Closed novicr closed 1 year ago
JorTurFer
commented
1 year ago Hi, No worries with the old issue, this new is nice too. IDK if sarama client supports it, but there is a wip to replace it with another client: https://github.com/kedacore/keda/pull/4801 We should check if the new client also support this feature (I think so)
Can I assign this issue to you? Are you willing to help with this?
novicr
commented
1 year ago Sarama definitely supports this. Just need to pass the right parameters to it. Thanks for the pointer on kafka-go. Didn't realize this was happening.
You can assign this ticket to me. I should be able to submit a PR in a few days.
sansmoraxz
commented
1 year ago AFIK there was some license issues in dependent libraries, and the PR for kafka-go https://github.com/segmentio/kafka-go/pull/598 was stuck for so long. kafka-go is loose enough in sasl implementation to pull that off without waiting for it to be merged.
But we should probably include e2e case for this.
novicr
commented
1 year ago My changes only consider the kafka scaler (based on sarama). The change is to collect relevant information in TriggerAuthentication and pass it along to sarama. Not sure about the e2e test - would require standing up kerberos infra as part of the test. I'd rather trust that sarama will do the right thing with inputs (it does). Unit tests ensure that correct values are passed along.
novicr
commented
1 year ago For now, I can confirm that this works with keytab. Tested it with existing setup.
Proposal
Support Kerberos authentication for Kafka scaler.
Use-Case
When target Kafka cluster requires SASL GSSAPI (Kerberos) authentication, currently there is no way to use Keda Kafka scaler.
Is this a feature you are interested in implementing yourself?
Yes
Anything else?
This is a repeat of ticket: GSSAPI sasl mechanism for Kafka scaler #857
Perhaps would be better to reopen the original ticket.