Skip to content

Commit 07878ca

Browse files
wip
1 parent e9d3d48 commit 07878ca

File tree

4 files changed

+19
-12
lines changed

4 files changed

+19
-12
lines changed

CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,10 @@ All notable changes to this project will be documented in this file.
2323
- Default to OCI for image metadata and product image selection ([#810]).
2424
- Bump Kafka 3.7.1 to 3.7.2 in tests and getting_started, and bump upgrade testing from 3.7.1->3.8.0 to 3.8.0->3.9.0 ([#822]).
2525

26+
### Fixed
27+
28+
- Readiness probe fixed if Kerberos is enabled
29+
2630
[#796]: https://github.com/stackabletech/kafka-operator/pull/796
2731
[#803]: https://github.com/stackabletech/kafka-operator/pull/803
2832
[#809]: https://github.com/stackabletech/kafka-operator/pull/809

rust/operator-binary/src/crd/security.rs

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -293,6 +293,7 @@ impl KafkaTlsSecurity {
293293
args.push("-b".to_string());
294294
args.push(format!("localhost:{}", port));
295295
args.extend(Self::kcat_client_auth_ssl(Self::STACKABLE_TLS_KCAT_DIR));
296+
args.push("-L".to_string());
296297
} else if self.has_kerberos_enabled() {
297298
let service_name = KafkaRole::Broker.kerberos_service_name();
298299
// here we need to specify a shell so that variable substitution will work
@@ -302,33 +303,39 @@ impl KafkaTlsSecurity {
302303
args.push("-euo".to_string());
303304
args.push("pipefail".to_string());
304305
args.push("-c".to_string());
305-
args.push(
306+
307+
let mut bash_args = vec![];
308+
bash_args.push(
306309
format!(
307310
"export KERBEROS_REALM=$(grep -oP 'default_realm = \\K.*' {});",
308311
STACKABLE_KERBEROS_KRB5_PATH
309312
)
310313
.to_string(),
311314
);
312-
args.push("/stackable/kcat".to_string());
313-
args.push("-b".to_string());
314-
args.push(format!("{pod_fqdn}:{port}"));
315-
args.extend(Self::kcat_client_sasl_ssl(
315+
bash_args.push("/stackable/kcat".to_string());
316+
bash_args.push("-b".to_string());
317+
bash_args.push(format!("{pod_fqdn}:{port}"));
318+
bash_args.extend(Self::kcat_client_sasl_ssl(
316319
Self::STACKABLE_TLS_KCAT_DIR,
317320
service_name,
318321
pod_fqdn,
319322
));
323+
bash_args.push("-L".to_string());
324+
325+
args.push(bash_args.join(" "));
320326
} else if self.tls_server_secret_class().is_some() {
321327
args.push("/stackable/kcat".to_string());
322328
args.push("-b".to_string());
323329
args.push(format!("localhost:{}", port));
324330
args.extend(Self::kcat_client_ssl(Self::STACKABLE_TLS_KCAT_DIR));
331+
args.push("-L".to_string());
325332
} else {
326333
args.push("/stackable/kcat".to_string());
327334
args.push("-b".to_string());
328335
args.push(format!("localhost:{}", port));
336+
args.push("-L".to_string());
329337
}
330338

331-
args.push("-L".to_string());
332339
args
333340
}
334341

rust/operator-binary/src/kerberos.rs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,8 @@ pub fn add_kerberos_pod_config(
4545
SecretOperatorVolumeSourceBuilder::new(kerberos_secret_class)
4646
.with_listener_volume_scope(LISTENER_BROKER_VOLUME_NAME)
4747
.with_listener_volume_scope(LISTENER_BOOTSTRAP_VOLUME_NAME)
48+
// The pod scope is required for the kcat-prober.
49+
.with_pod_scope()
4850
.with_kerberos_service_name(role.kerberos_service_name())
4951
.build()
5052
.context(KerberosSecretVolumeSnafu)?;

tests/test-definition.yaml

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,6 @@
66
dimensions:
77
- name: kafka
88
values:
9-
- 3.7.1
10-
- 3.7.2
11-
- 3.8.1
129
- 3.9.0
1310
# Alternatively, if you want to use a custom image, append a comma and the full image name to the product version
1411
# as in the example below.
@@ -34,11 +31,9 @@ dimensions:
3431
- name: use-client-tls
3532
values:
3633
- "true"
37-
- "false"
3834
- name: use-client-auth-tls
3935
values:
4036
- "true"
41-
- "false"
4237
- name: openshift
4338
values:
4439
- "false"
@@ -47,7 +42,6 @@ dimensions:
4742
- 1.21.1
4843
- name: kerberos-realm
4944
values:
50-
- "CLUSTER.LOCAL"
5145
- "PROD.MYCORP"
5246
- name: kerberos-backend
5347
values:

0 commit comments

Comments
 (0)