From ff00f4778e3fc390e19b571131bac39909da9972 Mon Sep 17 00:00:00 2001 From: Jake Cahill <45230295+JakeSCahill@users.noreply.github.com> Date: Tue, 10 Dec 2024 22:00:16 +0000 Subject: [PATCH] DOC-822 Use `rpk` to connect to Schema Registry in K8s Pods (#911) --- .../kubernetes/k-production-deployment.adoc | 4 + .../self-hosted/kubernetes/local-guide.adoc | 1 + .../kubernetes/guides/deploy-redpanda.adoc | 2 + modules/get-started/pages/install-beta.adoc | 1 + .../kubernetes/k-decommission-brokers.adoc | 1 + .../pages/kubernetes/k-scale-redpanda.adoc | 1 + .../pages/kubernetes/k-schema-controller.adoc | 21 +- .../networking/k-connect-to-redpanda.adoc | 199 ++++++++++-------- modules/upgrade/pages/k-upgrade-operator.adoc | 1 + .../migrate/kubernetes/helm-to-operator.adoc | 1 + 10 files changed, 144 insertions(+), 88 deletions(-) diff --git a/modules/deploy/pages/deployment-option/self-hosted/kubernetes/k-production-deployment.adoc b/modules/deploy/pages/deployment-option/self-hosted/kubernetes/k-production-deployment.adoc index fabc2553c..106a62fc8 100644 --- a/modules/deploy/pages/deployment-option/self-hosted/kubernetes/k-production-deployment.adoc +++ b/modules/deploy/pages/deployment-option/self-hosted/kubernetes/k-production-deployment.adoc @@ -228,6 +228,7 @@ For details, see xref:get-started:licensing/add-license-redpanda/kubernetes.adoc [source,bash,subs="attributes+"] ---- helm repo add redpanda https://charts.redpanda.com +helm repo update helm install redpanda redpanda/redpanda \ --version {latest-redpanda-helm-chart-version} \ <1> --namespace \ <2> @@ -286,6 +287,7 @@ Helm + Operator:: [,bash,subs="attributes+"] ---- helm repo add redpanda https://charts.redpanda.com +helm repo update helm upgrade --install redpanda-controller redpanda/operator \ --namespace \ --set image.tag={latest-operator-version} \ @@ -338,6 +340,7 @@ NOTE: Make sure to use unique node ports for the listeners in your Redpanda reso [source,bash,subs="attributes+"] ---- helm repo add redpanda https://charts.redpanda.com +helm repo update helm install redpanda-two redpanda/redpanda \ --version {latest-redpanda-helm-chart-version} \ --namespace \ @@ -391,6 +394,7 @@ Helm:: [source,bash,subs="attributes+"] ---- helm repo add redpanda https://charts.redpanda.com +helm repo update helm install redpanda redpanda/redpanda \ --version {latest-redpanda-helm-chart-version} \ --namespace \ diff --git a/modules/deploy/pages/deployment-option/self-hosted/kubernetes/local-guide.adoc b/modules/deploy/pages/deployment-option/self-hosted/kubernetes/local-guide.adoc index 933556607..92e814ff2 100644 --- a/modules/deploy/pages/deployment-option/self-hosted/kubernetes/local-guide.adoc +++ b/modules/deploy/pages/deployment-option/self-hosted/kubernetes/local-guide.adoc @@ -158,6 +158,7 @@ include::deploy:partial$kubernetes/install-crds.adoc[] [,bash,subs="attributes+"] ---- helm repo add redpanda https://charts.redpanda.com +helm repo update redpanda helm upgrade --install redpanda-controller redpanda/operator \ --namespace \ --set image.tag={latest-operator-version} \ diff --git a/modules/deploy/partials/kubernetes/guides/deploy-redpanda.adoc b/modules/deploy/partials/kubernetes/guides/deploy-redpanda.adoc index 216a874db..6a4c2e558 100644 --- a/modules/deploy/partials/kubernetes/guides/deploy-redpanda.adoc +++ b/modules/deploy/partials/kubernetes/guides/deploy-redpanda.adoc @@ -40,6 +40,7 @@ include::deploy:partial$kubernetes/install-crds.adoc[] [,bash,subs="attributes+"] ---- helm repo add redpanda https://charts.redpanda.com +helm repo update helm upgrade --install redpanda-controller redpanda/operator \ --namespace \ --set image.tag={latest-operator-version} \ @@ -139,6 +140,7 @@ TLS is enabled by default. The Redpanda Helm chart uses cert-manager to manage T [source,bash,subs="attributes+",lines=3+5-9] ---- helm repo add redpanda https://charts.redpanda.com +helm repo update helm install redpanda