Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


Pod NameIssueWorkaroundComments
1message-router-kafkaUnable to connect to zookeeper

Its seems like it is using the POD IP to connect to zookeeper, which is a headless service.
Istio seems to have issues with headless services[2018-08-07 17:21:49,855] INFO Opening socket connection to server 10.42.2.218/10.42.2.218:2181. Will not attempt to authenticate using SASL (unknown error) (org.apache.zookeeper.ClientCnxn)
[2018-08-07 17:21:49,856] INFO Socket connection established to 10.42.2.218/10.42.2.218:2181, initiating session (org.apache.zookeeper.ClientCnxn)
[2018-08-07 17:21:49,857] WARN Session 0x0 for server 10.42.2.218/10.42.2.218:2181, unexpected error, closing socket connection and attempting reconnect (org.apache.zookeeper.ClientCnxn)
java.io.IOException: Packet len352518400 is out of range!

The error only occurs when dmaap is deployed with Istio. Without Istio, dmaap comes up fine.

This issue occurs both with mTLS enabled and when mTLS is disabled.

2message-routermessage-router-kafka is not ready
Depends on 1
3sdnc-dmaap-listenermessage-router is not ready
Depends on 2
4Http liveness probeMutual TLS can't work with K8S http/tcp liveness probe


If mutual TLS is enabled, http and tcp health checks from the kubelet will not work since they do not have Istio-issued certs.
5



6



7



8



9