Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GSSAPI sasl mechanism for Kafka scaler #4836

Closed
novicr opened this issue Jul 31, 2023 · 5 comments · Fixed by #4851
Closed

GSSAPI sasl mechanism for Kafka scaler #4836

novicr opened this issue Jul 31, 2023 · 5 comments · Fixed by #4851
Assignees
@novicr

Comments

@novicr
Copy link
Contributor

novicr commented Jul 31, 2023

Proposal

Support Kerberos authentication for Kafka scaler.

Use-Case

When target Kafka cluster requires SASL GSSAPI (Kerberos) authentication, currently there is no way to use Keda Kafka scaler.

Is this a feature you are interested in implementing yourself?

Yes

Anything else?

This is a repeat of ticket: GSSAPI sasl mechanism for Kafka scaler #857
Perhaps would be better to reopen the original ticket.
@novicr novicr added feature-request All issues for new features that have not been committed to needs-discussion labels Jul 31, 2023
@JorTurFer
Copy link
Member

Hi,
No worries with the old issue, this new is nice too.
IDK if sarama client supports it, but there is a wip to replace it with another client: #4801
We should check if the new client also support this feature (I think so)

Can I assign this issue to you? Are you willing to help with this?

@novicr
Copy link
Contributor Author

novicr commented Jul 31, 2023

Sarama definitely supports this. Just need to pass the right parameters to it. Thanks for the pointer on kafka-go. Didn't realize this was happening.
You can assign this ticket to me. I should be able to submit a PR in a few days.

@sansmoraxz
Copy link
Contributor

AFIK there was some license issues in dependent libraries, and the PR for kafka-go segmentio/kafka-go#598 was stuck for so long.
kafka-go is loose enough in sasl implementation to pull that off without waiting for it to be merged.

But we should probably include e2e case for this.

@novicr
Copy link
Contributor Author

novicr commented Aug 2, 2023

My changes only consider the kafka scaler (based on sarama). The change is to collect relevant information in TriggerAuthentication and pass it along to sarama. Not sure about the e2e test - would require standing up kerberos infra as part of the test. I'd rather trust that sarama will do the right thing with inputs (it does). Unit tests ensure that correct values are passed along.

@novicr
Copy link
Contributor Author

novicr commented Aug 8, 2023

For now, I can confirm that this works with keytab. Tested it with existing setup.

@novicr novicr mentioned this issue Aug 10, 2023
Merged
1 task
@tomkerkhove tomkerkhove removed feature-request All issues for new features that have not been committed to needs-discussion labels Aug 17, 2023
@tomkerkhove tomkerkhove moved this from To Triage to In Progress in Roadmap - KEDA Core Aug 17, 2023
@zroubalik zroubalik mentioned this issue Oct 10, 2023
Merged
5 tasks
@github-project-automation github-project-automation bot moved this from In Progress to Ready To Ship in Roadmap - KEDA Core Oct 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@novicr novicr

Labels
None yet
Projects
Roadmap - KEDA Core
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for GSSAPI in Kafka scaler novicr/keda
4 participants
@tomkerkhove @sansmoraxz @JorTurFer @novicr