Docker container in Kubernetes Pod can't connect to Kafka (running on Kubernetes)

[mbecker]

Description

I'm running a Kafka cluster on Kubernetes in namespace "kafka". The connection from ksqlDB (docker) running as a pod in the same namespace and local Kafka go clients works. So connection to the Kafka cluster / bootstrap is working from external as well from internal clients.

But running the confluent-kafka-go either locally in a Docker container or as pod on Kubernetes in the same namespace the connections doesn't work. I've tried both the internally Kubernetes service or the external Ingress host.

The error is as follows:

Failed to resolve 'aa-kafka-0.aakafka-kafka-brokers.kafka.svc.cluster.local:9092': Bad address (after 0ms in state CONNECT, 4 identical error(s) suppressed)

The Docker image is built with the following Dockerfile https://github.com/confluentinc/confluent-kafka-go/issues/461#issuecomment-758654252

How to reproduce

Use the Dockerfile linked above and try to connect to a Kafka broker.

Dockerfile as reference

####
FROM golang:1.14.15-stretch as builder

RUN apt update && apt install git ca-certificates gcc -y && update-ca-certificates

ENV USER=appuser
ENV UID=10001
# See https://stackoverflow.com/a/55757473/12429735RUN 
RUN adduser \    
    --disabled-password \    
    --gecos "" \    
    --home "/nonexistent" \    
    --shell "/sbin/nologin" \    
    --no-create-home \    
    --uid "${UID}" \    
    "${USER}"

WORKDIR $GOPATH/src/gitlab.com/mbecker/gooevents
COPY . .

RUN go mod download
RUN go mod verify

RUN CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -tags "netgo static" -o /go/bin/main --ldflags "-extldflags -static" .

FROM scratch

COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /etc/passwd /etc/passwd
COPY --from=builder /etc/group /etc/group

COPY --from=builder /go/bin/main /go/bin/main

COPY server/ ./server/
COPY certs/ ./certs/
COPY .env ./.env

USER appuser:appuser
ENTRYPOINT ["/go/bin/main"]

Checklist

Please provide the following information:

• [ ] confluent-kafka-go and librdkafka version (LibraryVersion()): golang:1.14.15-stretch
• [ ] Apache Kafka broker version: 2.7
• [ ] Client configuration: ConfigMap{...}
• [ ] Operating system:
• [ ] Provide client logs (with "debug": ".." as necessary)
• [ ] Provide broker log excerpts
• [ ] Critical issue

Any help or tipps would be highl appreciated. Thanks guys for the great work and cheers.

[mitgath]

https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ you can try this:

/bin/sh -c >
              until curl -s -f http://127.0.0.1:15020/healthz/ready; do echo
              "Waiting for istio-proxy" && sleep 1; done
              sleep 2 && /app/app

[emretanriverdi]

I have the same issue, it works with debian-slim but not with scratch.

[emretanriverdi]

This is directly affiliated with this: https://github.com/confluentinc/confluent-kafka-go/issues/644