Open voutilad opened 5 months ago
And deploying the update will enable SASL and authorization for all listeners
Is this true? In the cluster config I saw, enable_sasl
and kafka_enable_authorization
were both set to false
.
The helm chart may have updated bootstrap.yaml
and redpanda.yaml
, but after a cluster is formed, cluster config from those two locations is ignored.
The cluster config need to be set with something like:
rpk cluster config set kafka_enable_authorization true
I think this issue is also related.
Good catch, this does seem like a broken workflow
Heads up @chrisseto . These changes from the helm side to existing cluster configs must definitely set the cluster configs via RPK or Admin API and trigger a restart when necessary. Node level configs could still go into redpanda.yaml and trigger a restart IIUC
What happened?
Using the Helm chart, adding something like:
And deploying the update will enable SASL and authorization for all listeners, but the Schema Registry and any internal Kafka client usage will not properly use authentication. This results in any client (Console, rpk, etc.) trying to use the Schema Registry to receive errors about it being unable to contact brokers:
Broker side:
Client side:
What did you expect to happen?
Schema Registry to work 😆
How can we reproduce it (as minimally and precisely as possible)?. Please include values file.
Start with:
Then update to:
Anything else we need to know?
No response
Which are the affected charts?
Redpanda
Chart Version(s)
5.7.35
Cloud provider
n/a
JIRA Link: K8S-127