Skip to content

feat: kafka support custom sasl#2259

Merged
caiq1nyu merged 7 commits intomainfrom
feat/kafka_dynamic_sasl
Nov 26, 2025
Merged

feat: kafka support custom sasl#2259
caiq1nyu merged 7 commits intomainfrom
feat/kafka_dynamic_sasl

Conversation

@caiq1nyu
Copy link
Collaborator

@caiq1nyu caiq1nyu commented Nov 20, 2025

there are some differences in the use of SASL across different versions and architectures of Kafka. this pull request provides an authentication solution that is compatible with all existing versions.

# SASL settings
sasl:
  enable: false
  # if true, the built-in SASL server callback handler in the knowledge base is used, and users are managed by modifying the key.
  # if false, use kafka native SASL callback handler
  # server.properties: 
  #   useKBBuildInSasl=true -> sasl.server.callback.handler.class=${KBClassName}
  #   useKBBuildInSasl=false -> sasl.server.callback.handler.class=''
  useKBBuildInSasl: true
  # [PLAIN,SCRAM-SHA-256,SCRAM-SHA-512]
  # when useKBBuildInSasl=true, only supported [PLAIN] yet. SCRAM-SHA-256, SCRAM-SHA-512 will be comming soon
  mechanisms:
    - PLAIN
  # should be one of sasl.mechanisms setting  
  interBrokerProtocol: PLAIN

this PR includes built-in SASL (useKBBuildInSasl=true) which only supports mechanisms=plain, future versions will support SCRAM.

users can dynamically maintain their accounts by directly editing the account-secret:

stringData:
  # accounts: |
  # [mechanism=PLAIN] format:
  #   {accountName}:{md5Password}
  accounts: ""

@caiq1nyu caiq1nyu force-pushed the feat/kafka_dynamic_sasl branch from c559070 to 6ad8338 Compare November 21, 2025 12:42
@caiq1nyu caiq1nyu added the pick-1.0 Auto cherry-pick to release-1.0 when PR merged label Nov 25, 2025
@caiq1nyu caiq1nyu force-pushed the feat/kafka_dynamic_sasl branch from 6ad8338 to d0901cb Compare November 25, 2025 09:05
@codecov-commenter
Copy link

codecov-commenter commented Nov 25, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.00%. Comparing base (24c03b8) to head (5b9334b).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files 
@@          Coverage Diff          @@
##            main   #2259   +/-   ##
=====================================
  Coverage   0.00%   0.00%           
=====================================
  Files         72      72           
  Lines       9500    9482   -18     
=====================================
+ Misses      9500    9482   -18

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@caiq1nyu caiq1nyu marked this pull request as ready for review November 25, 2025 09:16
@caiq1nyu caiq1nyu requested review from a team and leon-inf as code owners November 25, 2025 09:16
shanshanying
shanshanying reviewed Nov 26, 2025
View reviewed changes
shanshanying
shanshanying reviewed Nov 26, 2025
View reviewed changes
addons-cluster/kafka/templates/account-secret.yaml
type: Opaque
stringData:
# accounts: |
# [mechanism=PLAIN] format:
Copy link
Contributor

@shanshanying shanshanying Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would it be better to set accounts through helm values

Copy link
Collaborator Author

@caiq1nyu caiq1nyu Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

custom accounts are generally not created during cluster first create; addon users need to add or modify this secret during use.

@caiq1nyu caiq1nyu merged commit deae847 into main Nov 26, 2025
20 checks passed
@caiq1nyu caiq1nyu deleted the feat/kafka_dynamic_sasl branch November 26, 2025 06:25
@apecloud-bot
Copy link
Collaborator

apecloud-bot commented Nov 26, 2025

/cherry-pick release-1.0

@apecloud-bot
Copy link
Collaborator

apecloud-bot commented Nov 26, 2025

🤖 says: cherry pick action finished successfully 🎉!
See: https://github.com/apecloud/kubeblocks-addons/actions/runs/19694610860

apecloud-bot pushed a commit that referenced this pull request Nov 26, 2025
@caiq1nyu @apecloud-bot
feat: kafka support custom sasl (#2259)
8c1ecf3 
(cherry picked from commit deae847)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cjc7373 cjc7373 cjc7373 approved these changes

@shanshanying shanshanying shanshanying approved these changes

@leon-inf leon-inf Awaiting requested review from leon-inf

Assignees

No one assigned

Labels

pick-1.0 Auto cherry-pick to release-1.0 when PR merged

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@caiq1nyu @codecov-commenter @apecloud-bot @cjc7373 @shanshanying