Yolean/kubernetes-kafka

Error - External Access via outside services

t-snyder opened this issue · 1 comments

t-snyder commented

I keep getting a connection refused (kafkacat) or TimeoutException KafkaProducer code. In trying to track it down I ran the following command:
kubectl logs -c init-config kafka-0 --namespace=kafka

It appears the initial init pod script does not have authorization to determine the minikube ip address.

The output=

  • cp /etc/kafka-configmap/log4j.properties /etc/kafka/
  • KAFKA_BROKER_ID=0
  • SEDS=("s/#init#broker.id=#init#/broker.id=$KAFKA_BROKER_ID/")
  • LABELS=kafka-broker-id=0
  • ANNOTATIONS=
  • hash kubectl
    ++ kubectl get node minikube '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}'
    Error from server (Forbidden): nodes "minikube" is forbidden: User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope
  • ZONE=
  • '[' 1 -ne 0 ']'
  • SEDS+=("s/#init#broker.rack=#init#/#init#broker.rack=# zone lookup failed, see -c init-config logs/")
    ++ kubectl get node minikube -o 'jsonpath={.status.addresses[?(@.type=="InternalIP")].address}'
    Error from server (Forbidden): nodes "minikube" is forbidden: User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope
  • OUTSIDE_HOST=
  • '[' 1 -ne 0 ']'
  • echo 'Outside (i.e. cluster-external access) host lookup command failed'
  • '[' '!' -z kafka-broker-id=0 ']'
  • kubectl -n kafka label pod kafka-0 kafka-broker-id=0
    Outside (i.e. cluster-external access) host lookup command failed
    Error from server (Forbidden): pods "kafka-0" is forbidden: User "system:serviceaccount:kafka:default" cannot get pods in the namespace "kafka"
  • echo 'Failed to label kafka.kafka-0 - RBAC issue?'
    Failed to label kafka.kafka-0 - RBAC issue?
  • '[' '!' -z '' ']'
  • printf '%s\n' s/#init#broker.id=#init#/broker.id=0/ 's/#init#broker.rack=#init#/#init#broker.rack=# zone lookup failed, see -c init-config logs/'
  • sed -f - /etc/kafka-configmap/server.properties
  • '[' 0 -eq 0 ']'
  • mv /etc/kafka/server.properties.tmp /etc/kafka/server.properties

Any suggestions on how to resolve?

Thanks in advance.

t-snyder commented

My bad. Adding
kubectl apply -f ./Kafka/rbac-namespace-default/ prior to zookeeper and kafka fixed the problem