Document how to share JAAS configuration accross clusters

[nbarrientos]

HI,

If I'm interpreting the documentation correctly, the JAAS configuration to talk to a Kafka cluster say using GSSAPI has to be specified in cluster-api's application.properties via the key:

clusterid.kafkasasl.jaasconfig.gssapi

However, I've declared a JAAS configuration like this (sorry, pseudoconfig Helm/K8s configmap):

  jaas: |
    KafkaAdminClient {
      com.sun.security.auth.module.Krb5LoginModule required
      useKeyTab=true
      storeKey=true
      serviceName={{ .Values.auth.serviceName }}
      keyTab="{{ .Values.auth.keytabPath }}"
      principal="{{ .Values.auth.keytabPrincipal }}";
    };
    KafkaClient {
      com.sun.security.auth.module.Krb5LoginModule required
      useKeyTab=true
      storeKey=true
      serviceName={{ .Values.auth.serviceName }}
      keyTab="{{ .Values.auth.keytabPath }}"
      principal="{{ .Values.auth.keytabPrincipal }}";
    };

that I feed to the cluster-api component via:

          command: ["java"]
          args:
            - "-Djava.security.auth.login.config=/config/jaasclient.conf"
            - "-jar"
            - "klaw-cluster-api.jar"

and it seems to work. This is convenient in our case as we share the same conn credentials that Klaw uses to talk to all our clusters.

Would it make sense to add this to the docs? (maybe to the FAQ?) I can submit a MR if you fancy.

Thanks.

[aindriu-aiven]

@muralibasani Would you be able to look at this?

[aindriu-aiven]

@nbarrientos Thank you for your contribution I think it definitely makes sense to add to the docs, I've just asked Murali to look at it because this is an area he has a bit more hands on experience.

Sorry for the delay in getting back to you we really appreciate your feedback and input!

[muralibasani]

@nbarrientos yes that would work too and any other ssl properties as well, just that they are not part of klaw configs, someone has to administer them.

If you like to submit a MR, pls feel free to. Thanks.