Impossible to connect to external kafka SASL_SSL #2011
Description
Issue submitter TODO list
- I've searched for an already existing issues here
Describe the bug (actual behavior)
I cannot connect new components sentry-taskbroker-* to external kafka with SASL_SSL.
Expected behavior
No response
values.yaml
externalKafka:
host: "host.lan"
port: 9092
sasl:
mechanism: SCRAM-SHA-512 # PLAIN,SCRAM-SHA-256,SCRAM-512
username: username
password: password
sslCertificatesSecret:
enabled: true
name: kafka-ssl-certificates
caKey: ca.crt
certKey: kafka_client.crt
keyKey: kafka_client.key
security:
protocol: SASL_SSL
Helm chart version
28.0.2
Steps to reproduce
- Use external kafka with SASL_SSL
- Connect sentry-taskbroker-*-0
Screenshots
Logs
taskbroker starting
version: 78a5f141838cd563eda6e68963c12f0ff7832dfd
2026-01-15T14:05:59.867392Z INFO taskbroker: Running full vacuum on database
2026-01-15T14:05:59.868116Z INFO taskbroker: Full vacuum completed.
2026-01-15T14:05:59.869503Z INFO taskbroker: GRPC server listening on 0.0.0.0:50051
2026-01-15T14:05:59.896754Z ERROR rdkafka::client: librdkafka: Global error: BrokerTransportFailure (Local: Broker transport failure): host.lan:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol configuration (connecting to a SSL listener?) or broker version is < 0.10 (see api.version.request) (after 11ms in state APIVERSION_QUERY)
2026-01-15T14:05:59.896803Z WARN rdkafka::producer::base_producer: Ignored event 'Error' on base producer poll
2026-01-15T14:05:59.896818Z ERROR rdkafka::client: librdkafka: Global error: AllBrokersDown (Local: All broker connections are down): 1/1 brokers are down
2026-01-15T14:05:59.896830Z WARN rdkafka::producer::base_producer: Ignored event 'Error' on base producer poll
2026-01-15T14:05:59.898131Z ERROR rdkafka::client: librdkafka: Global error: BrokerTransportFailure (Local: Broker transport failure): host.lan:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol configuration (connecting to a SSL listener?) or broker version is < 0.10 (see api.version.request) (after 12ms in state APIVERSION_QUERY)
2026-01-15T14:05:59.898170Z ERROR taskbroker::kafka::consumer: Failed to connect to broker, retrying...
2026-01-15T14:05:59.898181Z ERROR rdkafka::client: librdkafka: Global error: AllBrokersDown (Local: All broker connections are down): 1/1 brokers are down
2026-01-15T14:05:59.898191Z ERROR taskbroker::kafka::consumer: Got unexpected status from consumer client: Err(KafkaError (Message consumption error: AllBrokersDown (Local: All broker connections are down)))
2026-01-15T14:05:59.898237Z INFO taskbroker::kafka::consumer: Cancellation token received, shutting down consumer...
2026-01-15T14:05:59.898277Z INFO handle_events: taskbroker::kafka::consumer: Received event: Shutdown
2026-01-15T14:05:59.976157Z ERROR rdkafka::client: librdkafka: Global error: BrokerTransportFailure (Local: Broker transport failure): host.lan:9092/bootstrap: Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol configuration (connecting to a SSL listener?) or broker version is < 0.10 (see api.version.request) (after 9ms in state APIVERSION_QUERY, 1 identical error(s) suppressed)
2026-01-15T14:05:59.976198Z WARN rdkafka::producer::base_producer: Ignored event 'Error' on base producer poll
2026-01-15T14:05:59.998670Z INFO taskbroker: Task consumer completed
2026-01-15T14:05:59.998676Z INFO taskbroker: Cancellation token received, shutting down GRPC server
2026-01-15T14:05:59.998747Z INFO taskbroker::upkeep: Cancellation token received, shutting down upkeep
Additional context
No response