Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix network policies to allow CO talk to the controller nodes #10940

Merged
merged 1 commit into from
Dec 11, 2024
Merged

Fix network policies to allow CO talk to the controller nodes #10940

merged 1 commit into from
Dec 11, 2024

Conversation

scholzj
Copy link
Member

@scholzj scholzj commented Dec 11, 2024

Type of change

  • Bugfix

Description

#10016 allowed the Cluster operator to talk directly to the dedicated controller nodes. However, it did not update the network policies. So in environments with enabled network policy enforcement, the operator cannot talk with them and attempts to roll the controller nodes fail with following issues:

2024-12-11 10:39:22 WARN  KafkaQuorumCheck:64 - Reconciliation #55(watch) Kafka(myproject/my-cluster): Error determining the controller quorum leader id
org.apache.kafka.common.errors.TimeoutException: Timed out waiting for a node assignment. Call: describeMetadataQuorum
2024-12-11 10:39:22 INFO  KafkaRoller:389 - Reconciliation #55(watch) Kafka(myproject/my-cluster): Will temporarily skip verifying pod my-cluster-controllers-0/0 is up-to-date due to io.strimzi.operator.cluster.operator.resource.KafkaRoller$UnforceableProblem: An error while trying to determine the quorum leader id, retrying after at least 250ms

This PR fixes the network policy and allows CO to talk with Kafka clusters on port 9090 as well.

This should likely be cherry-picked to Strimzi 0.45.0 for an RC2 release.

Checklist

  • Write tests
  • Make sure all tests pass
  • Try your changes from Pod inside your Kubernetes and OpenShift cluster, not just locally

@scholzj
Fix network policies to allow CO talk to the controller nodes
6646d2d 
Signed-off-by: Jakub Scholz <www@scholzj.com>
@scholzj scholzj added this to the 0.46.0 milestone Dec 11, 2024
@scholzj scholzj requested a review from ppatierno December 11, 2024 10:46
ppatierno
ppatierno approved these changes Dec 11, 2024
View reviewed changes
Copy link
Member

@ppatierno ppatierno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch! Thanks!

@scholzj
Copy link
Member Author

scholzj commented Dec 11, 2024

/azp run regression

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@scholzj scholzj merged commit d6732fa into strimzi:main Dec 11, 2024
21 checks passed
@scholzj scholzj deleted the fix-network-policies-to-talk-with-controllers branch December 11, 2024 18:37
@ppatierno
Copy link
Member

During the community call on 12/12/2024 we decided to change the plan. We won't cherry-pick this on 0.45.0 release branch because we are reverting back #10016 which sounds to be the safer option for the current release plan.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ppatierno ppatierno ppatierno approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.46.0
Development

Successfully merging this pull request may close these issues.
2 participants
@scholzj @ppatierno