search

strimzi / drain-cleaner

Utility to help with draining nodes running Strimzi-managed Apache Kafka® or ZooKeeper® pods
Apache License 2.0
50 stars 29 forks source link

Helm Deployment Does Not Appear to Work #96

Closed davidfaulkner12 closed 1 year ago

davidfaulkner12 commented 1 year ago

Hello! I am attempting to deploy drain cleaner from the Helm chart at 0.5.0 and I am not able to get the Chart working in any way.

I first attempted to install with an extremely simple values.yaml:

            namespace: 
                create: false
                name: strimzi # Created already

However, this resulted in the pod never being created, since it unconditionally wants to mount the secret as a volume even though the default is not to create a secret.

I set secret creation to true and attempted to "disable" the certificate watch, but I am getting invalid secrets generated.

# values.yaml
            secret: 
                create: true
            namespace: 
                create: false
                name: strimzi # Created already
            env: 
                - name: "STRIMZI_CERTIFICATE_WATCH_ENABLED"
                   value: "false"

The error I see on pod startup is:

2023-09-15 21:58:44,216 INFO  [io.str.CertificateWatch] (main) Certificate watch is disabled
2023-09-15 21:58:44,500 ERROR [io.qua.run.Application] (main) Failed to start application (with profile [prod]): java.lang.RuntimeException: Missing -----BEGIN PRIVATE KEY----- or -----BEGIN RSA PRIVATE KEY----- or -----BEGIN EC PRIVATE KEY----- delimiter
        at io.vertx.core.net.impl.KeyStoreHelper.loadPrivateKey(KeyStoreHelper.java:338)
        at io.vertx.core.net.impl.KeyStoreHelper.loadKeyCert(KeyStoreHelper.java:294)
        at io.vertx.core.net.PemKeyCertOptions.getHelper(PemKeyCertOptions.java:421)
        at io.vertx.core.net.PemKeyCertOptions.getKeyManagerFactory(PemKeyCertOptions.java:439)
        at io.vertx.core.net.impl.SSLHelper.lambda$build$6(SSLHelper.java:246)
        at io.vertx.core.impl.ContextBase.lambda$null$0(ContextBase.java:137)
        at io.vertx.core.impl.ContextInternal.dispatch(ContextInternal.java:264)
        at io.vertx.core.impl.ContextBase.lambda$executeBlocking$1(ContextBase.java:135)
        at io.vertx.core.impl.TaskQueue.run(TaskQueue.java:76)
        at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18)
        at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1512)
        at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
        at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.base/java.lang.Thread.run(Thread.java:833)

I'm not familiar enough with the Helm chart or the internals to know if this is a code bug, a documentation bug, or simply a misunderstanding of how to use this cart. I hope there's something obvious I'm missing!

scholzj commented 1 year ago

You have to either provide the certificates in the Hem Chart values or have Cert Manager installed to issue one. Telling it to create the secret does not help without providing the certificates,

davidfaulkner12 commented 1 year ago

Apologies for the delayed response, I really appreciate your own promptness.

The certificate was indeed being created but the secret for the cert was not created by cert-manager due to another error unrelated to strimzi; I addressed that this morning.

Thank you!

scholzj commented 1 year ago

Glad it works now. Thanks for the update.