Open c4milo opened 3 months ago
It's not operator nor helm-chart responsibility to handle node port conflict.
Please attach kubectl get svc -A -o yaml
output to this issue. I wonder if any redpanda helm chart helm release is still in your cluster as left over.
The Redpanda resource spec to solve this issue.
I've re-wrapped the error messages from Camilo:
{
"level": "debug",
"ts": "2024-04-01T21:32:22.924Z",
"logger": "events",
"msg": "Helm upgrade failed for release redpanda/redpanda with chart redpanda@5.7.36: failed to create resource: Service \"redpanda-external\" is invalid: spec.ports[4].nodePort: Invalid value: 30082: provided port is already allocated\n\nLast Helm logs:\n\n2024-04-01T21:32:22.501865617Z: Created a new PodDisruptionBudget called \"redpanda\" in redpanda\n\n2024-04-01T21:32:22.522146873Z: Created a new ServiceAccount called \"id-rpcloud-9m4e2mr0ui3e8a215n4\" in redpanda\n\n2024-04-01T21:32:22.540660454Z: Created a new Secret called \"redpanda-sts-lifecycle\" in redpanda\n\n2024-04-01T21:32:22.557186641Z: Created a new Secret called \"redpanda-config-watcher\" in redpanda\n\n2024-04-01T21:32:22.576038741Z: Created a new Secret called \"redpanda-configurator\" in redpanda\n\n2024-04-01T21:32:22.592036011Z: Created a new Secret called \"redpanda-fs-validator\" in redpanda\n\n2024-04-01T21:32:22.610714711Z: Created a new ConfigMap called \"redpanda\" in redpanda\n\n2024-04-01T21:32:22.626412621Z: Created a new ConfigMap called \"redpanda-rpk\" in redpanda\n\n2024-04-01T21:32:22.64889355Z: Created a new Service called \"redpanda\" in redpanda\n\n2024-04-01T21:32:22.778871216Z: warning: Upgrade \"redpanda\" failed: failed to create resource: Service \"redpanda-external\" is invalid: spec.ports[4].nodePort: Invalid value: 30082: provided port is already allocated",
"type": "Warning",
"object": {
"kind": "HelmRelease",
"namespace": "redpanda",
"name": "redpanda",
"uid": "9b7006ec-60b7-496b-b21c-0ee3064f8e6d",
"apiVersion": "helm.toolkit.fluxcd.io/v2beta2",
"resourceVersion": "11709469"
},
"reason": "UpgradeFailed"
}
Helm upgrade failed for release redpanda/redpanda with chart redpanda@5.7.36: failed to create resource: Service "redpanda-external" is invalid: spec.ports[4].nodePort: Invalid value: 30082: provided port is already allocated
Last Helm logs:
2024-04-01T21:32:22.501865617Z: Created a new PodDisruptionBudget called "redpanda" in redpanda
2024-04-01T21:32:22.522146873Z: Created a new ServiceAccount called "id-rpcloud-9m4e2mr0ui3e8a215n4" in redpanda
2024-04-01T21:32:22.540660454Z: Created a new Secret called "redpanda-sts-lifecycle" in redpanda
2024-04-01T21:32:22.557186641Z: Created a new Secret called "redpanda-config-watcher" in redpanda
2024-04-01T21:32:22.576038741Z: Created a new Secret called "redpanda-configurator" in redpanda
2024-04-01T21:32:22.592036011Z: Created a new Secret called "redpanda-fs-validator" in redpanda
2024-04-01T21:32:22.610714711Z: Created a new ConfigMap called "redpanda" in redpanda
2024-04-01T21:32:22.626412621Z: Created a new ConfigMap called "redpanda-rpk" in redpanda
2024-04-01T21:32:22.64889355Z: Created a new Service called "redpanda" in redpanda
2024-04-01T21:32:22.778871216Z: warning: Upgrade "redpanda" failed: failed to create resource: Service "redpanda-external" is invalid: spec.ports[4].nodePort: Invalid value: 30082: provided port is already allocated
Interesting, I am seeing the same behavior
helm upgrade --install redpanda charts/redpanda -n redpanda --create-namespace --values 1124.yaml
Release "redpanda" does not exist. Installing it now.
Error: 1 error occurred:
* Service "redpanda-external" is invalid: spec.ports[4].nodePort: Invalid value: 30082: provided port is already allocated
templating this shows the following
# Source: redpanda/templates/services.nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: redpanda-external
namespace: "redpanda"
labels:
app.kubernetes.io/component: redpanda
app.kubernetes.io/instance: redpanda
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redpanda
helm.sh/chart: redpanda-5.7.37
spec:
type: NodePort
publishNotReadyAddresses: true
externalTrafficPolicy: Local
sessionAffinity: None
ports:
- name: admin-default
protocol: TCP
port: 9645
nodePort: 31644
- name: kafka-default
protocol: TCP
port: 9094
nodePort: 31092
- name: kafka-kafka-api
protocol: TCP
port: 30092
nodePort: 30092
- name: http-default
protocol: TCP
port: 8083
nodePort: 30082
- name: http-http-proxy
protocol: TCP
port: 30082
nodePort: 30082
- name: schema-default
protocol: TCP
port: 8084
nodePort: 30081
- name: schema-schema-registry
protocol: TCP
port: 30081
nodePort: 30081
selector:
app.kubernetes.io/name: redpanda
app.kubernetes.io/instance: "redpanda"
app.kubernetes.io/component: redpanda-statefulset
I think the problem is that there is two entries with the same nodeport.
when i apply the above file only in a clean installation
k apply -f a.yaml
The Service "redpanda-external" is invalid: spec.ports[4].nodePort: Invalid value: 30082: provided port is already allocated
so i think this is the problem.
To make this work i made the following changes to your values
schemaRegistry:
authenticationMethod: http_basic
enabled: true
external:
default:
advertisedPorts:
- 30084
and
http:
authenticationMethod: http_basic
enabled: true
external:
default:
advertisedPorts:
- 30083
authenticationMethod: null
port: 8083
I believe this is just input error and no "magic" on our end. Perhaps the port list is a bit confusing, its something we have wanted to change for a while now.
@alejandroEsc could we add some validation in that case? This feels like a pretty sharp edge.
Im not sure what we agreed to for this ticket, if the idea is to just shut off service creation to allow for this values file to write out to the internal redpanda.yaml (even though the external is not correct for k8s) then you can proceed by
# -- Service allows you to manage the creation of an external kubernetes service object
service:
# -- Enabled if set to false will not create the external service type
# You can still set your cluster with external access but not create the supporting service (NodePort/LoadBalander).
# Set this to false if you rather manage your own service.
enabled: false
if that is the case then we can close this ticket. Otherwise we can help with documentation. I am not convinced that additional validation would help this situation.
If you let me disable the operator 's default listeners, I'll be on my way. I don't need them but I need the ports, to keep them aligned with AWS's and GCP's.
If you let me disable the operator 's default listeners, I'll be on my way. I don't need them but I need the ports, to keep them aligned with AWS's and GCP's.
let's talk and see if we can figure out what you require, im not sure we can disable listeners, never tried.
What happened?
I used ports
30081
and30082
in "external" listeners and the operator complained that the port was already used:What did you expect to happen?
If I can provide external ports, I expect the operator to honor them. Any hidden magic is highly undesired.
How can we reproduce it (as minimally and precisely as possible)?. Please include values file.
Anything else we need to know?
No response
Which are the affected charts?
Operator
Chart Version(s)
Cloud provider
JIRA Link: K8S-129