Planning

[Sly555]

Hi

I've tried kafkaaccess on my cluster and I want to know when you plan to include the credentials of the kafkauser in the kafkaaccess generated secret ? For example with a scram-sha-256 configuration adding the username, password and sasl.jaas.config.

Thanks

[scholzj]

Well, Strimzi does not support SCRAM-SHA-256. So in general yes, that is planned. But not for SCRAM-SHA-256.

[Sly555]

My mistake :my question was for scram-sha-512. Do you have an Idea when it's could be in place ?

[scholzj]

No idea when it might be ready. Sorry.

[katheris]

Hi @Sly555, as Jakub says we don't have a particular date in mind for adding this feature, but we are also open to contributions if you need it sooner than we get round to it. I have opened an issue to track this particular feature so you can see any updates: https://github.com/strimzi/kafka-access-operator/issues/15

Out of curiosity for your usecase would the cluster CA certificate also be useful to be in the secret, or do you already handle certificates separately.

[Sly555]

Hi @katheris for the CA certificate, we handle it separatly, but it could be useful to have it directly from the secret. For example when the CA Certificate need to be upgraded.

[katheris]

@Sly555 just wanted to let you know that issue #15 has been closed as done so if you check out the latest version of main you should see the SASL credentials in your KafkaAccess secret.

[Sly555]

@katheris thank you for your help. I have installed it on our dev cluster and it's works !

[Sly555]

Hi @katheris , I have done my tests and a I think I found an issue : when the kafkauser secret is changed in the kafka project, the login information in the project that has the kafkaaccess is not updated.

Is it OK to continue with these messages or is it better to create a new issue ?

[katheris]

Hi @Sly555, thanks for letting me know. Can you open a new issue for it? If you could also share the steps to reproduce and any logs from the operator in the new issue that would help us to investigate why it isn't updating.

[katheris]

I believe everything mentioned in this issue has been implemented or resolved, so closing it. @Sly555 feel free to comment if I missed something