kafka-broker-id labels could be simplified with 1.9 statefulset.kubernetes.io/pod-name

Question

kafka-broker-id labels could be simplified with 1.9 statefulset.kubernetes.io/pod-name

golonzovsky opened this issue 6 years ago · 5 comments

From 1.9 kubernetes adds statefulset pod labels by itself, e.g. statefulset.kubernetes.io/pod-name=kafka-0 (see docks change)

Maybe pod labeler logic could be simplified

Outside service could look like:

kind: Service
apiVersion: v1
metadata:
  name: outside-0
  namespace: kafka
spec:
  selector:
    app: kafka
    statefulset.kubernetes.io/pod-name: kafka-0
  ports:
  - protocol: TCP
    targetPort: 9094
    port: 32400
    nodePort: 32400
  type: NodePort

Answer 1 · 2018-08-13T07:24:19.000Z

With Kafka 1.1+ dynamic config for #78 listener configuration, would it even be achievable to get rid of the init script entirely for simple setups? I'd be very happy to hear ideas on that.

Unfortunately broker.rack is readonly, but maybe multi-zone clusters isn't used by too many.

Answer 2 · 2018-10-13T11:38:37.000Z

I also recommend that using statefulset.kubernetes.io/pod-name=kafka-0 as selector conditions instead of kafka-broker-id: "0", because outside service will failed when deploying kafka in minikube.

init.sh will fail to label pod of broker perhaps because of rbac. It did print error logs , but not notify user friendly , here is what I get in init

Failed to label kafka.kafka-0 - RBAC issue?
+ '[' '!' -z ' kafka-listener-outside-host=192.168.99.100 kafka-listener-outside-port=32400' ']'
+ kubectl -n kafka annotate pod kafka-0 kafka-listener-outside-host=192.168.99.100 kafka-listener-outside-port=32400
Error from server (Forbidden): pods "kafka-0" is forbidden: User "system:serviceaccount:kafka:default" cannot get pods in the namespace "kafka"
Failed to annotate kafka.kafka-0 - RBAC issue?
+ echo 'Failed to annotate kafka.kafka-0 - RBAC issue?'

When I apply outside-services/, it does not work as expected because of lacking of label for brokers

Answer 3 · 2018-10-15T05:15:49.000Z

The danger I see is that you'll have no indication that other init steps might have failed too. Steps that you might depend on in production. That was the reason why I changed to doing all labelling at the end (#117, cc27bc1).

Are there more arguments for and against?

Answer 4 · 2018-10-16T14:06:19.000Z

No, you are right !

apply rbac-namespace-default was an option step long time ago, so I forgot to apply rbac-namespace-default when I deploy kafka recently.

It works fine for minikube after apply -f rbac-namespace-default/ 👍 .

Answer 5 · 2018-10-16T14:51:55.000Z

I'll close this issue then, but I'm prepared to reopen it should more arguments for using the default label come up.