Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

external IP access #242

Open
alexfrieden opened this issue Jan 16, 2019 · 9 comments
Open

external IP access #242

alexfrieden opened this issue Jan 16, 2019 · 9 comments

Comments

@alexfrieden
Copy link

alexfrieden commented Jan 16, 2019
edited
Loading

Hi folks,
I deployed the outside services:

kubectl -n kafka apply -f outside-services/

However, the result is that there is no external IP:

kubectl -n kafka get all
NAME          READY   STATUS    RESTARTS   AGE
pod/kafka-0   1/1     Running   0          3m
pod/kafka-1   1/1     Running   0          3m
pod/kafka-2   1/1     Running   0          3m
pod/pzoo-0    1/1     Running   0          11m
pod/pzoo-1    1/1     Running   0          11m
pod/pzoo-2    1/1     Running   0          11m
pod/zoo-0     1/1     Running   0          11m
pod/zoo-1     1/1     Running   0          11m

NAME                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)             AGE
service/bootstrap   ClusterIP   100.69.215.109   <none>        9092/TCP            3m
service/broker      ClusterIP   None             <none>        9092/TCP            3m
service/outside-0   NodePort    100.69.93.206    <none>        32400:32400/TCP     2m
service/outside-1   NodePort    100.66.39.39     <none>        32401:32401/TCP     2m
service/outside-2   NodePort    100.67.18.146    <none>        32402:32402/TCP     2m
service/pzoo        ClusterIP   None             <none>        2888/TCP,3888/TCP   11m
service/zoo         ClusterIP   None             <none>        2888/TCP,3888/TCP   11m
service/zookeeper   ClusterIP   100.70.47.110    <none>        2181/TCP            11m

NAME                     DESIRED   CURRENT   AGE
statefulset.apps/kafka   3         3         3m
statefulset.apps/pzoo    3         3         11m
statefulset.apps/zoo     2         2         11m

Is this by design? If I want to expose access to this through kafkacat for example, what is the recommendation to do this?

I went through #13 but didn't seem to answer this question (or at least I didn't understand it).
@solsson
Copy link
Contributor

solsson commented Jan 17, 2019

I think https://github.com/Yolean/kubernetes-kafka/tree/master/outside-services#outside-access-with-one-nodeport-per-broker explains why NodePort is default, and where to go from there.

@alexfrieden
Copy link
Author

Hi @solsson, thanks for your response. I read through that but shouldn't there be an IP address that is set for external access with NodePort?

Tried testing this out but to no avail:

kafkacat -L -b 100.69.93.206:32400
% ERROR: Failed to acquire metadata: Local: Broker transport failure

@solsson
Copy link
Contributor

solsson commented Jan 17, 2019

What is it you want to do? Expose to outside your cluster but within your network, or to public Internet?

@alexfrieden
Copy link
Author

I am actually curious about how to do either. I thought kubectl apply to the outside yamls with the nodePorts would allow public access to it.

@solsson
Copy link
Contributor

solsson commented Jan 18, 2019

It might :) Depending on the networking that surrounds your cluster. But I hope it doesn't. You must look into Kafka authentication before you do that.

@alexfrieden
Copy link
Author

@solsson the kops group for this should be pretty open (I'll double check). I am just trying to connect to the cluster to confirm it works which currently it doesn't appear to be exposed. It should have an external IP if the outside broker is apply correct?

@solsson
Copy link
Contributor

solsson commented Jan 18, 2019

Run kubectl -n kafka get pods -l app=kafka -o=jsonpath='{.items[*].metadata.annotations.kafka-listener-outside-host}' to see the IPs of the nodes that brokers happen to be on. I assume based on how GKE works that they're _not_ listed as external IPs in kubectl get nodes -o wide`.

Then from for example a standalone VM instance or from a new cluster, run kafkacat -b [any IP from the annotations]:32400 -L. You'll get a topic list if the machine you're connecting from can access these IPs.

@alexfrieden
Copy link
Author

Hmm,
So the results of these seem to fail to connect:

kubectl -n kafka get pods -l app=kafka -o=jsonpath='{.items[*].metadata.annotations.kafka-listener-outside-host}'
172.20.40.143 172.20.55.126 172.20.59.230%

kafkacat -b 172.20.59.230:32400 -L
% ERROR: Failed to acquire metadata: Local: Broker transport failure

Same response for the other two. I have the access to this pretty open so network rules shouldn't be blocking anything.

@solsson
Copy link
Contributor

solsson commented Jan 21, 2019

If you expose NodePort to something else, like a dummy web server pod, does it work with curl from the same test machine?

With kafkacat it sometimes helps to add -d broker to get some more info about the bootstrap process.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@solsson @alexfrieden