使用 GKE 内部负载均衡器的 Strimzi Kafka 设置
[英]Strimzi Kafka setup with GKE internal loadbalancer
问题描述
Followed https://strimzi.io/quickstarts/ and https://strimzi.io/blog/2019/05/13/accessing-kafka-part-4/ to use GKE internal loadbalancer with Strimzi.
按照 https://strimzi.io/quickstarts/和https://strimzi.io/blog/2019/05/13/accessing-kafka-part-4/使用 GKE 内部负载均衡器和 Strimzi。 After adding the internal load balancer Strimzi provisioned two loadbalancer service with external IP.添加内部负载均衡器后,Strimzi 使用外部 IP 配置了两个负载均衡器服务。
Kafka % k get svc -n kafka
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-cluster-kafka-0 LoadBalancer xx.xxx.xx.xxx bb.bb.bbb.bb 9094:30473/TCP 3d1h
my-cluster-kafka-bootstrap ClusterIP xx.xxx.xx.xxx <none> 9091/TCP,9092/TCP,9093/TCP 25d
my-cluster-kafka-brokers ClusterIP None <none> 9090/TCP,9091/TCP,9092/TCP,9093/TCP 25d
my-cluster-kafka-external-bootstrap LoadBalancer xx.xxx.xx.xxx aa.aa.aaa.aa 9094:30002/TCP 3d1h
my-cluster-zookeeper-client ClusterIP xx.xxx.xx.xxx <none> 2181/TCP 25d
my-cluster-zookeeper-nodes ClusterIP None <none> 2181/TCP,2888/TCP,3888/TCP 25d
The producer/consumer flow is working inside the cluster using my-cluster-kafka-bootstrap and I can also curl the my-cluster-kafka-external-bootstrap addess aa.aa.aaa.aa:9094 from outside the cluster.生产者/消费者流程使用my-cluster-kafka-bootstrap在集群内部工作,我也可以从集群外部 curl my-cluster-kafka-external-bootstrap addess aa.aa.aaa.aa:9094 。 However after producing to aa.aa.aaa.aa:9094 from outside the cluster my producer logged the error below.但是,在从集群外部生产到aa.aa.aaa.aa:9094后,我的生产者记录了以下错误。
Connection to node 0 (bb.bb.bbb.bb:9094) could not be established. Broker may not be available.
which seem to indicate my-cluster-kafka-external-bootstrap is forwarding the traffic to my-cluster-kafka-0 .这似乎表明my-cluster-kafka-external-bootstrap正在将流量转发到my-cluster-kafka-0 。 And per kubectl get svc -o yaml output only my-cluster-kafka-external-bootstrap was setup as a GKE internal LB.每个kubectl get svc -o yaml output 只有my-cluster-kafka-external-bootstrap设置为 GKE 内部 LB。 Since there are various firewall rules in our enviroment I suspect that my-cluster-kafka-0 needs to be set up as a GKE internal LB as well for the producer to work.由于我们的环境中有各种防火墙规则,我怀疑my-cluster-kafka-0也需要设置为 GKE 内部 LB,生产者才能正常工作。 Does this seem to be the issue?这似乎是问题吗? How do I update Strimzi to make both LB internal?如何更新 Strimzi 以使两个 LB 都在内部? Thanks.谢谢。
A relevant question before Strimzi kafka accessing it privately with in GKE . Strimzi kafka 在 GKE 中私下访问它之前的一个相关问题。 But it didn't help after I turn off tls.但是在我关闭 tls 后它没有帮助。
1 个解决方案
解决方案1
0 2022-09-24 05:03:26
Answering own question.回答自己的问题。 Appearntly Strimzi provision one LB per broker which is the my-cluster-kafka-0 here.显然,Strimzi 为每个经纪人提供了一个 LB,这里是my-cluster-kafka-0 。 The listener config can specify these per broker LBs like this https://strimzi.io/blog/2019/05/13/accessing-kafka-part-4/侦听器配置可以为每个代理 LB 指定这些,例如https://strimzi.io/blog/2019/05/13/accessing-kafka-part-4/
# ...
listeners:
# ...
- name: external
port: 9094
type: loadbalancer
tls: true
authentication:
type: tls
configuration:
bootstrap:
annotations:
service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
brokers:
- broker: 0
annotations:
service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
- broker: 1
annotations:
service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
- broker: 2
annotations:
service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
# ...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.