Operation: [get] for kind: [Secret] with name: [my-secret] in namespace: [my-namespace] failed. #8963

ndellosa95 · 2023-08-08T20:29:46Z

ndellosa95
Aug 8, 2023

I am attempting to use the Kubernetes secret config provider based off of the guide here. However, I am getting the following error when the Kafka Connect pod starts up:

2023-08-08 19:50:56,038 INFO Configuring Kubernetes Secret config provider (io.strimzi.kafka.AbstractKubernetesConfigProvider) [main]
2023-08-08 19:50:56,240 INFO Retrieving configuration from Secret my-secret in namespace my-namespace (io.strimzi.kafka.AbstractKubernetesConfigProvider) [main]
2023-08-08 19:50:56,487 ERROR Stopping due to error (org.apache.kafka.connect.cli.AbstractConnectCli) [main]
org.apache.kafka.common.config.ConfigException: Invalid value io.fabric8.kubernetes.client.KubernetesClientException: Operation: [get]  for kind: [Secret]  with name: [my-secret]  in namespace: [my-namespace]  failed. for configuration Failed to retrieve Secret my-secret from Kubernetes namespace my-namespace

I have followed the guide and can see on Argo that I have the role with the following manifest:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"my-namespace"},"name":"my-namespace-role","namespace":"my-namespace"},"rules":[{"apiGroups":[""],"resourceNames":["my-secret","value.converter.schema.registry.basic.auth.user.info"],"resources":["secrets"],"verbs":["get"]}]}
  creationTimestamp: '2023-08-07T12:15:22Z'
  labels:
    app.kubernetes.io/instance: my-namespace
  name: my-namespace-role
  namespace: my-namespace
  resourceVersion: '68943993'
  uid: 6eb752f8-2f0d-4a57-82bf-178af96d9320
rules:
  - apiGroups:
      - ''
    resourceNames:
      - my-secret
      - value.converter.schema.registry.basic.auth.user.info
    resources:
      - secrets
    verbs:
      - get

And the associated role binding:

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"RoleBinding","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"my-namespace"},"name":"my-namespace-role-binding","namespace":"my-namespace"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"Role","name":"my-namespace-role"},"subjects":[{"kind":"ServiceAccount","name":"my-namespace-connect","namespace":"my-namespace"}]}
  creationTimestamp: '2023-08-08T19:29:03Z'
  labels:
    app.kubernetes.io/instance: my-namespace
  name: my-namespace-role-binding
  namespace: my-namespace
  resourceVersion: '69042481'
  uid: f486aafc-fd70-4ba9-bc17-5ab3f719d87c
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: my-namespace-role
subjects:
  - kind: ServiceAccount
    name: my-namespace-connect
    namespace: my-namespace

And the service account created by Strimzi:

apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: '2023-08-07T21:11:45Z'
  labels:
    app.kubernetes.io/instance: my-namespace
    app.kubernetes.io/managed-by: strimzi-cluster-operator
    app.kubernetes.io/name: kafka-connect
    app.kubernetes.io/part-of: strimzi-my-namespace
    strimzi.io/cluster: my-namespace
    strimzi.io/component-type: kafka-connect
    strimzi.io/kind: KafkaConnect
    strimzi.io/name: my-namespace-connect
  name: my-namespace-connect
  namespace: my-namespace
  ownerReferences:
    - apiVersion: kafka.strimzi.io/v1beta2
      blockOwnerDeletion: false
      controller: false
      kind: KafkaConnect
      name: my-namespace
      uid: 2fbe4a31-dffc-42ef-957e-9cf9cd7885a3
  resourceVersion: '68051682'
  uid: c5193644-4482-4f8f-8c03-26dc5fee8135

Finally, I can confirm that the pod has the following in its spec configuration:

serviceAccount: my-namespace-connect
serviceAccountName: my-namespace-connect

I honestly am completely stumped on what to do from here and the error messaging doesn't provide any clues, though I at least know it sees that the secret exists because that is a separate error message. Any ideas on how to get more details on what exactly the issue here is?

Answered by scholzj

Aug 14, 2023

Well, at least we now get the full exception. But it looks like some weird networking or TLS issue which to be honest might mean anything. Is anything special about your environment? Such as using IPv6 only or something like that?

