Migrate kafka-operator to use listener-operator for exposing brokers

[nightkr]

Description

Fixes #714.

Blockers:

• ClusterResources::delete_orphaned_resources also deletes objects that are not owned directly by it operator-rs#861

Followup issues/regressions:

• Stop NodePort services from flapping when a replica comes on- or offline listener-operator#220
• Allow listenerclasses to specify whether to prefer IP or Hostname addresses listener-operator#139

Review Checklist

• Code contains useful comments
• CRD change approved (or not applicable)
• (Integration-)Test cases added (or not applicable)
• Documentation added (or not applicable)
• Changelog updated (or not applicable)
• Cargo.toml only contains references to git tags (not specific commits or branches)
• Helm chart can be installed and deployed operator works (or not applicable)

Once the review is done, comment bors r+ (or bors merge) to merge. Further information

[nightkr]

Blocked on stackabletech/listener-operator#1

[maltesander]

Tested and works!

[lfrancke]

I've moved this back into "Ready for Development" because the Listener operator is now merged. AFAIU this should now be ready to be worked on again?

[siegfriedweber]

I've moved this back into "Ready for Development" because the Listener operator is now merged. AFAIU this should now be ready to be worked on again?

This pull request is updated as requested by stackabletech/listener-operator#5. When stackabletech/operator-rs#496 is merged and operator-rs and the listener-operator are released then this pull request can be made ready for review.

[nightkr]

Tests currently fail due to stackabletech/listener-operator#110.

[nightkr]

The tests now pass!

[sbernauer]

@nightkr do you plan to merge this or add the WIP functionality of secret-op beforehand, so that the kafka broker certificates will include the listener addresses?
It'd be awesome if we get it right in the first run :)

[nightkr]

Preferably not, since we're still working out a few API kinks there (truststore passwords), and I'd rather keep this PR focused. ^^

[sbernauer]

I started review but was sidetracked again. Submitting my comments early, as you are back :)

[sbernauer]

Just to check: stackablectl stacklet list currently returns:

│ kafka     ┆ simple-kafka ┆ default   ┆ broker-default-bootstrap-kafka    172.18.0.2:32639 ┆ Available, Reconciling, Running │
│           ┆              ┆           ┆ broker-default-bootstrap-metrics  172.18.0.2:30178 ┆                                 │

stackablectl uses the app.kubernetes.io/ labels to find all Listeners for a given stacklet. Only the bootstrap Listener has these labels set, is this intentional? I think this is due to the fact that pvcs inherit the labels of the Pod, but ephemeral volumes not

➜  kafka-operator git:(spike/lb-operator) ✗ k get listener                                                                                                           kind-kind
NAME                                            AGE
simple-kafka-broker-default-0-listener-broker   6m51s
simple-kafka-broker-default-1-listener-broker   6m49s
simple-kafka-broker-default-2-listener-broker   6m51s
simple-kafka-broker-default-bootstrap           10m
➜  kafka-operator git:(spike/lb-operator) ✗ k get listener -l app.kubernetes.io/name=kafka                                                                           kind-kind
NAME                                    AGE
simple-kafka-broker-default-bootstrap   10m

When I set the recommended labels on the ephermal volumes they get propagated to the Listener and all Listeners show up

│ kafka     ┆ simple-kafka ┆ default   ┆ broker-default-0-listener-broker-kafka    172.18.0.2:32579 ┆ Available, Reconciling, Running │
│           ┆              ┆           ┆ broker-default-0-listener-broker-metrics  172.18.0.2:30432 ┆                                 │
│           ┆              ┆           ┆ broker-default-1-listener-broker-kafka    172.18.0.2:31088 ┆                                 │
│           ┆              ┆           ┆ broker-default-1-listener-broker-metrics  172.18.0.2:30439 ┆                                 │
│           ┆              ┆           ┆ broker-default-2-listener-broker-kafka    172.18.0.2:31803 ┆                                 │
│           ┆              ┆           ┆ broker-default-2-listener-broker-metrics  172.18.0.2:31150 ┆                                 │
│           ┆              ┆           ┆ broker-default-bootstrap-kafka            172.18.0.2:32639 ┆                                 │
│           ┆              ┆           ┆ broker-default-bootstrap-metrics          172.18.0.2:30178 ┆                                 │

I think I would be in favor of adding the recommended labels to all listener volumes, WDYT?
This is the same thing as we did in hdfs-op in stackabletech/hdfs-operator#534, I would be in favor of copying the implementation from there

[nightkr]

Clients should only configure the bootstrap address(es), the Kafka client is then responsible for resolving that to the relevant replicas.

[sbernauer]

Agreed. I'm a bit torn between "we should label everything" and "I don't want everything to show in stacklet list".
I'm happy to merge as-is, but than please add a comment above Labels::new() why we choose to not label the broker Listener objects.

[sbernauer]

Just for the record: I think there is value in having the metrics endpoint for every individual broker, but as most customers will probably use Prometheus ServiceMonitor this is rather low prio

[sbernauer]

Somewhat related: Is it intentional that the simple-kafka-broker-default-bootstrap Listener contains the ingressAddress three times in the status?
Do we want to de-duplicate that list in listener-op?

apiVersion: listeners.stackable.tech/v1alpha1
kind: Listener
metadata:
  name: simple-kafka-broker-default-bootstrap
  namespace: default
# ...
spec:
  className: external-stable
  extraPodSelectorLabels: {}
  ports:
  - name: metrics
    port: 9606
    protocol: TCP
  - name: kafka
    port: 9092
    protocol: TCP
  publishNotReadyAddresses: null
status:
  ingressAddresses:
  - address: 172.18.0.2
    addressType: IP
    ports:
      kafka: 32639
      metrics: 30178
  - address: 172.18.0.2
    addressType: IP
    ports:
      kafka: 32639
      metrics: 30178
  - address: 172.18.0.2
    addressType: IP
    ports:
      kafka: 32639
      metrics: 30178
  nodePorts:
    kafka: 32639
    metrics: 30178
  serviceName: simple-kafka-broker-default-bootstrap

[nightkr]

Somewhat related: Is it intentional that the simple-kafka-broker-default-bootstrap Listener contains the ingressAddress three times in the status?

That smells like a minor bug that I would suggest filing against list-op.

[sbernauer]

This are the two changes needed to label the Listener objects correctly. I would prefer to label the Listeners correctly.
This causes them to show up in stacklet list, if this is undesired we could filter them out there

[sbernauer]

Suggested change

	&Labels::new(),
	&Labels::role_selector(kafka, APP_NAME, &rolegroup_ref.role)
	.context(LabelBuildSnafu)?,

[nightkr]

7aa5919 applies it to the Listener itself.

[nightkr]

7dae34d for the PVC

[nightkr]

Had to revert it slightly to avoid upgrade issues: 2913081

[sbernauer]

Suggested change

	&Labels::new(),
	&Labels::role_group_selector(
	kafka,
	APP_NAME,
	&rolegroup_ref.role,
	&rolegroup_ref.role_group,
	)
	.context(LabelBuildSnafu)?,

[nightkr]

88dde6b

[sbernauer]

That smells like a minor bug that I would suggest filing against list-op.

I was not sure if this was a bug. Created stackabletech/listener-operator#229

[nightkr]

Tests passed for 2913081: https://testing.stackable.tech/job/kafka-operator-it-custom/8/, https://testing.stackable.tech/job/kafka-operator-it-custom/9/