kafkasource SASL manifest configuration

Paul Kaisharis

unread,

Nov 22, 2021, 7:22:03 PM11/22/21

to Knative Users

does anyone know or have a reference to the configuration of a kafkasource manifest using SASL? the knative docs include the TLS option https://knative.dev/development/eventing/sources/kafka-source/#connecting-to-a-tls-enabled-kafka-broker and kafkasink includes a SASL example https://knative.dev/development/eventing/sinks/kafka-sink/#authentication-using-sasl; however, using the sink config on the source config doesn't work and fails with an error that the below is not supported...

auth: secret: ref: name: my_secret

vil...@us.ibm.com

unread,

Nov 22, 2021, 7:48:55 PM11/22/21

to Knative Users

Try this:

spec:

net:

sasl:

enable: true

user:

secretKeyRef:

name: kafka-secret

key: user

password:

secretKeyRef:

name: kafka-secret

key: password

Paul Kaisharis

unread,

Nov 23, 2021, 2:02:54 PM11/23/21

to Knative Users

thx, that worked to create the kafkasource, but now i'm getting the exception below in the log and the secret is the same one used for the broker. i'll keep researching this one, but you got me passed the config error. thx.

Warning' reason: 'InternalError' kafka: client has run out of available brokers to talk to (Is your cluster reachable?)

Paul Kaisharis

unread,

Nov 24, 2021, 4:56:20 PM11/24/21

to Knative Users

something is still missing from the kafkasource manifest. below is what's configured now for SASL. the kafkasource resource is successfully created; however, it can't connect to the external cluster.

net:
    SASL:
      enable: true
      user:
        secretKeyRef:
          name: ccloud
          key: user
      password:
        secretKeyRef:
          name: ccloud
          key: password

but the broker SASL secret https://knative.dev/docs/eventing/broker/kafka-broker/#security requires additional attributes and i'm successfully able to use the external confluent cloud cluster as the primary bootstrap server

kubectl create secret --namespace knative-eventing generic ccloud \
  --from-literal=protocol=SASL_SSL \
  --from-literal=sasl.mechanism=PLAIN \
  --from-literal=user=user
  --from-literal=password=password

Matthias Wessendorf

unread,

Nov 24, 2021, 5:12:36 PM11/24/21

to Paul Kaisharis, Knative Users

net.TLS.enabled: true ?

I assume they use SSL?

--
You received this message because you are subscribed to the Google Groups "Knative Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to knative-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/knative-users/b65e6da5-2a3b-404b-a104-860ec2b98b4an%40googlegroups.com.

--

Sent from Gmail Mobile

Paul Kaisharis

unread,

Nov 26, 2021, 12:38:16 PM11/26/21

to Knative Users

that was it, thx. below is the final final i used which is working...

net:
    SASL:
      enable: true
      user:
        secretKeyRef:
          name: ccloud
          key: user
      password:
        secretKeyRef:
          name: ccloud
          key: password

    tls:
      enable: true
      caCert:
       secretKeyRef:
         name: ccloud
         key: ca.crt

Reply all

Reply to author

Forward