View full answer

scholzj · 2023-08-08T21:11:13Z

scholzj
Aug 8, 2023
Maintainer

I guess you should share the KafkaConnect / KafkaConnector resources as well as the full log from Connect. The exception seems to be missing a proper stack trace, not sure that is normal - maybe there is something more. You should also share what version are you using.

9 replies

ndellosa95 Aug 9, 2023
Author

I tried with a plaintext username and enabled trace level logging but am getting the same error for value.converter.schema.registry.basic.auth.user.info now, without much additional detail.

2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.converters.LongConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.json.JsonConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.storage.StringConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.converters.ShortConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.storage.SimpleHeaderConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.transforms.ReplaceField$Value' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.transforms.ReplaceField$Key' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.transforms.SetSchemaMetadata$Value' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.transforms.Filter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.transforms.HeaderFrom$Key' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.transforms.InsertField$Value' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.transforms.TimestampConverter$Key' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.transforms.MaskField$Value' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.transforms.TimestampRouter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.transforms.RegexRouter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,551 INFO Added plugin 'org.apache.kafka.connect.transforms.HoistField$Value' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.ValueToKey' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.MaskField$Key' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.DropHeaders' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.Cast$Key' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.Cast$Value' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.ExtractField$Key' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.Flatten$Value' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.InsertHeader' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.InsertField$Key' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.Flatten$Key' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.HeaderFrom$Value' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.SetSchemaMetadata$Key' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.ExtractField$Value' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.TimestampConverter$Value' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.HoistField$Key' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.predicates.HasHeaderKey' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.predicates.RecordIsTombstone' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.transforms.predicates.TopicNameMatches' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.common.config.provider.EnvVarConfigProvider' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'io.strimzi.kafka.EnvVarConfigProvider' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'io.strimzi.kafka.KubernetesConfigMapConfigProvider' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'io.strimzi.kafka.KubernetesSecretConfigProvider' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,552 INFO Added plugin 'org.apache.kafka.connect.rest.basic.auth.extension.BasicAuthSecurityRestExtension' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,553 INFO Added aliases 'SnowflakeSinkConnector' and 'SnowflakeSink' to plugin 'com.snowflake.kafka.connector.SnowflakeSinkConnector' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,553 INFO Added aliases 'MirrorCheckpointConnector' and 'MirrorCheckpoint' to plugin 'org.apache.kafka.connect.mirror.MirrorCheckpointConnector' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,553 INFO Added aliases 'MirrorHeartbeatConnector' and 'MirrorHeartbeat' to plugin 'org.apache.kafka.connect.mirror.MirrorHeartbeatConnector' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,553 INFO Added aliases 'MirrorSourceConnector' and 'MirrorSource' to plugin 'org.apache.kafka.connect.mirror.MirrorSourceConnector' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,553 INFO Added aliases 'MockSinkConnector' and 'MockSink' to plugin 'org.apache.kafka.connect.tools.MockSinkConnector' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,553 INFO Added aliases 'MockSourceConnector' and 'MockSource' to