Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS not in networkpolicy #31411

Open
Klwilson2272 opened this issue Jan 16, 2025 · 2 comments
Open

TLS not in networkpolicy #31411

Klwilson2272 opened this issue Jan 16, 2025 · 2 comments
Assignees
@carrodher
Labels
tech-issues The user has a technical issue about an application triage Triage is needed zookeeper

Comments

@Klwilson2272
Copy link

Klwilson2272 commented Jan 16, 2025
edited by carrodher
Loading

Name and Version

bitnami/zookeeper

What architecture are you using?

amd64

What steps will reproduce the bug?

  1. environment
    When deploying the zookeeper chart with tls enabled, and external ingerss enabled. The network policy only allows for 2181 port. I expected that I would be able to use the 3181 when TLS is configured. The Network policy should include 3181 when tls.enabled is configured to allow consistent configuration.

  2. config

zookeeper:
  replicaCount: 3
  service:
    type: NodePort
    nodePorts:
      client: "32181"
      tls: "31181"
  persistence:
    storageClass: zookeeper-data
  resourcesPreset: small
  tls:
    client: 
      enabled: true
      autoGenerated: true
    resourcesPreset: small
  metrics:
    enabled: true
  1. run

Deploy the helm chart with the above configurtation.

  1. error
openssl s_client -connect host:31181 fails with a timeout. 
Attempting to use kazoo with:
from kazoo.client import KazooClient

# Create a Kazoo client and connect to ZooKeeper
zk = KazooClient(hosts='192.168.16.2:31181', use_ssl=True, verify_certs=False)
zk.start()

# Create a node
zk.create("/my_node", b"Hello, ZooKeeper!")

# Get the value of a node
data, stat = zk.get("/my_node")
print("Data:", data.decode('utf-8'))

# Watch for changes to a node
@zk.DataWatch("/my_node")
def watch_node(data, stat):
    print("Node changed:", data.decode('utf-8'))

# Create a lock
lock = zk.Lock("/my_lock")
with lock:
    # Critical section
    print("Lock acquired")

# Close the connection
zk.stop()

Also times out with a error.

After modifying the networkpolicy and adding port 3181. I was able to connect with openssl and the kazoo client without issues. I edited the network policy and added the 3181 and protocol TCP below.

spec:
  egress:
  - {}
  ingress:
  - ports:
    - port: 2181
      protocol: TCP
    - port: 3181
      protocol: TCP
    - port: 9141
      protocol: TCP

What is the expected behavior?

Expected to be able to connect using TLS when configured.

What do you see instead?

timeout errors
@Klwilson2272 Klwilson2272 added the tech-issues The user has a technical issue about an application label Jan 16, 2025
@github-actions github-actions bot added the triage Triage is needed label Jan 16, 2025
@Klwilson2272
Copy link
Author

Upon inspection of templates/networkpolicy.yaml there is no mention of the .Values.containerPorts.tls

@carrodher
Copy link
Member

Thank you for bringing this issue to our attention. We appreciate your involvement! If you're interested in contributing a solution, we welcome you to create a pull request. The Bitnami team is excited to review your submission and offer feedback. You can find the contributing guidelines here.

Your contribution will greatly benefit the community. Feel free to reach out if you have any questions or need assistance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@carrodher carrodher

Labels
tech-issues The user has a technical issue about an application triage Triage is needed zookeeper
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@carrodher @Klwilson2272