, clientInformation=ClientInformation(softwareName=apache-kafka-java, softwareVersion=3.7.0), fromPrivilegedListener=false, principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@a9ab7ea]) (kafka.server.ControllerApis)
org.apache.kafka.common.errors.AuthorizerNotReadyException
[2024-05-23 16:19:50,427] ERROR [ControllerApis nodeId=0] Unexpected error handling request RequestHeader(apiKey=VOTE, apiVersion=0, clientId=raft-client-2, correlationId=615, headerVersion=2) -- VoteRequestData(clusterId='knyUZWzg8qXhJSuja02kyn', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=393, candidateId=2, lastOffsetEpoch=105, lastOffset=4014)])]) with context RequestContext(header=RequestHeader(apiKey=VOTE, apiVersion=0, clientId=raft-client-2, correlationId=615, headerVersion=2), connectionId='10.42.97.135:9093-10.42.205.27:38834-0', clientAddress=/10.42.205.27, principal=User:controller_user, listenerName=ListenerName(CONTROLLER), securityProtocol=SASL_PLAINTEXT, clientInformation=ClientInformation(softwareName=apache-kafka-java, softwareVersion=3.7.0), fromPrivilegedListener=false, principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@726c8c1]) (kafka.server.ControllerApis)
org.apache.kafka.common.errors.AuthorizerNotReadyException
[2024-05-23 16:19:50,428] ERROR [RaftManager id=0] Unexpected error UNKNOWN_SERVER_ERROR in VOTE response: InboundResponse(correlationId=773, data=VoteResponseData(errorCode=-1, topics=[]), sourceId=2) (org.apache.kafka.raft.KafkaRaftClient)
[2024-05-23 16:19:50,428] ERROR [RaftManager id=0] Unexpected error UNKNOWN_SERVER_ERROR in VOTE response: InboundResponse(correlationId=772, data=VoteResponseData(errorCode=-1, topics=[]), sourceId=1) (org.apache.kafka.raft.KafkaRaftClient)
[2024-05-23 16:19:50,438] INFO [MetadataLoader id=0] initializeNewPublishers: the loader is still catching up because we still don't know the high water mark yet. (org.apache.kafka.image.loader.MetadataLoader)
javsalgar commented 4 months ago

Hi,

Could you check the rendered configuration that the chart generates? It should be in configmaps and secrets.

acharbha commented 4 months ago

Following values is working to have stable pods with no restart 

helm.exe -n my-kafka get values my-kafka
USER-SUPPLIED VALUES:
global:
  storageClass: "nfs-lab"
extraConfig: |
  allow.everyone.if.no.acl.found=true
  super.users=User:admin;User:controller_user;User:dbaassuperadmin
  auto.create.topics.enable=TRUE
  default.replication.factor=1
  delete.topic.enable=FALSE
  authorizer.class.name=org.apache.kafka.metadata.authorizer.StandardAuthorizer

sasl:
  client:
    users:
      - user1
    passwords: "user1pass"

controller:
  podSecurityContext:
    enabled: false
  containerSecurityContext:
    enabled: false
  logPersistence:
    enabled: true
  automountServiceAccountToken: true

broker:
  podSecurityContext:
    enabled: false
  containerSecurityContext:
    enabled: false
  logPersistence:
    enabled: true
  automountServiceAccountToken: true

externalAccess:
  enabled: true
  autoDiscovery:
    enabled: true    
  controller:
    service:
      loadBalancerIPs:
      - 10.11.XX.Y1
      - 10.11.XX.Y2
      - 10.11.XX.Y3
      publishNotReadyAddresses: true
  broker:
    service:
      publishNotReadyAddresses: true
rbac:
  create: true

However, when I start, I try to publish using kafka client its failing SASL auth

kubectl exec --tty -i my-kafka-client --namespace my-kafka -- bash
I have no name!@my-kafka-client:/$ cat /tmp/client.properties
security.protocol=SASL_PLAINTEXT
sasl.mechanism=SCRAM-SHA-256
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \
    username="user1" \
    password="user1pass";
I have no name!@my-kafka-client:/$
I have no name!@my-kafka-client:/$ kafka-console-producer.sh \
            --producer.config /tmp/client.properties \
            --broker-list my-kafka-controller-0.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092,my-kafka-controller-1.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092,my-kafka-controller-2.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092 \
            --topic test
>[2024-05-24 09:22:21,948] ERROR [Producer clientId=console-producer] Connection to node -1 (my-kafka-controller-0.my-kafka-controller-headless.my-kafka.svc.cluster.local/10.42.97.8:9092) failed authentication due to: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-256 (org.apache.kafka.clients.NetworkClient)
[2024-05-24 09:22:21,949] WARN [Producer clientId=console-producer] Bootstrap broker my-kafka-controller-0.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092 (id: -1 rack: null) disconnected (org.apache.kafka.clients.NetworkClient)
[2024-05-24 09:22:22,276] ERROR [Producer clientId=console-producer] Connection to node -2 (my-kafka-controller-1.my-kafka-controller-headless.my-kafka.svc.cluster.local/10.42.203.111:9092) failed authentication due to: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-256 (org.apache.kafka.clients.NetworkClient)
[2024-05-24 09:22:22,276] WARN [Producer clientId=console-producer] Bootstrap broker my-kafka-controller-1.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092 (id: -2 rack: null) disconnected (org.apache.kafka.clients.NetworkClient)
[2024-05-24 09:22:22,591] ERROR [Producer clientId=console-producer] Connection to node -3 (my-kafka-controller-2.my-kafka-controller-headless.my-kafka.svc.cluster.local/10.42.205.225:9092) failed authentication due to: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-256 (org.apache.kafka.clients.NetworkClient)