plugin 'org.apache.kafka.connect.tools.MockSourceConnector' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,553 INFO Added aliases 'SchemaSourceConnector' and 'SchemaSource' to plugin 'org.apache.kafka.connect.tools.SchemaSourceConnector' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,553 INFO Added aliases 'VerifiableSinkConnector' and 'VerifiableSink' to plugin 'org.apache.kafka.connect.tools.VerifiableSinkConnector' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,553 INFO Added aliases 'VerifiableSourceConnector' and 'VerifiableSource' to plugin 'org.apache.kafka.connect.tools.VerifiableSourceConnector' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,553 INFO Added aliases 'SnowflakeJsonConverter' and 'SnowflakeJson' to plugin 'com.snowflake.kafka.connector.records.SnowflakeJsonConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,553 INFO Added aliases 'AvroConverter' and 'Avro' to plugin 'io.confluent.connect.avro.AvroConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'ByteArrayConverter' and 'ByteArray' to plugin 'org.apache.kafka.connect.converters.ByteArrayConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'DoubleConverter' and 'Double' to plugin 'org.apache.kafka.connect.converters.DoubleConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'FloatConverter' and 'Float' to plugin 'org.apache.kafka.connect.converters.FloatConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'IntegerConverter' and 'Integer' to plugin 'org.apache.kafka.connect.converters.IntegerConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'LongConverter' and 'Long' to plugin 'org.apache.kafka.connect.converters.LongConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'ShortConverter' and 'Short' to plugin 'org.apache.kafka.connect.converters.ShortConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'JsonConverter' and 'Json' to plugin 'org.apache.kafka.connect.json.JsonConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'StringConverter' and 'String' to plugin 'org.apache.kafka.connect.storage.StringConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'ByteArrayConverter' and 'ByteArray' to plugin 'org.apache.kafka.connect.converters.ByteArrayConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'DoubleConverter' and 'Double' to plugin 'org.apache.kafka.connect.converters.DoubleConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'FloatConverter' and 'Float' to plugin 'org.apache.kafka.connect.converters.FloatConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'IntegerConverter' and 'Integer' to plugin 'org.apache.kafka.connect.converters.IntegerConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'LongConverter' and 'Long' to plugin 'org.apache.kafka.connect.converters.LongConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'ShortConverter' and 'Short' to plugin 'org.apache.kafka.connect.converters.ShortConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'JsonConverter' and 'Json' to plugin 'org.apache.kafka.connect.json.JsonConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'SimpleHeaderConverter' and 'Simple' to plugin 'org.apache.kafka.connect.storage.SimpleHeaderConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,554 INFO Added aliases 'StringConverter' and 'String' to plugin 'org.apache.kafka.connect.storage.StringConverter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,555 INFO Added alias 'DropHeaders' to plugin 'org.apache.kafka.connect.transforms.DropHeaders' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,555 INFO Added alias 'Filter' to plugin 'org.apache.kafka.connect.transforms.Filter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,555 INFO Added alias 'InsertHeader' to plugin 'org.apache.kafka.connect.transforms.InsertHeader' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,555 INFO Added alias 'RegexRouter' to plugin 'org.apache.kafka.connect.transforms.RegexRouter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,555 INFO Added alias 'TimestampRouter' to plugin 'org.apache.kafka.connect.transforms.TimestampRouter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,555 INFO Added alias 'ValueToKey' to plugin 'org.apache.kafka.connect.transforms.ValueToKey' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,555 INFO Added alias 'HasHeaderKey' to plugin 'org.apache.kafka.connect.transforms.predicates.HasHeaderKey' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,555 INFO Added alias 'RecordIsTombstone' to plugin 'org.apache.kafka.connect.transforms.predicates.RecordIsTombstone' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,555 INFO Added alias 'TopicNameMatches' to plugin 'org.apache.kafka.connect.transforms.predicates.TopicNameMatches' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,555 