redpanda/redpanda \ --version {latest-redpanda-helm-chart-version} \ --namespace --create-namespace \ diff --git a/modules/get-started/pages/install-beta.adoc b/modules/get-started/pages/install-beta.adoc index 4cb70201b..b38d1b7c4 100644 --- a/modules/get-started/pages/install-beta.adoc +++ b/modules/get-started/pages/install-beta.adoc @@ -156,6 +156,7 @@ Install Redpanda with Helm from the RC build in https://hub.docker.com/r/redpand [source,bash,subs="attributes+"] ---- helm repo add redpanda https://charts.redpanda.com +helm repo update helm install redpanda redpanda/redpanda \ --namespace \ --create-namespace --set image.repository=docker.redpanda.com/redpandadata/redpanda-unstable --set image.tag={redpanda-beta-tag} diff --git a/modules/manage/pages/kubernetes/k-decommission-brokers.adoc b/modules/manage/pages/kubernetes/k-decommission-brokers.adoc index 0215282ea..bf2d62d04 100644 --- a/modules/manage/pages/kubernetes/k-decommission-brokers.adoc +++ b/modules/manage/pages/kubernetes/k-decommission-brokers.adoc @@ -273,6 +273,7 @@ To install the Decommission controller as part of the Redpanda Operator: [,bash,subs="attributes+"lines=7+8] ---- helm repo add redpanda https://charts.redpanda.com +helm repo update helm upgrade --install redpanda-controller redpanda/operator \ --namespace \ --set image.tag={latest-operator-version} \ diff --git a/modules/manage/pages/kubernetes/k-scale-redpanda.adoc b/modules/manage/pages/kubernetes/k-scale-redpanda.adoc index 43bbfd8e9..28df81151 100644 --- a/modules/manage/pages/kubernetes/k-scale-redpanda.adoc +++ b/modules/manage/pages/kubernetes/k-scale-redpanda.adoc @@ -152,6 +152,7 @@ To install the Nodewatcher controller as part of the Redpanda Operator: [,bash,subs="attributes+",lines=7+8] ---- helm repo add redpanda https://charts.redpanda.com +helm repo update helm upgrade --install redpanda-controller redpanda/operator \ --namespace \ --set image.tag={latest-operator-version} \ diff --git a/modules/manage/pages/kubernetes/k-schema-controller.adoc b/modules/manage/pages/kubernetes/k-schema-controller.adoc index aaaa8606a..e2e5772ab 100644 --- a/modules/manage/pages/kubernetes/k-schema-controller.adoc +++ b/modules/manage/pages/kubernetes/k-schema-controller.adoc @@ -59,17 +59,26 @@ When the manifest is applied, the schema will be created in your Redpanda cluste + [,bash] ---- -kubect get schema example-schema --namespace +kubectl get schema example-schema --namespace ---- +. Create an alias to simplify running `rpk` commands on your cluster: ++ +[,bash] +---- +alias internal-rpk="kubectl --namespace exec -i -t -c redpanda -- rpk" +---- ++ +Replace `` with the name of a Pod that's running Redpanda. + . Verify that the schema was created in Redpanda: + [source,bash] ---- -kubectl exec -it --namespace -- curl https://...svc.cluster.local:8081/subjects -sS --cacert /etc/tls/certs/default/ca.crt -w '\n' +internal-rpk registry subject list ---- + -Replace `` with the name of a Pod that's running Redpanda. +You should see `example-schema` in the output. == Schema examples @@ -244,8 +253,8 @@ You can also check specific versions of the schema: [source,bash] ---- -kubectl exec -it --namespace -- curl https://...svc.cluster.local:8081/schemas/ids/1 -sS --cacert /etc/tls/certs/default/ca.crt -w '\n' -kubectl exec -it --namespace -- curl https://...svc.cluster.local:8081/schemas/ids/2 -sS --cacert /etc/tls/certs/default/ca.crt -w '\n' +internal-rpk registry schema get --id 1 +internal-rpk registry schema get --id 2 ---- == Delete a schema @@ -261,7 +270,7 @@ Verify that the schema was deleted by checking the Redpanda Schema Registry: [source,bash] ---- -kubectl exec -it --namespace -- curl https://...svc.cluster.local:8081/subjects -sS --cacert /etc/tls/certs/default/ca.crt -w '\n' +internal-rpk registry subject list ---- == Suggested reading diff --git a/modules/manage/pages/kubernetes/networking/k-connect-to-redpanda.adoc