kafkasource SASL manifest configuration

27 views
Skip to first unread message

Paul Kaisharis

unread,
Nov 22, 2021, 7:22:03 PM11/22/21
to Knative Users
does anyone know or have a reference to the configuration of a kafkasource manifest using SASL?  the knative docs include the TLS option https://knative.dev/development/eventing/sources/kafka-source/#connecting-to-a-tls-enabled-kafka-broker and kafkasink includes a SASL example https://knative.dev/development/eventing/sinks/kafka-sink/#authentication-using-sasl; however, using the sink config on the source config doesn't work and fails with an error that the below is not supported...

auth: secret: ref: name: my_secret

vil...@us.ibm.com

unread,
Nov 22, 2021, 7:48:55 PM11/22/21
to Knative Users
Try this:

spec:
  net:
    sasl:
      enable: true
      user:
        secretKeyRef:
          name: kafka-secret
          key: user
      password:
        secretKeyRef:
          name: kafka-secret
          key: password

Paul Kaisharis

unread,
Nov 23, 2021, 2:02:54 PM11/23/21
to Knative Users
thx, that worked to create the kafkasource, but now i'm getting the exception below in the log and the secret is the same one used for the broker.  i'll keep researching this one, but you got me passed the config error.  thx. 

Warning' reason: 'InternalError' kafka: client has run out of available brokers to talk to (Is your cluster reachable?)

Paul Kaisharis

unread,
Nov 24, 2021, 4:56:20 PM11/24/21
to Knative Users
something is still missing from the kafkasource manifest.  below is what's configured now for SASL.  the kafkasource resource is successfully created; however, it can't connect to the external cluster. 

net:
SASL:
enable: true
user:
secretKeyRef:
name: ccloud
key: user
password:
secretKeyRef:
name: ccloud
key: password

but the broker SASL secret https://knative.dev/docs/eventing/broker/kafka-broker/#security requires additional attributes and i'm successfully able to use the external confluent cloud cluster as the primary bootstrap server

kubectl create secret --namespace knative-eventing generic ccloud \ --from-literal=protocol=SASL_SSL \ --from-literal=sasl.mechanism=PLAIN \ --from-literal=user=user --from-literal=password=password

Matthias Wessendorf

unread,
Nov 24, 2021, 5:12:36 PM11/24/21
to Paul Kaisharis, Knative Users
net.TLS.enabled: true ?

I assume they use SSL? 

--
You received this message because you are subscribed to the Google Groups "Knative Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to knative-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/knative-users/b65e6da5-2a3b-404b-a104-860ec2b98b4an%40googlegroups.com.
--
Sent from Gmail Mobile

Paul Kaisharis

unread,
Nov 26, 2021, 12:38:16 PM11/26/21
to Knative Users
that was it, thx.  below is the final final i used which is working...

net:
SASL:
enable: true
user:
secretKeyRef:
name: ccloud
key: user
password:
secretKeyRef:
name: ccloud
key: password
tls:
enable: true
caCert:
secretKeyRef:
name: ccloud
key: ca.crt

Reply all
Reply to author
Forward
0 new messages