INFO Added alias 'BasicAuthSecurityRestExtension' to plugin 'org.apache.kafka.connect.rest.basic.auth.extension.BasicAuthSecurityRestExtension' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,555 INFO Added aliases 'AllConnectorClientConfigOverridePolicy' and 'All' to plugin 'org.apache.kafka.connect.connector.policy.AllConnectorClientConfigOverridePolicy' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,555 INFO Added aliases 'NoneConnectorClientConfigOverridePolicy' and 'None' to plugin 'org.apache.kafka.connect.connector.policy.NoneConnectorClientConfigOverridePolicy' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,555 INFO Added aliases 'PrincipalConnectorClientConfigOverridePolicy' and 'Principal' to plugin 'org.apache.kafka.connect.connector.policy.PrincipalConnectorClientConfigOverridePolicy' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]
2023-08-09 16:10:02,582 INFO Configuring Kubernetes Secret config provider (io.strimzi.kafka.AbstractKubernetesConfigProvider) [main]
2023-08-09 16:10:02,806 INFO Retrieving configuration from Secret value.converter.schema.registry.basic.auth.user.info in namespace my-namespace (io.strimzi.kafka.AbstractKubernetesConfigProvider) [main]
2023-08-09 18:15:22,026 DEBUG Trying to configure client from Kubernetes config... (io.fabric8.kubernetes.client.Config) [main]
2023-08-09 18:15:22,027 DEBUG Did not find Kubernetes config at: [/home/kafka/.kube/config]. Ignoring. (io.fabric8.kubernetes.client.Config) [main]
2023-08-09 18:15:22,027 DEBUG Trying to configure client from service account... (io.fabric8.kubernetes.client.Config) [main]
2023-08-09 18:15:22,027 DEBUG Found service account host and port: 10.19.0.1:443 (io.fabric8.kubernetes.client.Config) [main]
2023-08-09 18:15:22,027 DEBUG Found service account ca cert at: [/var/run/secrets/kubernetes.io/serviceaccount/ca.crt}]. (io.fabric8.kubernetes.client.Config) [main]
2023-08-09 18:15:22,028 DEBUG Found service account token at: [/var/run/secrets/kubernetes.io/serviceaccount/token]. (io.fabric8.kubernetes.client.Config) [main]
2023-08-09 18:15:22,028 DEBUG Trying to configure client namespace from Kubernetes service account namespace path... (io.fabric8.kubernetes.client.Config) [main]
2023-08-09 18:15:22,028 DEBUG Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace]. (io.fabric8.kubernetes.client.Config) [main]
2023-08-09 18:15:22,217 INFO Retrieving configuration from Secret value.converter.schema.registry.basic.auth.user.info in namespace consumer-analytics-kafka-connect (io.strimzi.kafka.AbstractKubernetesConfigProvider) [main]
2023-08-09 18:15:22,450 DEBUG Current reconnect backoff is 100 milliseconds (T0) (io.fabric8.kubernetes.client.utils.ExponentialBackoffIntervalCalculator) [ForkJoinPool.commonPool-worker-1]
2023-08-09 16:10:03,044 ERROR Stopping due to error (org.apache.kafka.connect.cli.AbstractConnectCli) [main]
org.apache.kafka.common.config.ConfigException: Invalid value io.fabric8.kubernetes.client.KubernetesClientException: Operation: [get]  for kind: [Secret]  with name: [value.converter.schema.registry.basic.auth.user.info]  in namespace: [my-namespace]  failed. for configuration Failed to retrieve Secret value.converter.schema.registry.basic.auth.user.info from Kubernetes namespace my-namespace
	at io.strimzi.kafka.AbstractKubernetesConfigProvider.getResource(AbstractKubernetesConfigProvider.java:124)
	at io.strimzi.kafka.AbstractKubernetesConfigProvider.getValues(AbstractKubernetesConfigProvider.java:85)
	at io.strimzi.kafka.AbstractKubernetesConfigProvider.get(AbstractKubernetesConfigProvider.java:73)
	at io.strimzi.kafka.KubernetesSecretConfigProvider.get(KubernetesSecretConfigProvider.java:20)
	at org.apache.kafka.common.config.ConfigTransformer.transform(ConfigTransformer.java:103)
	at org.apache.kafka.common.config.AbstractConfig.resolveConfigVariables(AbstractConfig.java:539)
	at org.apache.kafka.common.config.AbstractConfig.<init>(AbstractConfig.java:111)
	at org.apache.kafka.common.config.AbstractConfig.<init>(AbstractConfig.java:132)
	at org.apache.kafka.connect.runtime.WorkerConfig.<init>(WorkerConfig.java:411)
	at org.apache.kafka.connect.runtime.distributed.DistributedConfig.<init>(DistributedConfig.java:563)
	at org.apache.kafka.connect.runtime.distributed.DistributedConfig.<init>(DistributedConfig.java:558)
	at org.apache.kafka.connect.cli.ConnectDistributed.createConfig(ConnectDistributed.java:111)
	at org.apache.kafka.connect.cli.ConnectDistributed.createConfig(ConnectDistributed.java:57)
	at org.apache.kafka.connect.cli.AbstractConnectCli.startConnect(AbstractConnectCli.java:123)
	at org.apache.kafka.connect.cli.AbstractConnectCli.run(AbstractConnectCli.java:94)
	at org.apache.kafka.connect.cli.ConnectDistributed.main(ConnectDistributed.java:116)