b/modules/manage/pages/kubernetes/networking/k-connect-to-redpanda.adoc index 4592dfb1b..638e306e4 100644 --- a/modules/manage/pages/kubernetes/networking/k-connect-to-redpanda.adoc +++ b/modules/manage/pages/kubernetes/networking/k-connect-to-redpanda.adoc @@ -37,11 +37,11 @@ You must have the following: To connect a client to Redpanda brokers running in the same Kubernetes cluster, use their xref:./k-networking-and-connectivity.adoc#internal-networking[fully qualified domain names] (FQDNs) and the internal port of a listener. Together, the FQDN and internal port are called an endpoint. These endpoints may be secured using TLS and/or authentication. -The `rpk` client on each Redpanda broker is pre-configured to connect to the internal Admin API and internal Kafka API of the local Redpanda cluster. To use other clients, such as a Kafka client, you must configure them. +The `rpk` client on each Redpanda broker is pre-configured to connect to the internal Admin API, Kafka API, and Schema Registry of the local Redpanda cluster. To use other clients, such as a Kafka client, you must configure them. -=== Connect internally with a local rpk client +=== Connect internally with a local `rpk` client -The `rpk` command-line client, available on each Redpanda broker, allows you to communicate with the internal listeners of both the Admin API endpoint and the Kafka API endpoint. By default, the Redpanda Helm chart configures `rpk` with a local `redpanda.yaml` configuration file located in the `/etc/redpanda/` directory. As a result, you can use `rpk` from inside the container. For example, this command executes the `rpk cluster info` command: +The `rpk` command-line client, available on each Redpanda broker, allows you to communicate with the internal listeners of the Admin API, the Kafka API and Schema Registry. By default, the Redpanda Helm chart configures `rpk` with a local `redpanda.yaml` configuration file located in the `/etc/redpanda/` directory. As a result, you can use `rpk` from inside the container. For example, this command executes the `rpk cluster info` command: [,bash] ---- @@ -83,17 +83,17 @@ kubectl exec --namespace -- cat /etc/redpanda/redpanda.ya The `rpk.kafka_api.brokers` list contains the internal Kafka API endpoints of the Redpanda brokers: .`redpanda.yaml` -[,yaml,lines=4-6,.no-copy] +[,yaml,.no-copy] ---- rpk: kafka_api: brokers: - - redpanda-0.redpanda.redpanda.svc.cluster.local.:9093 - - redpanda-1.redpanda.redpanda.svc.cluster.local.:9093 - - redpanda-2.redpanda.redpanda.svc.cluster.local.:9093 + - .redpanda..svc.cluster.local.:9093 + - redpanda-1.redpanda..svc.cluster.local.:9093 + - redpanda-2.redpanda..svc.cluster.local.:9093 ---- -If the internal listeners have SASL authentication enabled, you must also configure your clients with valid credentials. To find out if a listener has authentication enabled, check the Helm values: +If the internal listeners have SASL authentication or TLS enabled, you must also configure your clients with valid credentials. To find out if a listener has authentication enabled, check the Helm values: [source,bash] ---- @@ -102,7 +102,7 @@ helm get values --namespace --all In this example, the Kafka API has SASL authentication enabled: -[source,yaml,lines=3+9] +[source,yaml] ---- auth: sasl: @@ -114,11 +114,9 @@ listeners: authenticationMethod: null ---- -For details about SASL authentication, see xref:manage:kubernetes/security/authentication/k-authentication.adoc[]. - If the internal listeners have TLS or mTLS enabled, you must configure your clients with valid TLS files. To find out if the Redpanda cluster has TLS or mTLS enabled, check the Helm values. In this example, the Kafka API has TLS and mTLS enabled: -[source,yaml,lines=5+7,.no-copy] +[source,yaml,.no-copy] ---- listeners: kafka: @@ -186,15 +184,17 @@ For details about TLS, see xref:manage:kubernetes/security/tls/index.adoc[]. === Connect to the internal HTTP Proxy -To