Remove Kafka scaler requirement for CA/cert/key #1288
Conversation
|
@iterion could you please update the relevant section in the docs? https://keda.sh/docs/2.0/scalers/apache-kafka/#authentication-parameters (remove the |
|
Fix the tests please |
|
I don't have enough details on the specific problem in #1241 to say with certainty. But, I believe Confluent does allow you to enable TLS only for encryption and not for authentication and uses publicly trusted CAs. If all of those are true, it would exactly mirror the issue we faced and this PR would resolve it. PR for docs (I'll fix the DCO shortly): And, I'll fix the tests soon. |
|
@iterion great. Once this PR is ok, I'll merge it and will immediately trigger a release of KEDA 2.0 RC2. So your PR arrived just in time :) |
805dc9e to
e9b1e18
Compare
Related to kedacore/keda#1288. Signed-off-by: iterion <adam.sunderland@zapier.com>
Signed-off-by: iterion <adam.sunderland@zapier.com>
e9b1e18 to
8f18e30
Compare
|
I realized through the tests that it's still worth checking for cert missing when keys are specified and the opposite. So, I added a bit of handling for that and updated the test variants. I removed some as they seemed like duplicates, but happy to add them back. I also updated the docs PR to better note that specifying |
Makes sense!
I don't see this note in the PR, have you push it? 😄 |
Related to kedacore/keda#1288. Signed-off-by: iterion <adam.sunderland@zapier.com>
|
Sorry, yes, just did. I pushed the DCO but forgot to add the changes locally. 😅 |
Related to kedacore/keda#1288. Signed-off-by: iterion <adam.sunderland@zapier.com>
This PR removes some validations from the TriggerAuthentication derived config for kafka. This allows you to use TLS without needing to specify a CA/cert/key. It was tested with an AWS MSK Kafka cluster. I haven't yet completed the checklist, but happy to do so.
Later validations in the shared TLS config allow us to just pass through the empty strings here when not specified.
Checklist