Open JakeSCahill opened 8 months ago
When changing the configuration, the schema server in redpanda is supposed to restart. It's not, which is causing this issue. (see redpanda issue # )
Just tested again with redpanda-5.6.63 v23.2.18:
export DOMAIN=customredpandadomain.local && \
helm repo add redpanda https://charts.redpanda.com/
helm repo update
helm upgrade --install redpanda redpanda/redpanda \
--namespace redpanda \
--create-namespace \
--set external.domain=${DOMAIN} \
--set statefulset.initContainers.setDataDirOwnership.enabled=true --set connectors.enabled=true --set listeners.admin.tls.requireClientAuth=true --set auth.sasl.enabled=true --set auth.sasl.secretRef=redpanda-superusers
Console refuses to start up:
kubectl logs redpanda-console-5dd6bdd548-mc5h7 -n redpanda
{"level":"info","ts":"2023-12-18T14:05:07.538Z","msg":"started Redpanda Console","version":"v2.3.8","built_at":"1701900386"}
{"level":"info","ts":"2023-12-18T14:05:07.539Z","msg":"connecting to Kafka seed brokers, trying to fetch cluster metadata"}
{"level":"info","ts":"2023-12-18T14:05:07.549Z","msg":"successfully connected to kafka cluster","advertised_broker_count":3,"topic_count":5,"controller_id":0,"kafka_version":"unknown custom version at least v0.11.0"}
{"level":"info","ts":"2023-12-18T14:05:07.549Z","msg":"creating schema registry client and testing connectivity"}
{"level":"info","ts":"2023-12-18T14:05:07.557Z","msg":"successfully tested schema registry connectivity"}
{"level":"info","ts":"2023-12-18T14:05:07.557Z","msg":"testing admin client connectivity","urls":["https://redpanda.redpanda.svc.cluster.local.:9644"]}
Retrying GET for error: Get "https://redpanda.redpanda.svc.cluster.local.:9644/v1/brokers": remote error: tls: certificate required
Retrying GET for error: Get "https://redpanda.redpanda.svc.cluster.local.:9644/v1/brokers": remote error: tls: certificate required
{"level":"fatal","ts":"2023-12-18T14:05:10.630Z","msg":"failed to create Redpanda service","error":"failed to test admin client connectivity: Get \"https://redpanda.redpanda.svc.cluster.local.:9644/v1/brokers\": remote error: tls: certificate required"}
Secrets available:
kubectl get secret -n redpanda
NAME TYPE DATA AGE
redpanda-client kubernetes.io/tls 3 6m29s
redpanda-config-watcher Opaque 1 6m34s
redpanda-configurator Opaque 1 6m34s
redpanda-default-cert kubernetes.io/tls 3 6m29s
redpanda-default-root-certificate kubernetes.io/tls 3 6m31s
redpanda-external-cert kubernetes.io/tls 3 6m29s
redpanda-external-root-certificate kubernetes.io/tls 3 6m31s
redpanda-sts-lifecycle Opaque 3 6m34s
redpanda-superusers Opaque 1 7m33s
sh.helm.release.v1.redpanda.v1 helm.sh/release.v1 1 6m34s
What happened?
When enabling mTLS for the Admin API, Console and Connectors fail to start. Console reports that it's missing TLS certs:
If I try to disable mTLS after enabling it, the post-upgrade job fails with
Error: UPGRADE FAILED: post-upgrade hooks failed: job failed: BackoffLimitExceeded
.Post-upgrade logs:
If I re-enable mTLS, Console starts running, but there are issues with Admin API connections.
https://github.com/redpanda-data/helm-charts/assets/45230295/62e3ea6f-cdb4-4eb0-93ca-8a12f9f0ddd7
What did you expect to happen?
Redpanda Console and Connectors should work even if mTLS is enabled.
How can we reproduce it (as minimally and precisely as possible)?. Please include values file.
Anything else we need to know?
No response
Which are the affected charts?
No response
Chart Version(s)
Cloud provider
JIRA Link: K8S-71