[Enhancement] How to set kerberos properties for MirrorMaker 2 #3088
Comments
|
I'm afraid we do not support Kerberos for Kafka. We currently support authentication using:
|
Is there a reason why? Or asked differently - how hard would it be to add that support? |
|
I'm not really a Kerberos expert, so I might have missed something. But I actually looked into it once. It looks like Kerberos is not very Kubernetes friendly. In most cases it seemed to be implemented the way that the Kerberos daemon was runnning on the host and only the keytab or how is it called witht he tickets was shared into the pod. That makes it hard to setup and hard to use since you need to share it within the node with all apps possibly using Kerberos. And also to be honest, there wasn't any real demand for it as far as I can remember. I have no idea how big or small such PR would be. But please keep in mind that this is not just about the effort for the PR. This is also about long term commitment to keep testing and fixing it to make sure it keeps working. I'm not a biggest OAuth 2 expert either ... but my understanding was that some OAuth2 servers allow you to federate to Kerberos. So maybe that could be an alternative for you. |
|
I haven't. But I guess that could be another option, yes. |
|
I added this to the tomorrow's Strimzi Community meeting agenda. We can discuss whether this is something we might consider in the future in which case we can change this to enhancement or whether we do not plan to support Kerberos in which case we can close it. The meeting is tomorrow (July 30th) at 8:00 AM UTC https://zoom.us/j/93690955902 ... @abergmeier if you would be interested in joining but cannot do it tomorrow (because it is too short notice or bad timezone), we can also postpone it for August 13th at 4:00 PM UTC https://zoom.us/j/93355943577 ... please let us know. |
|
Thanks for the heads up. |
|
Up to you. If you wanna join on 13th it is no problem to move it. |
scholzj
changed the title
|
We decided on the Strimzi Community meeting to keep this open as enhancement. However - for the record - we do not plan to work on this any time soon at this point. If anyone wants to contribute this, feel free to start ... probably best by opening a proposal. |
|
Triaged on 31.3.2022: there does not seem to be much interest in this and the implementation and maintenance effort would be big. This should be closed. |
I have a few Kerberos files which are usually configured to tell a Kafka Client how to interact with Kerberos.
With the CRD, I am a little lost, how I would set properties,
krb5.conf, etc.Is there any documentation for this?
The text was updated successfully, but these errors were encountered: