Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Zk roll #1404

merged 3 commits into from Mar 4, 2019


None yet
3 participants
Copy link

commented Mar 4, 2019

Type of change

  • Bugfix


Cluster CA key replacement requires a ZK roll (so that ZK nodes trust new ZK peer certs, and new Kafka certs). When rolling ZK the CO now needs to know the leader. In KAO clusterOperatorSecret() is called immediately after CA reconciliation and before rollingUpdateForNewCaKey(). This meant that the ZookeeperLeaderFinding didn't trust the old ZK certs (because it was only trusting the new certs, which we were rolling ZK in order to start using). Fix this by having the ZLF trust both old and new certs.

Also fix the test which was timing out when closing the AvailabilityVerifier. This is done by initially checking we can produce and consume, and then again (with different client instances) after the CA replacement+rolls.


Please go through this checklist and make sure all applicable tasks have been done

  • Update/write design documentation in ./design
  • Write tests
  • Make sure all tests pass
  • Update documentation
  • Check RBAC rights for Kubernetes / OpenShift roles
  • Try your changes from Pod inside your Kubernetes and OpenShift cluster, not just locally
  • Reference relevant issue(s) and close them after merging
  • Update

@tombentley tombentley requested a review from ppatierno Mar 4, 2019


scholzj approved these changes Mar 4, 2019

@scholzj scholzj added this to the 0.12.0 milestone Mar 4, 2019

@scholzj scholzj merged commit 23bbaa0 into master Mar 4, 2019

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
continuous-integration/travis-ci/push The Travis CI build passed

@scholzj scholzj deleted the zk-roll branch Mar 4, 2019

scholzj added a commit that referenced this pull request Mar 4, 2019

Zk roll (#1404)
* Fix problem rolling ZK following Cluster CA key replacements

* Fix tests

* Fix test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.