Red Hat SummitChapter 91. KafkaClientAuthenticationCustom schema reference
Used in: KafkaBridgeSpec, KafkaConnectSpec, KafkaMirrorMaker2ClusterSpec
Full list of KafkaClientAuthenticationCustom schema properties
To configure custom client authentication, set the type property to custom. Custom client authentication allows you to use any type of Kafka-supported authentication mechanism. This authentication option is especially useful with third-party Apache Kafka services, such as Amazon MSK, that require their own authentication mechanisms.
Example custom client authentication configuration using the AWS_MSK_IAM authentication
authentication:
type: custom
sasl: true
config:
sasl.mechanism: AWS_MSK_IAM
sasl.jaas.config: software.amazon.msk.auth.iam.IAMLoginModule required;
sasl.client.callback.handler.class: software.amazon.msk.auth.iam.IAMClientCallbackHandler
The config section accepts only options that start with the prefixes sasl. and ssl.keystore.. All other options are ignored. To configure additional options, use the related properties of the Streams for Apache Kafka custom resource, such as .spec.config or .spec.tls. The security.protocol `setting is generated automatically from the `sasl property (when you use custom authentication) and the tls configuration in the same Streams for Apache Kafka custom resource:
-
SASL = True, TLS = True
SASL_SSL -
SASL = False, TLS = True
SSL -
SASL = True, TLS = False
SASL_PLAINTEXT -
SASL = False, TLS = False
PLAINTEXT
91.1. Using secrets in custom authentication
If your custom authentication mechanism requires additional information from Secret or ConfigMap resources, use the Additional Volumes feature to mount them into the operands. Kafka configuration providers can be used to load them from the disk.
91.2. Using additional authentication plugins
Custom authentication mechanisms might require additional plugins for the operand. You can add them using the Additional Volumes feature. Alternatively, you can build a custom container image.
91.3. KafkaClientAuthenticationCustom schema properties
The type property is a discriminator that distinguishes use of the KafkaClientAuthenticationCustom type from KafkaClientAuthenticationTls, KafkaClientAuthenticationScramSha256, KafkaClientAuthenticationScramSha512, KafkaClientAuthenticationPlain, KafkaClientAuthenticationOAuth. It must have the value custom for the type KafkaClientAuthenticationCustom.
| Property | Property type | Description |
|---|---|---|
| type | string |
Must be |
| sasl | boolean | Enable or disable SASL on this authentication mechanism. |
| config | map |
Configuration for the custom authentication mechanism. Only properties with the |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}