rtoma
commented
2 years ago FYI - via https://github.com/crossplane-contrib/provider-kafka/pull/38 I contributed TLS support. The mTLS part is missing for now.
I can contribute that feature, but I need some guidance on how to supply the client cert/key pair. Adding it in the ProviderConfig is possible, but very dirty. I prefer to just add Secret names in ProviderConfig, but that requires client.NewAdminClient(..) to have a Kubernetes client, which it currently does not. Adding this in the proper way is something I need help with, as it can be wrong in so many ways. Thanks!
marshmallory
What problem are you facing?
I'd like to use this provider to manage resources in an MSK cluster with mTLS auth enabled. Currently the provider does not support this, nor TLS. Before I start thinking about submitting this feature, I'd like to reach out to hear of ideas about implementation/configuration etc.
The used Kafka library https://github.com/twmb/franz-go/ supports a pluggable dialer, which is used by the Kafka CLI kcl https://github.com/twmb/kcl/ to provide mTLS. Based on this I expect adding mTLS support to this provider should be possible and straightforward.
I'd like to hear your ideas about how to add the needed configuration in https://github.com/crossplane-contrib/provider-kafka/blob/main/internal/clients/kafka/config.go
How could Crossplane help solve your problem?
Implement the feature, or provide the information needed for submitting a successful PR. Thanks!