Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add sasl auth for kafka #53

Merged
merged 3 commits into from
Nov 28, 2019
Merged

add sasl auth for kafka #53

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2b9eecf
add sasl auth for kafka
iyacontrol Nov 27, 2019
40f93ef
pdate sasl auth info reference a secret
iyacontrol Nov 28, 2019
5860014
add sasl_ssl
iyacontrol Nov 28, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
85 changes: 83 additions & 2 deletions content/scalers/apache-kafka-topic.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,31 @@ This specification describes the `kafka` trigger for Apache Kafka Topic.
brokerList: kafka.svc:9092
consumerGroup: my-group
topic: test-topic
lagThreshold: '5' # Optional. How much the stream is lagging on the current consumer group
lagThreshold: '5'
```

**Parameter list:**

- `lagThreshold` Optional. How much the stream is lagging on the current consumer group

### Authentication Parameters

No authentication required.
You can use `TriggerAuthentication` CRD to configure the authenticate by providing authMode, username, password. If your kafka cluster does not have sasl authentication turned on, you will not need to pay attention to it.

**Credential based authentication:**

- `authMode` Kafka sasl auth mode. Optional. The default value is none. For now, it must be one of none, sasl_plaintext, sasl_ssl, sasl_scram_sha256, sasl_scram_sha512.
- `username` Optional. If authmode is not none, this is required.
- `password` Optional.If authmode is not none, this is required.
- `ca` Certificate authority file for TLS client authentication. Optional. If authmode is sasl_ssl, this is required.
- `cert` Certificate for client authentication. Optional. If authmode is sasl_ssl, this is required.
- `key` Key for client authentication. Optional. If authmode is sasl_ssl, this is required.


### Example

Your kafka cluster no sasl auth:

```yaml
apiVersion: keda.k8s.io/v1alpha1
kind: ScaledObject
Expand All @@ -51,4 +67,69 @@ spec:
consumerGroup: my-group # Make sure that this consumer group name is the same one as the one that is consuming topics
topic: test-topic
lagThreshold: "50"
```

Your kafka cluster turn on sasl auth

```yaml
apiVersion: v1
kind: Secret
metadata:
name: keda-kafka-secrets
namespace: default
data:
authMode: "sasl_plaintext"
username: "admin"
password: "admin"
ca: <your ca>
cert: <your cert>
key: <your key>
---
apiVersion: keda.k8s.io/v1alpha1
kind: TriggerAuthentication
metadata:
name: keda-trigger-auth-kafka-credential
namespace: default
spec:
secretTargetRef:
- parameter: authMode
name: keda-kafka-secrets
key: authMode
- parameter: username
name: keda-kafka-secrets
key: username
- parameter: password
name: keda-kafka-secrets
key: password
- parameter: ca
name: keda-kafka-secrets
key: ca
- parameter: cert
name: keda-kafka-secrets
key: cert
- parameter: key
name: keda-kafka-secrets
key: key
---
apiVersion: keda.k8s.io/v1alpha1
kind: ScaledObject
metadata:
name: kafka-scaledobject
namespace: default
labels:
deploymentName: azure-functions-deployment
spec:
scaleTargetRef:
deploymentName: azure-functions-deployment
pollingInterval: 30
triggers:
- type: kafka
metadata:
# Required
brokerList: localhost:9092
consumerGroup: my-group # Make sure that this consumer group name is the same one as the one that is consuming topics
topic: test-topic
lagThreshold: "50"
authenticationRef:
name: keda-trigger-auth-kafka-credential
```