Error Deploying Confluent Kafka Platform with RBAC

[tariqsiddiqui]

I tried to depoy confluent kafka platform with rbac and got this error. kubectl apply -f $TUTORIAL_HOME/confluent-platform-rbac-secure.yaml zookeeper.platform.confluent.io/zookeeper created error: error validating "/Users/tariq/git/operator-earlyaccess/cp-rbac-deploy/confluent-platform-rbac-secure.yaml": error validating data: [ValidationError(Kafka.spec.services.mds): unknown field "ldap" in io.confluent.platform.v1beta1.Kafka.spec.services.mds, ValidationError(Kafka.spec.services.mds): missing required field "provider" in io.confluent.platform.v1beta1.Kafka.spec.services.mds, ValidationError(Kafka.spec.services): unknown field "restProxy" in io.confluent.platform.v1beta1.Kafka.spec.services]; if you choose to ignore these errors, turn validation off with --validate=false

I was able to deploy a simple confluent platform without any problem: kubectl apply -f $TUTORIAL_HOME/confluent-platform.yaml

[mccullya]

I'm having the same issue with the restProxy. I've Managed to get past the ldap issue by changing the yaml to:

  services:
    mds:
      provider:
        ldap:
          address: ldap://ldap.confluent.svc.cluster.local:389
          authentication:
            simple:
              secretRef: kafka-secret
            type: simple
          configurations:
            groupMemberAttribute: member
            groupMemberAttributePattern: cn=(.*?),.*,dc=foo,dc=bar
            groupNameAttribute: cn
            groupObjectClass: groupOfNames
            groupSearchBase: ou=groups,dc=foo,dc=com
            userMemberOfAttributePattern: cn=(.*),ou=groups,dc=foo,dc=bar
            userNameAttribute: cn
            userObjectClass: '*'
            userSearchBase: dc=foo,dc=bar
        type: ldap

But looking at the kafka CRD, it seems that restProxy has been removed from the services section (?) as i only see mds there now. The only reference to restproxy the crd, is an option in 'dependencies'.

Is there a different method to get restProxy up and running with the latest version of confluent operator?

[tariqsiddiqui]

@mccullya I tried using your changes, and I don't see Kafka pods coming up. I see Zookeeper pods, and ControlCenter is in CrashLoopBackOff state. Did Kafka pods come up for you?

[rohit2b]

Hi @tariqsiddiqui - For an RBAC deploy, can you try the https://github.com/confluentinc/operator-earlyaccess/tree/master/production-secure-deploy scenario? The CRD API changed a few releases ago, and that changed the CustomResource YAMLs.

It could be that the older version CRDs are still present, and not updated. You can try deleting the CRDs, and then re-installing them.

You can get the CRDs by pulling down the Helm chart:

helm pull confluentinc_earlyaccess/confluent-for-kubernetes

tar -xzf confluent-for-kubernetes-0.174.2.tgz

kubectl apply -f confluent-for-kubernetes/crds/

[rohit2b]

But looking at the kafka CRD, it seems that restProxy has been removed from the services section (?) as i only see mds there now. The only reference to restproxy the crd, is an option in 'dependencies'.

Is there a different method to get restProxy up and running with the latest version of confluent operator?

@mccullya - When you deploy a Confluent Kafka, the embedded restProxy v3 is configured and enabled. This embedded restProxy v3 provides Kafka Admin APIs - https://docs.confluent.io/platform/current/kafka-rest/api.html#crest-api-v3