scholzj
commented
1 day ago This is currently not planned. But if you would want to contribute it, it might not be a problem, but it should have a proposal to cover the new APIs, backwards compatibility, impact on other places where username is passed (it should lilely be done in the same way everywhere) etc.
Related problem
Description: I am trying to use Plain authentication for my Kafka clients as documented here. However, I need the ability to pass the username as a Kubernetes secret.
Background: We are using Strimzi for building Kafka Connectors. We connect to Kafka server hosted on Confluent platform by a different application which uses plain authentication scheme. Our system credentials are stored in Azure Key Vault, where the username and password are rotated periodically. To manage these secrets effectively in Kubernetes, we initially attempted integration with the Secrets Store CSI driver to automatically fetch updated secrets from Key Vault. However, this failed as CSI driver integration is currently unsupported for Strimzi (refer to Issue #5277).
We have now started using akv2k8s to handle this requirement, which requires that both the username and password are configured as Kubernetes secrets.
Request: Please add support for passing the username in KafkaClientAuthenticationPlain via a Kubernetes secret, in addition to the existing support for passing the password this way. This feature would allow Strimzi users to securely manage dynamically updated usernames and passwords stored in external secrets managers like Azure Key Vault.
Suggested solution
In KafkaClientAuthenticationPlain add the ability to pass both username and password as a single secret.
Alternatives
No response
Additional context
No response