Open joystern13 opened 1 week ago
This is currently not planned. But if you would want to contribute it, it might not be a problem, but it should have a proposal to cover the new APIs, backwards compatibility, impact on other places where username is passed (it should lilely be done in the same way everywhere) etc.
Triaged on 14.11.2024: This makes sense to have implemented, but it requires a proposal. @joystern13 do you want to have a look at it?
Hello @scholzj , @im-konge , I will look at it and provide a proposal. Sorry, I can't commit to a timeline.
@joystern13 No worries about the timeline. When you get to it you get to it.
Related problem
Description: I am trying to use Plain authentication for my Kafka clients as documented here. However, I need the ability to pass the username as a Kubernetes secret.
Background: We are using Strimzi for building Kafka Connectors. We connect to Kafka server hosted on Confluent platform by a different application which uses plain authentication scheme. Our system credentials are stored in Azure Key Vault, where the username and password are rotated periodically. To manage these secrets effectively in Kubernetes, we initially attempted integration with the Secrets Store CSI driver to automatically fetch updated secrets from Key Vault. However, this failed as CSI driver integration is currently unsupported for Strimzi (refer to Issue #5277).
We have now started using akv2k8s to handle this requirement, which requires that both the username and password are configured as Kubernetes secrets.
Request: Please add support for passing the username in KafkaClientAuthenticationPlain via a Kubernetes secret, in addition to the existing support for passing the password this way. This feature would allow Strimzi users to securely manage dynamically updated usernames and passwords stored in external secrets managers like Azure Key Vault.
Suggested solution
In KafkaClientAuthenticationPlain add the ability to pass both username and password as a single secret.
Alternatives
No response
Additional context
No response