diff --git a/10broker-config.yml b/10broker-config.yml index a246e808..8f9d9d5a 100644 --- a/10broker-config.yml +++ b/10broker-config.yml @@ -11,6 +11,19 @@ data: export KAFKA_BROKER_ID=${HOSTNAME##*-} sed -i "s/\${KAFKA_BROKER_ID}/$KAFKA_BROKER_ID/" /etc/kafka/server.properties + hash kubectl 2>/dev/null || { + sed -i "s/#init#broker.rack=#init#/#init#broker.rack=# kubectl not found in path/" /etc/kafka/server.properties + } && { + ZONE=$(kubectl get node "$NODE_NAME" -o=go-template='{{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}') + if [ $? -ne 0 ]; then + sed -i "s/#init#broker.rack=#init#/#init#broker.rack=# zone lookup failed, see -c init-config logs/" /etc/kafka/server.properties + elif [ "x$ZONE" == "x" ]; then + sed -i "s/#init#broker.rack=#init#/#init#broker.rack=# zone label not found for node $NODE_NAME/" /etc/kafka/server.properties + else + sed -i "s/#init#broker.rack=#init#/broker.rack=$ZONE/" /etc/kafka/server.properties + fi + } + server.properties: |- # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with @@ -34,6 +47,8 @@ data: # The id of the broker. This must be set to a unique integer for each broker. broker.id=${KAFKA_BROKER_ID} + #init#broker.rack=#init# + # Switch to enable topic deletion or not, default value is false delete.topic.enable=true diff --git a/50kafka.yml b/50kafka.yml index 4404a6be..2c42dc77 100644 --- a/50kafka.yml +++ b/50kafka.yml @@ -15,7 +15,12 @@ spec: terminationGracePeriodSeconds: 30 initContainers: - name: init-config - image: solsson/kafka:0.11.0.0@sha256:b27560de08d30ebf96d12e74f80afcaca503ad4ca3103e63b1fd43a2e4c976ce + image: solsson/kafka-initutils@sha256:c275d681019a0d8f01295dbd4a5bae3cfa945c8d0f7f685ae1f00f2579f08c7d + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName command: ['/bin/bash', '/etc/kafka/init.sh'] volumeMounts: - name: config diff --git a/rbac-namespace-default/node-reader.yml b/rbac-namespace-default/node-reader.yml new file mode 100644 index 00000000..edf3dde1 --- /dev/null +++ b/rbac-namespace-default/node-reader.yml @@ -0,0 +1,37 @@ +# To see if init containers need RBAC: +# +# $ kubectl exec kafka-0 -- cat /etc/kafka/server.properties | grep broker.rack +# #init#broker.rack=# zone lookup failed, see -c init-config logs +# $ kubectl logs -c init-config kafka-0 +# ++ kubectl get node some-node '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}' +# Error from server (Forbidden): User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope.: "Unknown user \"system:serviceaccount:kafka:default\"" +# +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: node-reader + labels: + origin: github.com_Yolean_kubernetes-kafka +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: kafka-node-reader + labels: + origin: github.com_Yolean_kubernetes-kafka +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: node-reader +subjects: +- kind: ServiceAccount + name: default + namespace: kafka