We are integratingfluentbit intoKafka viaKubernetes deployed usingstrimzi.io and we hit our first issue.
When creating aKafkaUser it will not create thesecret needed fortls in ourfluent namespace
apiVersion: kafka.strimzi.io/v1beta2kind: KafkaUsermetadata: name: fluent namespace: fluent labels: strimzi.io/cluster: debezium-clusterspec: authentication: type: tls authorization: type: simple acls: - resource: name: '*' patternType: literal type: topic operation: All - resource: name: '*' patternType: literal type: group operation: All - resource: type: cluster operation: Allit simply sits there like
kubectl get kafkauser NAME CLUSTER AUTHENTICATION AUTHORIZATION READYfluent debezium-cluster tls simpleReading up it seems that this is a long running issue and although there is afix for java applications, it would appear you need to deploy something else to mirror the secret generated into thefluent namespace.
In one of the comments it lead us tohttps://config-syncer.com/docs/v0.14.7/setup/install/ which had a comment about another toolemberstack/kubernetes-reflector.
Installation is pretty straight forward.
helm repo add emberstack https://emberstack.github.io/helm-chartshelm repo updatehelm upgrade --install reflector -n emberstack --create-namespace emberstack/reflectorThen you need to annotate theKafkaUser yaml and apply it
apiVersion: kafka.strimzi.io/v1beta2kind: KafkaUsermetadata: name: fluent namespace: kakfa labels: strimzi.io/cluster: kakfa-clusterspec: authentication: type: tls template: secret: metadata: annotations: reflector.v1.k8s.emberstack.com/reflection-allowed: "true" reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "fluent" authorization: type: simple acls: - resource: name: '*' patternType: literal type: topic operation: All - resource: name: '*' patternType: literal type: group operation: All - resource: type: cluster operation: Alland then finally create a empty secret in thefluent namespace and annotate it to mirror the secret created previously.
apiVersion: v1 kind: Secretmetadata: name: fluent namespace: fluent annotations: reflector.v1.k8s.emberstack.com/reflects: "kafka/fluent" type: OpaqueWhen completed the secret is mirrored (and maintained)
kubectl get secret fluent -n kafkaNAME TYPE DATA AGE fluent Opaque 5 26mkubectl get secret fluent -n fluentNAME TYPE DATA AGE fluent Opaque 5 19mYou can now reference thesecret in your config.
Readhow to sync the Kafka Cluster CA certificate into your namespace to enable the sync of the Kafka Cluster CA Certificate.
Top comments(0)
For further actions, you may consider blocking this person and/orreporting abuse