connect to the HTTP Proxy, use its configured internal port. To find the port, check the Helm values: +To connect to the HTTP Proxy, use its configured internal port. +. Check the Helm values to find the port: ++ [source,bash] ---- helm get values --namespace --all ---- - ++ In this example, the internal port is 8082. - ++ [source,yaml] ---- listeners: @@ -202,34 +202,34 @@ listeners: port: 8082 ---- -To test an internal connection, you can use the cURL command-line client inside the container running a Redpanda broker: - +. Use the curl command-line client inside the container running a Redpanda broker: ++ [source,bash] ---- -kubectl exec --namespace -- curl http://redpanda-0.redpanda.redpanda.svc.cluster.local:8082/topics -sS +kubectl exec --namespace -- curl http://.redpanda..svc.cluster.local:8082/topics -sS ---- - ++ If SASL authentication is enabled, provide a valid username and password using basic authentication: - ++ [source,bash] ---- -kubectl exec --namespace -- curl http://redpanda-0.redpanda.redpanda.svc.cluster.local:8082/topics -u : -sS +kubectl exec --namespace -- curl http://.redpanda..svc.cluster.local:8082/topics -u : -sS ---- - ++ If TLS is enabled, specify the HTTPS protocol and pass the path to the `ca.crt` file: - ++ [source,bash] ---- -kubectl exec --namespace -- curl https://redpanda-0.redpanda.redpanda.svc.cluster.local:8082/topics --cacert /etc/tls/certs/default/ca.crt -sS +kubectl exec --namespace -- curl https://.redpanda..svc.cluster.local:8082/topics --cacert /etc/tls/certs/default/ca.crt -sS ---- - ++ NOTE: If the broker's certificate is signed by a well-known, trusted CA, and you're confident about the integrity of your system's CA trust store, you don't need the `--cacert` flag. - ++ If mTLS is enabled, pass the path to the client's key and certificate: - ++ [source,bash] ---- -kubectl exec --namespace -- curl https://redpanda-0.redpanda.redpanda.svc.cluster.local:8082/topics \ +kubectl exec --namespace -- curl https://.redpanda..svc.cluster.local:8082/topics \ --cacert /etc/tls/certs/default/ca.crt \ --cert /etc/tls/certs/redpanda-client/tls.crt \ --key /etc/tls/certs/redpanda-client/tls.key @@ -239,15 +239,33 @@ For all available endpoints, see xref:api:ROOT:pandaproxy-rest.adoc[]. === Connect to internal Schema Registry -To connect to the Schema Registry, use its configured internal port. To find the port, check the Helm values: +[tabs] +====== +rpk:: ++ +-- +The xref:reference:rpk/rpk-registry/rpk-registry.adoc[`rpk registry`] command can manage schemas directly: [source,bash] ---- -helm get values --namespace --all +kubectl exec --namespace -- rpk registry subject list ---- +-- +curl:: ++ +-- -In this example, the internal port is 8081. +To connect to the Schema Registry, use its configured internal port. +. Check the Helm values to find the port: ++ +[source,bash] +---- +helm get values --namespace --all +---- ++ +In this example, the internal port is 8081. ++ [source,yaml] ---- listeners: @@ -255,93 +273,110 @@ listeners: port: 8081 ---- -To test an internal connection, you can use the cURL command-line client inside the container running a Redpanda broker: - +. Use the curl command-line client inside the container running a Redpanda broker: ++ [source,bash] ---- -kubectl exec --namespace -- curl http://redpanda-0.redpanda.redpanda.svc.cluster.local:8081/subjects -sS +kubectl exec --namespace -- curl http://.redpanda..svc.cluster.local:8081/subjects -sS ---- - ++ If SASL authentication is enabled, provide a username and password using basic authentication: - ++ [source,bash] ---- -kubectl exec --namespace -- curl http://redpanda-0.redpanda.redpanda.svc.cluster.local:8081/subjects -u : -sS +kubectl exec --namespace -- curl http://.redpanda..svc.cluster.local:8081/subjects -u : -sS ---- - ++ If TLS is enabled, specify the HTTPS protocol and pass the path to the `ca.crt` file: - ++ [source,bash] ---- -kubectl exec --namespace -- curl https://redpanda-0.redpanda.redpanda.svc.cluster.local:8081/subjects --cacert /etc/tls/certs/default/ca.crt -sS +kubectl exec --namespace -- curl https://.redpanda..svc.cluster.local:8081/subjects --cacert /etc/tls/certs/default/ca.crt -sS ---- - ++ NOTE: If the broker's certificate is signed by a well-known, trusted CA, and you're confident about the integrity of your system's CA trust store, you don't need the `--cacert` flag. - ++ If mTLS is enabled, pass the path to the client's key and certificate: - ++ [source,bash] ---- -kubectl exec --namespace -- curl https://redpanda-0.redpanda.redpanda.svc.cluster.local:8081/subjects \ +kubectl exec --namespace -- curl https://.redpanda..svc.cluster.local:8081/subjects \ --cacert /etc/tls/certs/default/ca.crt \ --cert /path/to/client.crt \ --key /path/to/client.key ---- For all available endpoints, see xref:api:ROOT:pandaproxy-schema-registry.adoc[]. +-- +====== === Connect to the internal Admin API -To connect to the Admin API, use its configured internal port. To find the port, check the Helm values: +[tabs] +==== +rpk:: ++ +-- +Using `rpk`, which is already configured inside the Redpanda Pod, you can interact with the Admin API. For example, to export cluster configuration: [source,bash] ---- -helm get values --namespace --all +kubectl exec --namespace -- rpk cluster config export ---- -In this example, the internal port is 8081. +If SASL is enabled, set your environment variables first: -[source,yaml] +[source,bash] ---- -listeners: - admin: - port: 9644 +export RPK_USER= +export RPK_PASS= +export RPK_SASL_MECHANISM= ---- -To test an internal connection, you can use the cURL command-line client inside the container running a Redpanda broker: +-- +curl:: ++ +-- +If you prefer to use curl from within the Redpanda Pod: [source,bash] ---- -kubectl exec --namespace -- curl http://redpanda-0.redpanda.redpanda.svc.cluster.local:9644/v1/node_config -sS +kubectl exec --namespace -- curl http://.redpanda..svc.cluster.local:9644/v1/node_config -sS ---- -If TLS is enabled, specify the HTTPS protocol and pass the path to the `ca.crt` file: +If TLS is enabled, use `https` and `--cacert`: [source,bash] ---- -kubectl exec --namespace -- curl https://redpanda-0.redpanda.redpanda.svc.cluster.local:9644/v1/node_config --cacert /etc/tls/certs/default/ca.crt -sS +kubectl exec --namespace -- \ + curl https://.redpanda..svc.cluster.local:9644/v1/node_config \ + --cacert /etc/tls/certs/default/ca.crt -sS ---- -NOTE: If the broker's certificate is signed by a well-known, trusted CA, and you're confident about the integrity of your system's CA trust store, you don't need the `--cacert` flag. - -If mTLS is enabled, pass the path to the client's key and certificate: +If mTLS is enabled, also include the client certificate and key: [source,bash] ---- -kubectl exec --namespace -- curl https://redpanda-0.redpanda.redpanda.svc.cluster.local:9644/v1/node_config \ +kubectl exec --namespace -- \ + curl https://.redpanda..svc.cluster.local:9644/v1/node_config \ --cacert /etc/tls/certs/default/ca.crt \ --cert /path/to/client.crt \ - --key /path/to/client.key + --key /path/to/client.key -sS ---- +NOTE: If the broker's certificate is signed by a well-known, trusted CA, and your system's CA trust store is reliable, you may omit `--cacert`. + For all available endpoints, see xref:api:ROOT:admin-api.adoc[]. +-- +==== + == Connect to an external cluster To connect to your Redpanda cluster from outside Kubernetes, the Redpanda cluster must be configured with external access. See xref:./external/index.adoc[]. [[rpk-profile]] -=== Create an rpk profile +=== Create an `rpk` profile An rpk profile contains a reusable configuration for a Redpanda cluster. When running `rpk`, you can create a profile, configure it for a cluster you're working with, and use it repeatedly when running an `rpk` command for the cluster. @@ -395,14 +430,14 @@ kubectl exec --namespace -- cat /etc/redpanda/redpanda.ya The `redpanda.advertised_kafka_api` list item called `default` contains the external Kafka API endpoints for the Redpanda brokers: .