scholzj Aug 9, 2023
Maintainer

I failed to reproduce it. I did not get a similar log with any error states which come to my mind.

In any case, the logging is broken, so it is not really clear what the exception is. I opened strimzi/kafka-kubernetes-config-provider#24 to fix it. If you want, quay.io/scholzj/kafka:logging-kafka-3.5.1 is an image which has my changes. If you have it reproducible in some test environment, maybe you can try it and it might give us a better error.

ndellosa95 Aug 14, 2023
Author

I'm back from vacation and looking at this again. Thank you for providing that image, I'm able to see the full stack trace now, which is as follows.

2023-08-14 14:33:53,055 INFO Configuring Kubernetes Secret config provider (io.strimzi.kafka.AbstractKubernetesConfigProvider) [main]
2023-08-14 14:33:53,368 INFO Retrieving configuration from Secret value.converter.schema.registry.basic.auth.user.info in namespace my-namespace (io.strimzi.kafka.AbstractKubernetesConfigProvider) [main]
2023-08-14 14:34:12,729 ERROR Failed to retrieve Secret value.converter.schema.registry.basic.auth.user.info from Kubernetes namespace my-namespace (io.strimzi.kafka.AbstractKubernetesConfigProvider) [main]
io.fabric8.kubernetes.client.KubernetesClientException: Operation: [get]  for kind: [Secret]  with name: [value.converter.schema.registry.basic.auth.user.info]  in namespace: [my-namespace]  failed.
	at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:159)
	at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.requireFromServer(BaseOperation.java:187)
	at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.get(BaseOperation.java:141)
	at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.get(BaseOperation.java:92)
	at io.strimzi.kafka.AbstractKubernetesConfigProvider.getResource(AbstractKubernetesConfigProvider.java:116)
	at io.strimzi.kafka.AbstractKubernetesConfigProvider.getValues(AbstractKubernetesConfigProvider.java:85)
	at io.strimzi.kafka.AbstractKubernetesConfigProvider.get(AbstractKubernetesConfigProvider.java:73)
	at io.strimzi.kafka.KubernetesSecretConfigProvider.get(KubernetesSecretConfigProvider.java:20)
	at org.apache.kafka.common.config.ConfigTransformer.transform(ConfigTransformer.java:103)
	at org.apache.kafka.common.config.AbstractConfig.resolveConfigVariables(AbstractConfig.java:539)
	at org.apache.kafka.common.config.AbstractConfig.<init>(AbstractConfig.java:111)
	at org.apache.kafka.common.config.AbstractConfig.<init>(AbstractConfig.java:132)
	at org.apache.kafka.connect.runtime.WorkerConfig.<init>(WorkerConfig.java:411)
	at org.apache.kafka.connect.runtime.distributed.DistributedConfig.<init>(DistributedConfig.java:563)
	at org.apache.kafka.connect.runtime.distributed.DistributedConfig.<init>(DistributedConfig.java:558)
	at org.apache.kafka.connect.cli.ConnectDistributed.createConfig(ConnectDistributed.java:111)
	at org.apache.kafka.connect.cli.ConnectDistributed.createConfig(ConnectDistributed.java:57)
	at org.apache.kafka.connect.cli.AbstractConnectCli.startConnect(AbstractConnectCli.java:123)
	at org.apache.kafka.connect.cli.AbstractConnectCli.run(AbstractConnectCli.java:94)
	at org.apache.kafka.connect.cli.ConnectDistributed.main(ConnectDistributed.java:116)
Caused by: java.io.IOException: Remote host terminated the handshake
	at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.waitForResult(OperationSupport.java:504)
	at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.handleResponse(OperationSupport.java:524)
	at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.handleGet(OperationSupport.java:467)
	at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.handleGet(BaseOperation.java:741)
	at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.requireFromServer(BaseOperation.java:185)
	... 18 more
Caused by: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
	at java.net.http/jdk.internal.net.http.common.SSLTube.checkForHandshake(SSLTube.java:595)
	at java.net.http/jdk.internal.net.http.common.SSLTube$SSLSubscriberWrapper.onComplete(SSLTube.java:536)
	at java.net.http/jdk.internal.net.http.common.SubscriberWrapper.checkCompletion(SubscriberWrapper.java:472)
	at java.net.http/jdk.internal.net.http.common.SubscriberWrapper$DownstreamPusher.run1(SubscriberWrapper.java:334)
	at java.net.http/jdk.internal.net.http.common.SubscriberWrapper$DownstreamPusher.run(SubscriberWrapper.java:259)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(SequentialScheduler.java:205)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:149)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(SequentialScheduler.java:230)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler.runOrSchedule(SequentialScheduler.java:303)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler.runOrSchedule(SequentialScheduler.java:256)
	at java.net.http/jdk.internal.net.http.common.SubscriberWrapper.outgoing(SubscriberWrapper.java:232)
	at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader.processData(SSLFlowDelegate.java:513)
	at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader$ReaderDownstreamPusher.run(SSLFlowDelegate.java:268)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(SequentialScheduler.java:205)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:149)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(SequentialScheduler.java:230)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.lang.Thread.run(Thread.java:833)
2023-08-14 14:34:12,731 ERROR Stopping due to error (org.apache.kafka.connect.cli.AbstractConnectCli) [main]
org.apache.kafka.common.config.ConfigException: Failed to retrieve Secret value.converter.schema.registry.basic.auth.user.info from Kubernetes namespace my-namespace
	at io.strimzi.kafka.AbstractKubernetesConfigProvider.getResource(AbstractKubernetesConfigProvider.java:125)
	at io.strimzi.kafka.AbstractKubernetesConfigProvider.getValues(AbstractKubernetesConfigProvider.java:85)
	at io.strimzi.kafka.AbstractKubernetesConfigProvider.get(AbstractKubernetesConfigProvider.java:73)
	at io.strimzi.kafka.KubernetesSecretConfigProvider.get(KubernetesSecretConfigProvider.java:20)
	at org.apache.kafka.common.config.ConfigTransformer.transform(ConfigTransformer.java:103)
	at org.apache.kafka.common.config.AbstractConfig.resolveConfigVariables(AbstractConfig.java:539)
	at org.apache.kafka.common.config.AbstractConfig.<init>(AbstractConfig.java:111)
	at org.apache.kafka.common.config.AbstractConfig.<init>(AbstractConfig.java:132)
	at org.apache.kafka.connect.runtime.WorkerConfig.<init>(WorkerConfig.java:411)
	at org.apache.kafka.connect.runtime.distributed.DistributedConfig.<init>(DistributedConfig.java:563)
	at org.apache.kafka.connect.runtime.distributed.DistributedConfig.<init>(DistributedConfig.java:558)
	at org.apache.kafka.connect.cli.ConnectDistributed.createConfig(ConnectDistributed.java:111)
	at org.apache.kafka.connect.cli.ConnectDistributed.createConfig(ConnectDistributed.java:57)
	at org.apache.kafka.connect.cli.AbstractConnectCli.startConnect(AbstractConnectCli.java:123)
	at org.apache.kafka.connect.cli.AbstractConnectCli.run(AbstractConnectCli.java:94)
	at org.apache.kafka.connect.cli.ConnectDistributed.main(ConnectDistributed.java:116)

