[bitnami/kafka] accessing brokers from outside the cluster (GCP) via NodePort

[SaravShah]

Name and Version

bitnami/kafka 28.2.4

What architecture are you using?

None

What steps will reproduce the bug?

I'm using the values from here https://github.com/bitnami/charts/blob/main/bitnami/kafka/values.yaml
but set

controller:
    ## @param externalAccess.controller.forceExpose If set to true, force exposing controller-eligible nodes although they are configured as controller-only nodes
    ##
    forceExpose: false
    ## Parameters to configure K8s service(s) used to externally access Kafka brokers
    ## Note: A new service per broker will be created
    ##
    service:
      ## @param externalAccess.controller.service.type Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP
      ##
      type: NodePort
      ## @param externalAccess.controller.service.ports.external Kafka port used for external access when service type is LoadBalancer
      ##
      ports:
        external: 9094
      ## @param externalAccess.controller.service.loadBalancerClass Kubernetes Service Load Balancer class for external access when service type is LoadBalancer
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
      ##
      loadBalancerClass: ""
      ## @param externalAccess.controller.service.loadBalancerIPs Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount
      ## e.g:
      ## loadBalancerIPs:
      ##   - X.X.X.X
      ##   - Y.Y.Y.Y
      ##
      loadBalancerIPs: []
      ## @param externalAccess.controller.service.loadBalancerNames Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount
      ## e.g:
      ## loadBalancerNames:
      ##   - broker1.external.example.com
      ##   - broker2.external.example.com
      ##
      loadBalancerNames: []
      ## @param externalAccess.controller.service.loadBalancerAnnotations Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount
      ## e.g:
      ## loadBalancerAnnotations:
      ##   - external-dns.alpha.kubernetes.io/hostname: broker1.external.example.com.
      ##   - external-dns.alpha.kubernetes.io/hostname: broker2.external.example.com.
      ##
      loadBalancerAnnotations: []
      ## @param externalAccess.controller.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer
      ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
      ## e.g:
      ## loadBalancerSourceRanges:
      ## - 10.10.10.0/24
      ##
      loadBalancerSourceRanges: []
      ## @param externalAccess.controller.service.allocateLoadBalancerNodePorts Whether to allocate node ports when service type is LoadBalancer
      ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
      ##
      allocateLoadBalancerNodePorts: true
      ## @param externalAccess.controller.service.nodePorts Array of node ports used for each Kafka broker. Length must be the same as replicaCount
      ## e.g:
      nodePorts:
        - 30087
        - 30088
        - 30089

and

externalAccess:
  ## @param externalAccess.enabled Enable Kubernetes external cluster access to Kafka brokers
  ##
  enabled: true
  ## External IPs auto-discovery configuration
  ## An init container is used to auto-detect LB IPs or node ports by querying the K8s API
  ## Note: RBAC might be required
  ##
  autoDiscovery:
    ## @param externalAccess.autoDiscovery.enabled Enable using an init container to auto-detect external IPs/ports by querying the K8s API
    ##
    enabled: false

Are you using any custom parameters or values?

No response

What is the expected behavior?

No response

What do you see instead?

This creates

k get pods -n <ns>

  kafkademo-controller-0   1/1     Running     0               16h
kafkademo-controller-1   1/1     Running     1 (4h42m ago)   16h
kafkademo-controller-2   1/1     Running     0               16h

 kubectl get svc -n <ns>
NAME                              TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)                      AGE
kafkademo                         ClusterIP   10.2.48.154   <none>        9092/TCP,9095/TCP            16h
kafkademo-controller-0-external   NodePort    10.2.48.191   <none>        9094:30087/TCP               16h
kafkademo-controller-1-external   NodePort    10.2.49.10    <none>        9094:30088/TCP               16h
kafkademo-controller-2-external   NodePort    10.2.51.0     <none>        9094:30089/TCP               16h
kafkademo-controller-headless     ClusterIP   None          <none>        9094/TCP,9092/TCP,9093/TCP   16h

advertised.listeners=CLIENT://kafkademo-controller-0.kafkademo-controller-headless.dash24.svc.cluster.local:9092,INTERNAL://kafkademo-controller-0.kafkademo-controller-headless.dash24.svc.cluster.local:9094,EXTERNAL://<external_ip>:30087

Things are working w/ internal communication, but i can't seem to use the external_ip and port to access the brokers from outside the cluster.

For what its worth, my cluster is in a VPC, however i'm testing with a VM thats also inside the VPC.

In the VM that is inside the VPC when i run

telnet <external_ip> 30087
it doesn't return anything

Additional information

No response

[SaravShah]

The k8 cluster is allowing all ingress from

tcp:1-65535
udp:1-65535
icmp

[javsalgar]

Hi,

What kind of error it returns? Is it a connection timeout issue?

[SaravShah]

@javsalgar i ended up switching to using LoadBalancer type, and things seem to work.