[bitnami/kafka] Support external access to every broker auto-discovering external ips/ports

[juan131]

Description of the change

This PR adds support to configure external access to every broker auto-discovering external ips/ports.

There are other features added:

• Add sidecar containers
• Fix issue with SASL/SSL configuration
• Fix issue with Kafka Broker ID

Benefits

• Easier way to configure external access to every Kafka broker
• Flexibility (sidecars)

Possible drawbacks

None

Checklist

• Chart version bumped in Chart.yaml according to semver.
• Variables are documented in the README.md
• Title of the PR starts with chart name (e.g. [bitnami/chart])
• If the chart contains a values-production.yaml apart from values.yaml, ensure that you implement the changes in both files

[carrodher]

I just resolved some conflicts

[rafariossaa]

I found several port values not being able to be set in the values.yml, I think it is a good idea to let the user set them.
I added some comments on that on the code, but not all, please check all the statefulset.yaml file because I omitted several occurrences.

[juan131]

@rafariossaa the ports that are 'hardcoded' are the ones used on the Kafka pods. If you check the different services (JMX, Kafka, headless, etc.) you'll find that those ones are parametrised.

On K8s we don't really care much about the ports used on the pod/container, the ones that we do really care and should be customisable are the ones used on services.

[miguelaeh]

Thank you very much for this PR!!!
I left some minor comments, please take a look.

[miguelaeh]

What about doing this?:

for i in `seq 1 $retries`;

[juan131]

Is that option better in terms of performance? If there's no "real" reason to change this, I'll keep it as it's.

[miguelaeh]

Well, I am not sure about the performance, as seq require to call an external command, but in the other hand using the normal for it will perform a comparison and an incrementation in every iteration.
Anyway, I don't think this kind of performance is worrying here, I just suggest it because it is cleaner.

[juan131]

I don't consider it a "cleaner" solution. I think it's very subjective statement. Anyway, I don't think it's something important.

[miguelaeh]

Ok, no problem, it was just my opinion but there is nothing wrong in have it as it is.

[rafariossaa]

LGTM

[bitnami-bot]

I have just updated the bitnami images with the latest known immutable tags:

• "docker.io/bitnami/kafka:2.4.1-debian-10-r12"
• "docker.io/bitnami/jmx-exporter:0.12.0-debian-10-r54"
• "docker.io/bitnami/kafka-exporter:1.2.0-debian-10-r55"
• "docker.io/bitnami/minideb:buster"

[miguelaeh]

LGTM!

[yanjunli76]

Hi there,

The value in values.yaml and values-production.yaml is nodePorts, but here is nodePort.

[yanjunli76]

line 42

[yanjunli76]

Hi there,

If I set auth.existingSecret but not auth.zookeeperPassword in values-producation.yaml, the KAFKA_ZOOKEEPER_PASSWORD won't be enabled. I think the expected behavior is that either (auth.zookeeperPassword exist) or (auth.existingSecret exist and kafka-zookeeper-password is in the secret ) should enable the value KAFKA_ZOOKEEPER_PASSWORD

[oranje42]

Hi,

I just installed the latest version of bitnami/kafka that also contains the changes from this pull-request into a Kubernetes 1.15 cluster, with metrics and serviceMonitor enabled:

metrics:
    jmx:
      enabled: true
    kafka:
      enabled: true
    serviceMonitor:
      enabled: true

However, when looking at my Prometheus targets, I get the following:

kafka/kafka-jmx-metrics/0 (0/0 up) 
kafka/kafka-metrics/0 (0/0 up)

The serviceMonitors are discovered as expected, but the endpoints aren't (and hence no metrics get collected).

It seems that changing the port names from metrics to http-metrics within both services (jmx-metrics-svc.yaml and kafka-metrics-svc.yaml) as done by this pull-request is causing that issue. If I change the port names to http-metrics also for the ServiceMonitors in servicemonitor-metrics.yamland servicemonitor-jmx-metrics.yaml for my own deployment, the endpoints get correctly discovered again by Prometheus.

Any ideas on this? Thanks!

[juan131]

Hi @oranje42

Thanks so much for reporting this bug! You're right and we need to update the port names in the servicemonitor-*. Fixing this at #2145

[oranje42]

Wow, that was pretty fast! Thank you!
😃

[juan131]

You're welcome @oranje42 ! 😃