Skip to content
This repository has been archived by the owner on Feb 22, 2022. It is now read-only.

[incubator/kafka] Fix initContainer failure which did not error #4400

Merged
merged 2 commits into from
Mar 22, 2018
Merged

[incubator/kafka] Fix initContainer failure which did not error #4400

merged 2 commits into from
Mar 22, 2018

Conversation

ghost
Copy link

@ghost ghost commented Mar 21, 2018

What this PR does / why we need it:

Over in #3754, I submitted a PR to allow optional external access to Kafka. During review, I changed from one kubectl image to another -- and apparently did not adequately vet the change.

A commenter @piter42zx at #3754 describes a failure mode as seen at minikube: #3754 (comment)

Special notes for your reviewer:

This PR fixes the issue identified above. It uses a kubectl image which is not based on docker "scratch" -- and which brings with it sh so that we can be more paranoid about our init container's behavior. I've verified using the following override file that Kafka is exposed as expected by the commenter referenced above.

To best validate that the external endpoint should be available, run:

kubectl get endpoints -l app=kafka
replicas: 1

external:
  domain: 192.168.99.100
  enabled: true
  firstListenerPort: 31090
  servicePort: 19092

configurationOverrides:
  advertised.listeners: EXTERNAL://192.168.99.100:$((31090 + ${KAFKA_BROKER_ID}))
  auto.create.topics.enable: "true"
  listener.security.protocol.map: PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT
  unclean.leader.election.enable: "false"

zookeeper:
  servers: 1

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Mar 21, 2018
@ghost ghost mentioned this pull request Mar 21, 2018
Merged
@ghost
Copy link
Author

ghost commented Mar 21, 2018

/assign @benjigoldberg

benjigoldberg
benjigoldberg reviewed Mar 21, 2018
View reviewed changes
incubator/kafka/templates/statefulset.yaml
@@ -28,8 +28,10 @@ spec:
- name: init-ext
image: "{{ .Values.external.init.image }}:{{ .Values.external.init.imageTag }}"
imagePullPolicy: "{{ .Values.external.init.imagePullPolicy }}"
args:
- -n ${POD_NAMESPACE} label pods ${POD_NAME} pod=${POD_NAME}
command:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@josdotso can you go into more detail about why we need to sh vs just use the scratch image? I don't follow the problem totally.

Copy link
Author

@ghost ghost Mar 21, 2018
edited by ghost
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@benjigoldberg

Using the old from scratch image did not label the pods at all, exited 0, and produced no init container log at all.

With sh in the mix, we can set -euxc which tells sh to error upon any non-zero command, error on any vars it cannot interpolate, enable shell verbosity enough to tell us what shell command ran. stdout gives useful output anyway -- but only on success. Even if the scratch approach worked in most cases, it would never tell us what shell command started kubectl. Therefore, we must use a shell here to properly debug the interpolation of the variables.

When label is not present, the services created for external access are set to use dead endpoints. This happens because selector doesn't match unlabeled pods.

Here's an example log output after this PR:

$ kubectl logs kafka-kafka-0 -c init-ext
+ kubectl label pods kafka-kafka-0 --namespace default pod=kafka-kafka-0
pod "kafka-kafka-0" labeled

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the explanation 👍 makes sense to me

@benjigoldberg
Copy link
Collaborator

/ok-to-test

@k8s-ci-robot k8s-ci-robot removed the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Mar 22, 2018
@benjigoldberg
Copy link
Collaborator

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 22, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: benjigoldberg, josdotso

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 22, 2018
@k8s-ci-robot k8s-ci-robot merged commit f386fa9 into helm:master Mar 22, 2018
@ghost
Copy link
Author

ghost commented Mar 22, 2018

Thanks @benjigoldberg and sorry for the mishap!

@benjigoldberg
Copy link
Collaborator

@josdotso np, it happens. Thanks for patching this!

joshuacox added a commit to joshuacox/charts that referenced this pull request Mar 24, 2018
@joshuacox
Merge remote-tracking branch 'upstream/master'
c859f47 
* upstream/master: (944 commits)
  Rename service port to http (helm#4442)
  [stable/neo4j] Change the image of the initContainer examples (helm#4269)
  move burrow to stable repo (helm#3481)
  Upgrade kube-state-metrics to 1.2.0, add new collectors (helm#4146)
  Add review guidelines around pvcs (helm#4223)
  [stable/parse] Release 0.3.10 (helm#4389)
  [stable/phabricator] Release 0.5.19 (helm#4433)
  Support exposing jmx and additional ports (helm#4072)
  Add default of "" for string comparison (helm#4420)
  [incubator/kafka] Makes readiness probe configurable (helm#3948)
  Published stash chart 0.7.0-rc.1 (helm#4410)
  Enable testing charts with test values (helm#4157)
  [incubator/kafka] Fix initContainer failure which did not error (helm#4400)
  [stable/etcd-operator] deployment typos and add tolerations (helm#4139)
  Typo fix in coscale/README.md (helm#4306)
  Typo fix in concourse/README.md (helm#4303)
  Typo fix in cockroachdb/README.md (helm#4302)
  [stable/jenkins] Bump appVersion (helm#4177)
  Typo fix in cluster-autoscaler/README.md (helm#4301)
  [stable/traefik] Bump appVersion to 1.5.4 (helm#4206)
  ...
rolanddb pushed a commit to Eneco/charts that referenced this pull request Apr 9, 2018
@rolanddb
[incubator/kafka] Fix initContainer failure which did not error (helm…
e94cfc1 
…#4400)

* [incubator/kafka] Fix initContainer failure which did not error

* [incubator/kafka] Set initContainer to fail when vars are undefined
@ghost ghost mentioned this pull request Apr 14, 2018
Closed
ichtar pushed a commit to Bestmile/charts that referenced this pull request May 15, 2018
[incubator/kafka] Fix initContainer failure which did not error (helm…
f3c53bf 
…#4400)

* [incubator/kafka] Fix initContainer failure which did not error

* [incubator/kafka] Set initContainer to fail when vars are undefined
voron pushed a commit to dysnix/helm-charts that referenced this pull request Sep 5, 2018
[incubator/kafka] Fix initContainer failure which did not error (helm…
dc313a5 
…#4400)

* [incubator/kafka] Fix initContainer failure which did not error

* [incubator/kafka] Set initContainer to fail when vars are undefined

Signed-off-by: voron <av@arilot.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm Indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@benjigoldberg @k8s-ci-robot