`redpanda.yaml` -[,yaml,lines=7-8,.no-copy] +[,yaml,.no-copy] ---- redpanda: advertised_kafka_api: - - address: redpanda-0.redpanda.redpanda.svc.cluster.local. + - address: .redpanda..svc.cluster.local. port: 9093 name: internal - - address: redpanda-0.customredpandadomain.local + - address: .customredpandadomain.local port: 31092 name: default ---- @@ -416,7 +451,7 @@ helm get values --namespace --all In this example, the Kafka API has SASL authentication enabled: -[source,yaml,lines=19] +[source,yaml] ---- auth: sasl: @@ -433,7 +468,7 @@ For details about SASL authentication, see xref:manage:kubernetes/security/authe If the external listeners have TLS or mTLS enabled, you must configure your clients with valid TLS files. To find out if the Redpanda cluster has TLS enabled, check the Helm values. In this example, the Kafka API has TLS enabled: -[source,yaml,lines=9-11,.no-copy] +[source,yaml,.no-copy] ---- listeners: kafka: @@ -509,25 +544,25 @@ listeners: - 30082 ---- -To test an external connection, you can use the cURL command-line client inside the container running a Redpanda broker: +To test an external connection, you can use the curl command-line client inside the container running a Redpanda broker: [source,bash] ---- -kubectl exec --namespace -- curl http://redpanda-0.redpanda.redpanda.svc.cluster.local:8083/topics -sS +curl http://.redpanda..svc.cluster.local:30082/topics -sS ---- If SASL authentication is enabled, provide a username and password using basic authentication: [source,bash] ---- -kubectl exec --namespace -- curl http://redpanda-0.redpanda.redpanda.svc.cluster.local:8083/topics -u : -sS +curl http://.redpanda..svc.cluster.local:30082/topics -u : -sS ---- If TLS is enabled, specify the HTTPS protocol and pass the path to the `ca.crt` file: [source,bash] ---- -kubectl exec --namespace -- curl https://redpanda-0.redpanda.redpanda.svc.cluster.local:8083/topics --cacert /etc/tls/certs/external/ca.crt -sS +curl https://.redpanda..svc.cluster.local:30082/topics --cacert /etc/tls/certs/external/ca.crt -sS ---- NOTE: If the broker's certificate is signed by a well-known, trusted CA, and you're confident about the integrity of your system's CA trust store, you don't need the `--cacert` flag. @@ -536,7 +571,7 @@ If mTLS is enabled, pass the path to the client's key and certificate: [source,bash] ---- -kubectl exec --namespace -- curl https://redpanda-0.redpanda.redpanda.svc.cluster.local:8083/topics \ +curl https://.redpanda..svc.cluster.local:30082/topics \ --cacert /etc/tls/certs/external/ca.crt \ --cert /etc/tls/certs/external/tls.crt \ --key /etc/tls/certs/external/tls.key @@ -546,7 +581,7 @@ For all available endpoints, see xref:api:ROOT:pandaproxy-rest.adoc[]. === Connect to external Schema Registry -To connect to the Schema Registry, use its configured external port. To find the port, check the Helm values: +To connect to the Schema Registry with a HTTP client, use its configured external port. To find the port, check the Helm values: [source,bash] ---- @@ -566,25 +601,25 @@ listeners: - 30081 ---- -To test an external connection, you can use the cURL command-line client inside the container running a Redpanda broker: +To test an external connection, you can use the curl command-line client inside the container running a Redpanda broker: [source,bash] ---- -kubectl exec --namespace -- curl http://redpanda-0.redpanda.redpanda.svc.cluster.local:8084/subjects -sS +curl http://.redpanda..svc.cluster.local:30081/subjects -sS ---- If SASL authentication is enabled, provide a username and password using basic authentication: [source,bash] ---- -kubectl exec --namespace -- curl http://redpanda-0.redpanda.redpanda.svc.cluster.local:8084/subjects -u : -sS +curl http://.redpanda..svc.cluster.local:30081/subjects -u : -sS ---- If TLS is enabled, specify the HTTPS protocol and pass the path to the `ca.crt` file: [source,bash] ---- -kubectl exec --namespace -- curl https://redpanda-0.redpanda.redpanda.svc.cluster.local:8084/subjects --cacert /etc/tls/certs/external/ca.crt -sS +curl https://.redpanda..svc.cluster.local:30081/subjects --cacert /etc/tls/certs/external/ca.crt -sS ---- NOTE: If the broker's certificate is signed by a well-known, trusted CA, and you're confident about the integrity of your system's CA trust store, you don't need the `--cacert` flag. @@ -593,7 +628,7 @@ If mTLS is enabled, pass the path to the client's key and certificate: [source,bash] ---- -kubectl exec --namespace -- curl https://redpanda-0.redpanda.redpanda.svc.cluster.local:8084/subjects \ +curl https://.redpanda..svc.cluster.local:30081/subjects \ --cacert /etc/tls/certs/external/ca.crt \ --cert /etc/tls/certs/external/tls.crt \ --key /etc/tls/certs/external/tls.key @@ -603,7 +638,7 @@ For all available endpoints, see xref:api:ROOT:pandaproxy-schema-registry.adoc[] === Connect to external Admin API -To connect to the Admin API, use its configured external port. To find the port, check the Helm values: +To connect to the Admin API using an HTTP client, use its configured external port. To find the port, check the Helm values: [source,bash] ---- @@ -623,18 +658,18 @@ listeners: - 31644 ---- -To test an external connection, you can use the cURL command-line client inside the container running a Redpanda broker: +To test an external connection, you can use the curl command-line client inside the container running a Redpanda broker: [source,bash] ---- -kubectl exec --namespace -- curl http://redpanda-0.redpanda.redpanda.svc.cluster.local:9645/v1/node_config -sS +curl http://.redpanda..svc.cluster.local:31644/v1/node_config -sS ---- If TLS is enabled, specify the HTTPS protocol and pass the path to the `ca.crt` file: [source,bash] ---- -kubectl exec --namespace -- curl https://redpanda-0.redpanda.redpanda.svc.cluster.local:9645/v1/node_config --cacert /etc/tls/certs/external/ca.crt -sS +curl https://.redpanda..svc.cluster.local:31644/v1/node_config --cacert /etc/tls/certs/external/ca.crt -sS ---- NOTE: If the broker's certificate is signed by a well-known, trusted CA, and you're confident about the integrity of your system's CA trust store, you don't need the `--cacert` flag. @@ -643,7 +678,7 @@ If mTLS is enabled, pass the path to the client's key and certificate: [source,bash] ---- -kubectl exec --namespace -- curl https://redpanda-0.redpanda.redpanda.svc.cluster.local:9645/v1/node_config \ +curl https://.redpanda..svc.cluster.local:31644/v1/node_config \ --cacert /etc/tls/certs/external/ca.crt \ --cert /etc/tls/certs/external/tls.crt \ --key /etc/tls/certs/external/tls.key diff --git a/modules/upgrade/pages/k-upgrade-operator.adoc b/modules/upgrade/pages/k-upgrade-operator.adoc index 7352ff93a..29a4ea637 100644 --- a/modules/upgrade/pages/k-upgrade-operator.adoc +++ b/modules/upgrade/pages/k-upgrade-operator.adoc @@ -27,6 +27,7 @@ You'll need to apply these overrides in the next step. [,bash,subs="attributes+"] ---- helm repo add redpanda https://charts.redpanda.com +helm repo update helm upgrade --install redpanda-controller redpanda/operator \ --namespace \ --set image.tag= diff --git a/modules/upgrade/pages/migrate/kubernetes/helm-to-operator.adoc b/modules/upgrade/pages/migrate/kubernetes/helm-to-operator.adoc index c1190f752..cc8bb0702 100644 --- a/modules/upgrade/pages/migrate/kubernetes/helm-to-operator.adoc +++ b/modules/upgrade/pages/migrate/kubernetes/helm-to-operator.adoc @@ -80,6 +80,7 @@ include::deploy:partial$kubernetes/install-crds.adoc[] [,bash,subs="attributes+"] ---- helm repo add redpanda https://charts.redpanda.com +helm repo update helm upgrade --install redpanda-controller redpanda/operator \ --namespace \ --set image.tag={latest-operator-version} \