lhotari commented on issue #24819: URL: https://github.com/apache/pulsar/issues/24819#issuecomment-3561926079
> But we can’t do cross-cluster-communication with brokers because they do not expose an external endpoint, only internal. You didn't mention which method you use for the Kubernetes deployment. In Apache Pulsar Helm chart deployments, there's some advice and important security notice: https://github.com/apache/pulsar-helm-chart?tab=readme-ov-file#external-access-recommendations . In Apache Pulsar Helm chart, the external access is via Pulsar Proxy and it requires changing the default configuration. There's also comments and security notice in the values.yaml file: https://github.com/apache/pulsar-helm-chart/blob/c341e7d65d8d351adc1f866acc2bf67c51a96b5c/charts/pulsar/values.yaml#L1448-L1468 . The `advertisedListeners`, `bindAddresses` configuration doesn't have good examples at the moment. There's [some docs](https://pulsar.apache.org/docs/concepts-multiple-advertised-listeners/#use-case-direct-client-to-broker-connection-without-pulsar-proxy), but it's not complete. The main use case in Kubernetes would be to enable external access using NodePorts. There would have to be a NodePort service for each broker pod and the pod would have to dynamically configure advertisedListeners when the pod starts up on a specific node so that routing would happen directly to the node where the pod is running. Regarding the `advertisedListeners`/`bindAddresses` config, I used the minimal config in an integration test where Kubernetes is running in a k3s docker container: https://github.com/apache/pulsar/blob/807dcaf5d928f8202c1bf8b8402cfcf72a41e63d/tests/integration/src/test/java/org/apache/pulsar/tests/integration/k8s/AbstractPulsarStandaloneK8STest.java#L355-L357 For a real cluster, it would be different since the `advertisedListeners` value would have to be set dynamically. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
