You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have a client that would establish 8 connections to the cluster. Sometimes, one or few of the connections would fail and stay in the bad state until the client is restarted.
On the server side, we would see logs like below, repeats until the client is restarted.
2024-12-17 12:12:02.363
INFO 2024-12-17 17:12:02,362 [shard 1:main] kafka - 172.18.107.224:60322 failed authorization - connection_context.cc:305 - proto: kafka rpc protocol, acl op: write, principal: type {user} name {bootstrap.cluster}, resource: topic-for-this-client
Cluster is using mTLS to authenticate. The client's cert has the common name client-1
We have a script to grant the client permissions
As described, the server nodes are using the CN bootstrap.cluster. The log shows the server CN for accessing a topic when the client failed to. The server certificate is only used by the cluster server nodes, not anywhere else.
Also, not all connections from the client fail, only part of the connections.
What should have happened instead?
The client should connect and gets authorized when a correct cert/key pair is provided
How to reproduce the issue?
We don't have a good way to reproduce the errors. It happens quite often when a new client image is rolled out.
Additional information
Please attach any relevant logs, backtraces, or metric charts.
Version & Environment
Redpanda version: (use
rpk version
):Container image:
docker.redpanda.com/redpandadata/redpanda:v24.2.2
Kubernetes version:
1.29.10
What went wrong?
We have a client that would establish 8 connections to the cluster. Sometimes, one or few of the connections would fail and stay in the bad state until the client is restarted.
On the server side, we would see logs like below, repeats until the client is restarted.
Cluster is using mTLS to authenticate. The client's cert has the common name
client-1
We have a script to grant the client permissions
As described, the server nodes are using the CN
bootstrap.cluster
. The log shows the server CN for accessing a topic when the client failed to. The server certificate is only used by the cluster server nodes, not anywhere else.Also, not all connections from the client fail, only part of the connections.
What should have happened instead?
The client should connect and gets authorized when a correct cert/key pair is provided
How to reproduce the issue?
We don't have a good way to reproduce the errors. It happens quite often when a new client image is rolled out.
Additional information
Please attach any relevant logs, backtraces, or metric charts.
JIRA Link: CORE-8613
The text was updated successfully, but these errors were encountered: