Kerberos


Kerberos might be used in Lenses for purposes described below. There might be at most one Kerberos Connection and if it is present, it is automatically being used by the following.

  • Authenticating users
    Both a Kerberos Connection and static configuration are required. See more
  • Connecting to Kafka
    Kerberos is used when connecting to Kafka Brokers with SASL_PLAINTEXT or SASL_SSL protocol and GSSAPI mechanism. See more

Because Lenses is a JVM app, it respects common rules for JVM applications to handle Kerberos’ krb5.conf file settings (from java.security.krb5.conf Java property or the default location of krb5.conf file), but it is strongly recommended to explicitly define Kerberos as a Connection, as the former might not work properly for some use-cases (like SQL processors in Kubernetes mode).

Connection details 

Like other core services, Kerberos is managed via Connections. See more about managing connections here.

Multiple connections allowed: NO

Deletion allowed: YES

When managing connections other than with GUI, such information are relevant for Kerberos connection:

Template name: Kerberos

Constant connection name: kerberos

Provision yaml examples 

Kerberos connection has only one field/property, which stands for a krb5.conf file.

The easiest way to manage Connections is via Lenses GUI under their respective pages, however it is also possible to do it directly via API, Helm or Lenses CLI. In such case, some connection type-specific values have to be used. Here are few examples of such configuration in YAML format.

  • Find out more about managing Kerberos Connection via API
  • Find out more about managing Connections via Lenses CLI provision
  • Find out more about installing Lenses via Helm
kerberos:
  tags: ["optional-tags"]
  templateName: Kerberos
  configurationObject:
    kerberosKrb5:
      fileRef:
        filePath: /my/krb5/path/krb5.conf
--
Last modified: September 26, 2024