Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SASL Configuration Flexibility for Individual Listeners #915

Open
naavveenn opened this issue Dec 5, 2023 · 0 comments
Open

SASL Configuration Flexibility for Individual Listeners #915

naavveenn opened this issue Dec 5, 2023 · 0 comments

Comments

@naavveenn
Copy link

naavveenn commented Dec 5, 2023
edited by jira bot
Loading

What happened?

Currently, there's a challenge when attempting to enable SASL for Schema Registry while disabling it for other listeners like Kafka. The current behavior results in authentication errors.

What did you expect to happen?

It would be beneficial to have the flexibility to independently enable or disable SASL for specific listeners. This enhancement would provide more granular control over SASL configuration for different components.

How can we reproduce it (as minimally and precisely as possible)?. Please include values file.

Try running the helm upgrade command with the below values.yaml file and you will see the console failing with the below errors

external:
  domain: dev.example.com
  enabled: true
  service:
    enabled: true
  type: NodePort

auth:
  sasl:
    enabled: true
    mechanism: SCRAM-SHA-512
    secretRef: redpanda-superusers

listeners:
  admin:
    external:
      default:
        advertisedPorts:
        - 31644
  http:
    authenticationMethod: http_basic
    enabled: true
    external:
      default:
        advertisedPorts:
        - 30082

  kafka:
    authenticationMethod: none
    external:
      default:
        advertisedPorts:
        - 31092

  schemaRegistry:
    authenticationMethod: http_basic
    enabled: true
    external:
      default:
        advertisedPorts:
        - 30081
console:
  config:
    kafka:
      sasl:
        enabled: false

Console Output
{"level":"info","ts":"2023-12-04T15:27:11.411Z","msg":"started Redpanda Console","version":"v2.3.5","built_at":"1697468387"}
{"level":"info","ts":"2023-12-04T15:27:11.411Z","msg":"connecting to Kafka seed brokers, trying to fetch cluster metadata"}
{"level":"error","ts":"2023-12-04T15:27:11.413Z","msg":"unable to initialize sasl","source":"kafka_client","broker":"seed 0","err":"ILLEGAL_SASL_STATE: Request is not valid given the current SASL state."}
{"level":"warn","ts":"2023-12-04T15:27:11.413Z","msg":"Failed to test Kafka connection, going to retry in 1s","remaining_retries":5}
{"level":"info","ts":"2023-12-04T15:27:12.413Z","msg":"connecting to Kafka seed brokers, trying to fetch cluster metadata"}
{"level":"error","ts":"2023-12-04T15:27:12.414Z","msg":"unable to initialize sasl","source":"kafka_client","broker":"seed 1","err":"ILLEGAL_SASL_STATE: Request is not valid given the current SASL state."}
{"level":"warn","ts":"2023-12-04T15:27:12.415Z","msg":"Failed to test Kafka connection, going to retry in 2s","remaining_retries":4}
{"level":"info","ts":"2023-12-04T15:27:14.416Z","msg":"connecting to Kafka seed brokers, trying to fetch cluster metadata"}
{"level":"error","ts":"2023-12-04T15:27:14.419Z","msg":"unable to initialize sasl","source":"kafka_client","broker":"seed 2","err":"ILLEGAL_SASL_STATE: Request is not valid given the current SASL state."}
{"level":"warn","ts":"2023-12-04T15:27:14.419Z","msg":"Failed to test Kafka connection, going to retry in 4s","remaining_retries":3}
{"level":"info","ts":"2023-12-04T15:27:18.420Z","msg":"connecting to Kafka seed brokers, trying to fetch cluster metadata"}
{"level":"error","ts":"2023-12-04T15:27:18.422Z","msg":"unable to initialize sasl","source":"kafka_client","broker":"seed 0","err":"ILLEGAL_SASL_STATE: Request is not valid given the current SASL state."}
{"level":"warn","ts":"2023-12-04T15:27:18.422Z","msg":"Failed to test Kafka connection, going to retry in 8s","remaining_retries":2}
{"level":"info","ts":"2023-12-04T15:27:26.424Z","msg":"connecting to Kafka seed brokers, trying to fetch cluster metadata"}
{"level":"error","ts":"2023-12-04T15:27:26.426Z","msg":"unable to initialize sasl","source":"kafka_client","broker":"seed 1","err":"ILLEGAL_SASL_STATE: Request is not valid given the current SASL state."}
{"level":"warn","ts":"2023-12-04T15:27:26.426Z","msg":"Failed to test Kafka connection, going to retry in 16s","remaining_retries":1}

Pods

$ kubectl get pods -n redpanda
NAME                                READY   STATUS             RESTARTS         AGE
redpanda-0                          2/2     Running            0                77m
redpanda-1                          2/2     Running            0                77m
redpanda-2                          2/2     Running            0                77m
redpanda-configuration-k7jsd        0/1     Completed          0                6d23h
redpanda-console-6b49ccb474-gtnpz   1/1     Running            0                44d
redpanda-console-748788676b-6fk24   0/1     CrashLoopBackOff   29 (3m36s ago)   77m
redpanda-post-upgrade-4qpwl         0/1     Completed          0                6d23h

Anything else we need to know?

No response

Which are the affected charts?

No response

Chart Version(s)

Helm Chart Version: redpanda-5.6.24
EKS version: 1.27

Cloud provider

AWS

JIRA Link: K8S-83
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@naavveenn