question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

KafkaUsers do not show any ready state when there is no authorization type on the cluster CR

See original GitHub issue

With Strimzi 0.26+

Creating a Kafkas cluster, pretty much like: https://github.com/strimzi/strimzi-kafka-operator/blob/main/examples/kafka/kafka-ephemeral.yaml

And than adding a user, pretty much like:

apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
  name: my-tls-user
  labels:
    strimzi.io/cluster: my-cluster
spec:
  authentication:
    type: tls
  authorization:
    type: simple
    acls:
      - resource:
          type: topic
          name: "*"
        operation: Read
        host: "*"
      - resource:
          type: topic
          name: "*"
        operation: Describe
        host: "*"
      - resource:
          type: group
          name: "*"
        operation: Read
        host: "*"
      - resource:
          type: topic
          name: "*"
        operation: Write
        host: "*"
      - resource:
          type: topic
          name: "*"
        operation: Create
        host: "*"
      - resource:
          type: topic
          name: "*"
        operation: Describe
        host: "*"

The user does not render any READY state - they stay idle (I know the cluster is not setup for this):

k get kafkausers.kafka.strimzi.io -A 
NAMESPACE   NAME          CLUSTER      AUTHENTICATION   AUTHORIZATION   READY
default     my-tls-user   my-cluster   tls              simple          
➜  ~ 

Given that the cluster is not correct configured, and lacks the authorization type, I was expecting those users turn into READY:FALSE, also with a reason on the why it is not ready.

E.g. like:

    - name: Reason
      type: string
      jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"

on the additionalPrinterColumns section

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:6 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
scholzjcommented, May 19, 2022

Well, I don’t know if I would call it better. But if you feel it helps we can easily implement it. Changing the conditions on the other hand would not be easy as they are also part of the API.

0reactions
scholzjcommented, Jun 7, 2022

Triaged on 7.6.2022: We do not want to add the additional column. But a better docs explaining this should be done. Should be kept open.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Configuring Strimzi (In Development)
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes in various deployment configurations.
Read more >
Configuring AMQ Streams on OpenShift
Configuring Red Hat Single Sign-On as an OAuth 2.0 authorization server ... AMQ Streams does not require OpenShift raw block volumes.
Read more >
Select proper KafkaUser authentication type? - Stack Overflow
We use TLS authentication listeners in Kafka cluster (this can be changed, we can add new type of listeners). When connect to Kafka...
Read more >
Custom resources - IBM
IBM® Automation foundation uses Kubernetes custom resources (CRs) for configuration. All the CRs are in the API groups that end with automation.ibm.com.
Read more >
How to set up Kafka on Kubernetes with Strimzi in 5 minutes
Strimzi is a tool with which a full-fledged Apache Kafka cluster including Apache ZooKeeper can be set up on Kubernetes or OpenShift. Today,...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found