Kerberos keytab backend (#99)

## Description

This PR adds support for provisioning Kerberos principals and keytabs for pods, similar to the `autoTls` backend.

Currently only MIT Kerberos is supported, Heimdal and Active Directory still require manual provisioning.

There is a spike branch for the HDFS Operator (stackabletech/hdfs-operator#154) that uses this to provision a kerberized HDFS cluster.



Co-authored-by: Teo Klestrup Röijezon <teo@nullable.se>
Co-authored-by: Stacky McStackface <stackable-bot@users.noreply.github.com>
Co-authored-by: Sönke Liebau <soenke.liebau@stackable.tech>

Author: 3 people

.github/workflows/build.yml

@@ -31,10 +31,10 @@ jobs:
     env:
       RUSTC_BOOTSTRAP: 1
     steps:
-      - name: Install protoc
+      - name: Install host dependencies
         run: |
           sudo apt-get update
-          sudo apt-get install protobuf-compiler
+          sudo apt-get install protobuf-compiler krb5-user libkrb5-dev
       - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
         with:
           submodules: recursive
@@ -43,7 +43,7 @@ jobs:
         with:
           key: udeps
       - run: cargo install cargo-udeps
-      - run: cargo udeps
+      - run: cargo udeps --workspace
 
   # This job evaluates the github environment to determine why this action is running and selects the appropriate
   # target repository for published Helm charts based on this.
@@ -125,10 +125,10 @@ jobs:
     name: Run Clippy
     runs-on: ubuntu-latest
     steps:
-      - name: Install protoc
+      - name: Install host dependencies
         run: |
           sudo apt-get update
-          sudo apt-get install protobuf-compiler
+          sudo apt-get install protobuf-compiler krb5-user libkrb5-dev
       - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
         with:
           submodules: recursive
@@ -156,10 +156,10 @@ jobs:
     name: Run RustDoc
     runs-on: ubuntu-latest
     steps:
-      - name: Install protoc
+      - name: Install host dependencies
         run: |
           sudo apt-get update
-          sudo apt-get install protobuf-compiler
+          sudo apt-get install protobuf-compiler krb5-user libkrb5-dev
       - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
         with:
           submodules: recursive
@@ -175,10 +175,10 @@ jobs:
     name: Run Cargo Tests
     runs-on: ubuntu-latest
     steps:
-      - name: Install protoc
+      - name: Install host dependencies
         run: |
           sudo apt-get update
-          sudo apt-get install protobuf-compiler
+          sudo apt-get install protobuf-compiler krb5-user libkrb5-dev
       - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
         with:
           submodules: recursive
@@ -230,10 +230,10 @@ jobs:
     name: Check if committed Helm charts are up to date
     runs-on: ubuntu-latest
     steps:
-      - name: Install protoc
+      - name: Install host dependencies
         run: |
           sudo apt-get update
-          sudo apt-get install protobuf-compiler
+          sudo apt-get install protobuf-compiler krb5-user libkrb5-dev
       - name: Checkout
         uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
         with:
@@ -288,10 +288,10 @@ jobs:
     outputs:
       IMAGE_TAG: ${{ steps.printtag.outputs.IMAGE_TAG }}
     steps:
-      - name: Install protoc
+      - name: Install host dependencies
         run: |
           sudo apt-get update
-          sudo apt-get install protobuf-compiler
+          sudo apt-get install protobuf-compiler krb5-user libkrb5-dev
       - name: Checkout
         uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
         with:

CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+### Added
+
+- Added `kerberosKeytab` provisioner backend ([#99]).
+
 ### Changed
 
 - Shortened the registration socket path for Microk8s compatibility ([#231]).
@@ -13,6 +17,7 @@ All notable changes to this project will be documented in this file.
 - Made kubeletDir configurable ([#232]).
   - Microk8s users will need to `--set kubeletDir=/var/snap/microk8s/common/var/lib/kubelet`.
 
+[#99]: https://github.com/stackabletech/secret-operator/pull/99
 [#231]: https://github.com/stackabletech/secret-operator/pull/231
 [#232]: https://github.com/stackabletech/secret-operator/pull/232