Skip to content

Commit 00055c6

Browse files
aswinayyolathaswinayyolath
committed
Introduce STRIMZI_CENTRAL_CLUSTER_ID env var to identify the central cluster
and validate KafkaNodePool deployment targets in stretch cluster setups Signed-off-by: Aswin A <[email protected]>
1 parent b7e1107 commit 00055c6

File tree

1 file changed

+40
-8
lines changed

1 file changed

+40
-8
lines changed

095-stretch-cluster.md

Lines changed: 40 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,20 @@ The values of the environment variables use the following format:
131131
The secrets referenced here must contain the kubeconfig for the Kubernetes cluster available at the provided URL as the value of secret key 'kubeconfig'.
132132
This allows the central Strimzi operator to authenticate with multiple Kubernetes clusters.
133133
134+
```yaml
135+
- name: STRIMZI_CENTRAL_CLUSTER_ID
136+
value: <central-cluster-id>
137+
```
138+
139+
- `STRIMZI_CENTRAL_CLUSTER_ID` (Required)
140+
This environment variable defines the identifier (alias) of the central Kubernetes cluster, where the `Kafka` and `KafkaNodePool` CRs are created in a stretch Kafka deployment.
141+
This identifier must be unique and must not overlap with any of the cluster IDs defined in the `STRIMZI_REMOTE_KUBE_CONFIG` environment variable.
142+
This value is used to validate and match the `strimzi.io/stretch-cluster-alias` annotation in `KafkaNodePool` CR to determine whether the resources associated with a given node pool should be deployed in the central cluster.
143+
If a KafkaNodePool CR has a stretch cluster alias that matches the value of `STRIMZI_CENTRAL_CLUSTER_ID`, the operator will deploy the corresponding resources in the central cluster.
144+
145+
Configuring the central cluster's identity explicitly avoids ambiguity and eliminates the risk of unintentionally deploying to the central cluster when a typo or misconfiguration occurs in the alias.
146+
This ensures that invalid cluster identifiers always result in a reconciliation failure, leading to a clearer user experience and safer operations.
147+
134148
**Example Secret**
135149

136150
Below is an example Kubernetes Secret containing a kubeconfig for a remote cluster
@@ -177,16 +191,18 @@ metadata:
177191
```
178192

179193
This annotation signals the user's intent to deploy a stretch Kafka cluster.
180-
However, stretch mode is only activated if both of the following conditions are met:
194+
However, stretch mode is only activated if all of the following conditions are met:
181195

182-
- The Kafka CR has the `strimzi.io/enable-stretch-cluster: "true"` annotation, and
183-
- The Cluster Operator has the `STRIMZI_REMOTE_KUBE_CONFIG` environment variable set with access credentials for the remote clusters.
196+
- The Kafka CR has the `strimzi.io/enable-stretch-cluster: "true"` annotation
197+
- The Cluster Operator is configured with the required environment variables:
198+
- `STRIMZI_CENTRAL_CLUSTER_ID` — the unique alias of the central cluster (where the Kafka and KNP CRs is deployed),
199+
- `STRIMZI_REMOTE_KUBE_CONFIG` — the mapping of remote cluster aliases to their API server URLs and associated secrets.
184200

185-
If either condition is not satisfied, the deployment falls back to a standard single-cluster setup. In such cases, the operator will log a warning such as:
186201

187-
```
188-
Stretch cluster requested via annotation, but STRIMZI_REMOTE_KUBE_CONFIG is not configured — defaulting to single-cluster deployment.
189-
```
202+
203+
If any of these conditions are not satisfied, or if a `KafkaNodePool` references a stretch cluster alias that is not defined in either `STRIMZI_CENTRAL_CLUSTER_ID` or `STRIMZI_REMOTE_KUBE_CONFIG`, the reconciliation will fail with an appropriate error.
204+
205+
This strict validation avoids accidental misconfiguration or unintended deployments in the central cluster due to missing or incorrect stretch cluster aliases.
190206

191207
This design ensures:
192208

@@ -221,7 +237,23 @@ metadata:
221237

222238
The identifier used here is required and must match one of the values defined by the user in 'Step 1' and added to the environment variable map value in 'Step 2'.
223239
This annotation is used to construct critical Kafka configuration properties such as `controller.quorum.voters` and `advertised.listeners`.
224-
If the identifier does not match any of the values defined in the `STRIMZI_REMOTE_KUBE_CONFIG` environment variable, the operator will deploy the node pool to the central Kubernetes cluster.
240+
The stretch cluster alias (defined via the annotation `strimzi.io/stretch-cluster-alias`) in the `KafkaNodePoo`l` CR must match exactly one of the following:
241+
- The value of the environment variable `STRIMZI_CENTRAL_CLUSTER_ID` (representing the current cluster the operator is running in), or
242+
- One of the cluster IDs defined in the `STRIMZI_REMOTE_KUBE_CONFIG` environment variable.
243+
244+
If the alias does not match either of these, the configuration is considered invalid, and reconciliation for the Kafka CR will fail with an error indicating that the target cluster is not recognized.
245+
246+
247+
#### Validation Matrix
248+
249+
| Kafka Stretch Enabled | `strimzi.io/stretch-cluster-alias` Present in KNP | Valid Alias (matches `STRIMZI_CENTRAL_CLUSTER_ID` or `STRIMZI_REMOTE_KUBE_CONFIG`) | Result |
250+
| :-------------------- | :------------------------------------------------ | :------------------------------------------------------------------------------------------| :---------------------------- |
251+
| false | no | - | ✅ Central-only, valid |
252+
| false | yes | - | ❌ Invalid, mixed config |
253+
| true | no | - | ❌ Invalid, alias required |
254+
| true | yes | ❌ no match | ❌ Invalid, unknown cluster alias |
255+
| true | yes | ✅ matches `STRIMZI_CENTRAL_CLUSTER_ID` | ✅ Deploy to central cluster |
256+
| true | yes | ✅ matches a cluster in `STRIMZI_REMOTE_KUBE_CONFIG` | ✅ Deploy to remote cluster |
225257

226258
#### Cluster operator behaviour
227259

0 commit comments

Comments
 (0)