Hello,
I'm trying to expose port for my test kafka service. I'v tried expose it with:
kubectl port-forward ... 9092:9092
And it worked:
%4|1692955913.579|FAIL|rdkafka#consumer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Disconnected: verify that security.protocol is correctly configured, broker might require SASL authentication (after 1409ms in state UP)
But I want to expose my port with domain that I have. Can I do that and how, I tried all standard methods?
How to reproduce that:
I use different namespaces and k3s cluster for arm, so it's little bit tricky to configure traefik for that because traefik is builtin into cluster.
- Install k3s(If somebody want to try it, and create cluster fast but there can be possible problems if you not worked with it)
curl -sfL https://get.k3s.io | sh -
# Check for Ready node, takes ~30 seconds
sudo k3s kubectl get node
- Configure values from $(helm show values traefik/traefik)
Need to enable cross namespace, otherwise it will not work, and services will not appear in dashboard, and dashboard will not appear
providers:
kubernetesCRD:
# -- Load Kubernetes IngressRoute provider
enabled: true
# -- Allows IngressRoute to reference resources in namespace other than theirs
allowCrossNamespace: true
# -- Allows to reference ExternalName services in IngressRoute
allowExternalNameServices: false
# -- Allows to return 503 when there is no endpoints available
allowEmptyServices: false
ingressClass: traefik-external
# labelSelector: environment=production,method=traefik
# -- Array of namespaces to watch. If left empty, Traefik watches all namespaces.
namespaces: []
# - "default"
ports:
# ... multiple standard ports
kafkaclient:
port: 9092
expose: true
exposePort: 9092
protocol: TCP
- Trick with redeploy(I not found great solutions for problems with traefik and k3s but this works)
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
# ! THERE VALUES FROM $(helm show values traefik/traefik)
- Configure dashboard (TLS configured with cert manager and connected with cloudflare, all working)
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`your.site`)
kind: Rule
middlewares:
- name: traefik-dashboard-basicauth
namespace: default
services:
- name: api@internal
kind: TraefikService
tls:
secretName: secret-tls
- Kafka test deploy with helm
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm install my-kafka bitnami/kafka --version 25.1.0 --namespace "default" --create-namespace
-
Kafka deployed and I see two services with k9s
-
Apply file with IngressRouteTCP with kubectl apply -f
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: kafkahttp
namespace: default
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- kafkaclient
routes:
- match: HostSNI(`*`)
services:
- name: my-kafka # Requests will be forwarded to this service
namespace: default
port: 9092
tls:
secretName: secret-tls
But this is not working
% Auto-selecting Consumer mode (use -P or -C to override)
% ERROR: Failed to query metadata for topic test-topic: Local: Broker transport failure
Notice
I use kcat for that or kafkacat
To install:
OSX:
brew install kafkacat
Linux:
apt-get install kafkacat
➜ ~ kcat -b your.site:9092 -t test-topic
% Auto-selecting Consumer mode (use -P or -C to override)
% ERROR: Failed to query metadata for topic test-topic: Local: Broker transport failure
➜ ~ kcat -b localhost:9092 -t test-topic
% Auto-selecting Consumer mode (use -P or -C to override)
%4|1692960717.189|FAIL|rdkafka#consumer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Disconnected: verify that security.protocol is correctly configured, broker might require SASL authentication (after 1361ms in state UP)