You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

https://strimzi.io/docs/operators/latest/configuring.html

https://strimzi.io/docs/operators/latest/configuring.html#proc-accessing-kafka-using-ingress-str

https://strimzi.io/blog/2019/04/23/accessing-kafka-part-2/

Current Setup - no Ingress (Kohn):

  • External Access via Nodeports
    • onap-strimzi-kafka-external-bootstrap (30493)
    • onap-strimzi-kafka-0 (30490)
    • onap-strimzi-kafka-1 (30491)
    • onap-strimzi-kafka-2 (30492)
  • TLS termination on Kafka Pods


External Access to Kafka (DT implementation) in Jakarta/Kohn

  • External Access via Ingress (Traefik)
    • new TCP "EntryPoints" in Traefik Gateway for bootstrap and brokers
    • Update Pod "clienttls" ports (9093) to use "advertizedHost" and "advertizedPort"
    • NodePorts not used...
    • IngressRouteTCP entry to "internal" bootstrap service 
      • Use "tls passthough"
    • IngressRouteTCP entries to external broker ports

Proposal for London (External Access via Ingress)

  • External Access via Ingress (istio-ingress)
    • new TLS ports on Ingress Gateway for bootstrap and brokers
  • Disable TLS on "external" broker ports 
  • Disable all Nodeports in Service definitions


Test steps

  1. Add custom ports to istio-ingressgateway service
    (https://www.dangtrinh.com/2019/09/how-to-open-custom-port-on-istio.html)
  2. Modify "external" pods to disable TLS
  3. Add "ingress" services to onap_strimzi


  • "Add custom ports to istio-ingressgateway service"
1. Export existing service definition:
	kubectl -n istio-ingress get service istio-ingressgateway -o yaml > istio_ingressgateway.yaml
2. Check existing Nodeports (The range of valid ports is 30000-32767)
	kubectl get svc -A |grep Load
	kubectl get svc -A |grep NodePort
3. Choose 4 free ports (e.g. 30900, 30901,30902, 30903)
4. Edit istio_ingressgateway.yaml and add:
  - port: 9003
    nodePort: 30903
    targetPort: 9003
    name: kafka-bootstrap
    protocol: TCP
  - port: 9000
    nodePort: 30900
    targetPort: 9000
    name: kafka-0
    protocol: TCP
  - port: 9001
    nodePort: 30901
    targetPort: 9001
    name: kafka-1
    protocol: TCP
  - port: 9002
    nodePort: 30902
    targetPort: 9002
    name: kafka-2
    protocol: TCP
5. Apply changes:
     kubectl apply -f ./istio_ingressgateway.yaml


  • No labels