Kafka container fails to run on non-FIPS nodes
Summary
Because FIPS is enabled in the RHEL image, running the Kafka container in a K8S cluster with non-FIPS nodes causes it to crash.
Steps to reproduce
Run the Kafka container in a Kubernetes cluster with non-FIPS nodes
What is the current bug behavior?
The pod crashes with the following error NSS module not available: fips
. This is a Java error, not a Strimzi error.
What is the expected correct behavior?
Kafka container should run w/o errors and reach "Ready" state.
Relevant logs and/or screenshots
Possible fixes
Following the guide at https://access.redhat.com/solutions/5696401, the security.useSystePropertiesFile property in java.security should be set to false to turn off FIPS in Java. Because this file is only writable by root, it must be done when the image is built. Adding sed -i 's/security.useSystemPropertiesFile=true/security.useSystemPropertiesFile=false/g' ${JAVA_HOME}/conf/security/java.security to the Dockerfile would fix this.
Defintion of Done
-
Bug has been identified and corrected within the container