I'm going to check with our cloud engineers, but figured I'd post here to in case 😄

scholzj Aug 14, 2023
Maintainer

Well, at least we now get the full exception. But it looks like some weird networking or TLS issue which to be honest might mean anything. Is anything special about your environment? Such as using IPv6 only or something like that?

Answer selected by ndellosa95

ndellosa95 Aug 17, 2023
Author

Took us a few days but we had to carve out some kind of exception in our service mesh sidecar (or at least, that's my understanding of what we did, I'm not a network engineer 😅) to get it to work.

scholzj Aug 17, 2023
Maintainer

Interesting. Thanks for sharing back ... its good to have an idea about these issues if it happens to someone else in the future 👍

Strimzi

Operation: [get] for kind: [Secret] with name: [my-secret] in namespace: [my-namespace] failed. #8963

Uh oh!

Uh oh!

ndellosa95 Aug 8, 2023

Replies: 1 comment · 9 replies

Uh oh!

scholzj Aug 8, 2023 Maintainer

Uh oh!

Uh oh!

ndellosa95 Aug 9, 2023 Author

Uh oh!

scholzj Aug 9, 2023 Maintainer

Uh oh!

ndellosa95 Aug 14, 2023 Author

Uh oh!

scholzj Aug 14, 2023 Maintainer

Uh oh!

Uh oh!

ndellosa95 Aug 17, 2023 Author

Uh oh!

scholzj Aug 17, 2023 Maintainer

ndellosa95
Aug 8, 2023

Replies: 1 comment 9 replies

scholzj
Aug 8, 2023
Maintainer

ndellosa95 Aug 9, 2023
Author

scholzj Aug 9, 2023
Maintainer

ndellosa95 Aug 14, 2023
Author

scholzj Aug 14, 2023
Maintainer

ndellosa95 Aug 17, 2023
Author

scholzj Aug 17, 2023
Maintainer