Even with plaintext protocol I cannot produce the messages getting error -

listeners:
  client:
    protocol:  PLAINTEXT
  controller:
    protocol:  PLAINTEXT
  interbroker:
    protocol:  PLAINTEXT
  external:
    protocol:  PLAINTEXT
kafka-console-producer.sh \
            --broker-list my-kafka-controller-0.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092,my-kafka-controller-1.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092,my-kafka-controller-2.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092 \
            --topic test
>[2024-05-24 09:36:58,131] WARN [Producer clientId=console-producer] Connection to node -3 (my-kafka-controller-2.my-kafka-controller-headless.my-kafka.svc.cluster.local/10.42.205.33:9092) could not be established. Node may not be available. (org.apache.kafka.clients.NetworkClient)
[2024-05-24 09:36:58,131] WARN [Producer clientId=console-producer] Bootstrap broker my-kafka-controller-2.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092 (id: -3 rack: null) disconnected (org.apache.kafka.clients.NetworkClient)
[2024-05-24 09:36:58,139] WARN [Producer clientId=console-producer] Connection to node -1 (my-kafka-controller-0.my-kafka-controller-headless.my-kafka.svc.cluster.local/10.42.97.164:9092) could not be established. Node may not be available. (org.apache.kafka.clients.NetworkClient)
[2024-05-24 09:36:58,139] WARN [Producer clientId=console-producer] Bootstrap broker my-kafka-controller-0.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092 (id: -1 rack: null) disconnected (org.apache.kafka.clients.NetworkClient)
[2024-05-24 09:36:58,247] WARN [Producer clientId=console-producer] Connection to node -2 (my-kafka-controller-1.my-kafka-controller-headless.my-kafka.svc.cluster.local/10.42.203.186:9092) could not be established. Node may not be available. (org.apache.kafka.clients.NetworkClient)
[2024-05-24 09:36:58,248] WARN [Producer clientId=console-producer] Bootstrap broker my-kafka-controller-1.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092 (id: -2 rack: null) disconnected (org.apache.kafka.clients.NetworkClient)
acharbha commented 4 months ago

There's something basic which is not working - javsalgar. I built kafka with all default value still can't produce the messages -

PS C:\Users\acharbha> helm -n my-kafka install my-kafka bitnami/kafka
NAME: my-kafka
LAST DEPLOYED: Fri May 24 19:22:30 2024
NAMESPACE: my-kafka
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: kafka
CHART VERSION: 28.2.4
APP VERSION: 3.7.0

** Please be patient while the chart is being deployed **

Kafka can be accessed by consumers via port 9092 on the following DNS name from within your cluster:

    my-kafka.my-kafka.svc.cluster.local

Each Kafka broker can be accessed by producers via port 9092 on the following DNS name(s) from within your cluster:

    my-kafka-controller-0.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092
    my-kafka-controller-1.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092
    my-kafka-controller-2.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092

The CLIENT listener for Kafka client connections from within your cluster have been configured with the following security settings:
    - SASL authentication

To connect a client to your Kafka, you need to create the 'client.properties' configuration files with the content below:

security.protocol=SASL_PLAINTEXT
sasl.mechanism=SCRAM-SHA-256
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \
    username="user1" \
    password="$(kubectl get secret my-kafka-user-passwords --namespace my-kafka -o jsonpath='{.data.client-passwords}' | base64 -d | cut -d , -f 1)";

To create a pod that you can use as a Kafka client run the following commands:

    kubectl run my-kafka-client --restart='Never' --image docker.io/bitnami/kafka:3.7.0-debian-12-r6 --namespace my-kafka --command -- sleep infinity
    kubectl cp --namespace my-kafka /path/to/client.properties my-kafka-client:/tmp/client.properties
    kubectl exec --tty -i my-kafka-client --namespace my-kafka -- bash

    PRODUCER:
        kafka-console-producer.sh \
            --producer.config /tmp/client.properties \
            --broker-list my-kafka-controller-0.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092,my-kafka-controller-1.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092,my-kafka-controller-2.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092 \
            --topic test

    CONSUMER:
        kafka-console-consumer.sh \
            --consumer.config /tmp/client.properties \
            --bootstrap-server my-kafka.my-kafka.svc.cluster.local:9092 \
            --topic test \
            --from-beginning

WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
  - controller.resources
+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
.\kubectl.exe get pods -n my-kafka
NAME                    READY   STATUS    RESTARTS   AGE
my-kafka-client         1/1     Running   0          11h
my-kafka-controller-0   1/1     Running   0          16m
my-kafka-controller-1   1/1     Running   0          16m
my-kafka-controller-2   1/1     Running   0          16m
kubectl get secret my-kafka-user-passwords --namespace my-kafka -o jsonpath='{.data.client-passwords}' | base64 -d | cut -d , -f 1
CvqPI061lN
kubectl exec --tty -i my-kafka-client --namespace my-kafka -- bash
I have no name!@my-kafka-client:/$ cat /tmp/client.properties
security.protocol=SASL_PLAINTEXT
sasl.mechanism=SCRAM-SHA-256
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \
    username="user1" \
    password="CvqPI061lN";

root@acharbha-mobl1:~# kubectl exec --tty -i my-kafka-client --namespace my-kafka -- bash
I have no name!@my-kafka-client:/$ kafka-console-producer.sh \
            --producer.config /tmp/client.properties \
            --broker-list my-kafka-controller-0.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092,my-kafka-controller-1.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092,my-kafka-controller-2.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092 \
            --topic test
>[2024-05-24 14:07:47,063] ERROR [Producer clientId=console-producer] Connection to node -3 (my-kafka-controller-2.my-kafka-controller-headless.my-kafka.svc.cluster.local/10.42.205.55:9092) failed authentication due to: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-256 (org.apache.kafka.clients.NetworkClient)
[2024-05-24 14:07:47,063] WARN [Producer clientId=console-producer] Bootstrap broker my-kafka-controller-2.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092 (id: -3 rack: null) disconnected (org.apache.kafka.clients.NetworkClient)
[2024-05-24 14:07:47,072] ERROR [Producer clientId=console-producer] Connection to node -2 (my-kafka-controller-1.my-kafka-controller-headless.my-kafka.svc.cluster.local/10.42.203.157:9092) failed authentication due to: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-256 (org.apache.kafka.clients.NetworkClient)
[2024-05-24 14:07:47,072] WARN [Producer clientId=console-producer] Bootstrap broker my-kafka-controller-1.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092 (id: -2 rack: null) disconnected (org.apache.kafka.clients.NetworkClient)
[2024-05-24 14:07:47,387] ERROR [Producer clientId=console-producer] Connection to node -1 (my-kafka-controller-0.my-kafka-controller-headless.my-kafka.svc.cluster.local/10.42.97.186:9092) failed authentication due to: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-256 (org.apache.kafka.clients.NetworkClient)
[2024-05-24 14:07:47,387] WARN [Producer clientId=console-producer] Bootstrap broker my-kafka-controller-0.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092 (id: -1 rack: null) disconnected (org.apache.kafka.clients.NetworkClient)
[2024-05-24 14:07:47,697] ERROR [Producer clientId=console-producer] Connection to node -3 (my-kafka-controller-2.my-kafka-controller-headless.my-kafka.svc.cluster.local/10.42.205.55:9092) failed authentication due to: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-256 (org.apache.kafka.clients.NetworkClient)
acharbha commented 4 months ago

kubectl exec --tty -i my-kafka-controller-0 --namespace my-kafka -- bash

/opt/bitnami/kafka/bin$ kafka-metadata-quorum.sh --bootstrap-server  my-kafka-controller-0.my-kafka-controller-headless.my-kafka.svc.cluster.local:9092 describe --status
org.apache.kafka.common.errors.TimeoutException: Timed out waiting for a node assignment. Call: listNodes
java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.TimeoutException: Timed out waiting for a node assignment. Call: listNodes
        at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396)
        at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2073)
        at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165)
        at org.apache.kafka.tools.MetadataQuorumCommand.handleDescribeStatus(MetadataQuorumCommand.java:210)
        at org.apache.kafka.tools.MetadataQuorumCommand.execute(MetadataQuorumCommand.java:111)
        at org.apache.kafka.tools.MetadataQuorumCommand.mainNoExit(MetadataQuorumCommand.java:62)
        at org.apache.kafka.tools.MetadataQuorumCommand.main(MetadataQuorumCommand.java:57)
Caused by: org.apache.kafka.common.errors.TimeoutException: Timed out waiting for a node assignment. Call: listNodes
fmulero commented 4 months ago

Hi @acharbha

I am trying to reproduce your issue. At the moment I've seen that the documentation about the value sasl.users.passwords seems not valid. That value should be set in this manner (with a list):

sasl:
  client:
    users:
      - user1
    passwords: 
      - "user1pass"

I hope to come back soon with more news.

acharbha commented 4 months ago

I appreciate your offer to help with this. I expect that at least the default configuration should be in a working state. https://github.com/bitnami/charts/issues/26387#issuecomment-2129629390

acharbha commented 4 months ago

@fmulero any update ?

github-actions[bot] commented 4 months ago

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

fmulero commented 4 months ago

Sorry about my very late response.

About the problem you reported here with the default values, Did you removed previous PV? I am not able to reproduce that problem and I think you have a conflict coming from existing PV.

I also tried to reproduce the original issue with latest version of the chart and I am not able to do it, not sure if changes applied on #27097 could fix this issue also. Could you give it a try?

github-actions[bot] commented 3 months ago

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.