What are the differences respect to this other PR to address the same target?#275

Have you pushed the docker image of your forked project in dockerhub?

Using your PR, I get

Caused by: java.lang.IllegalArgumentException: Login module control flag not specified in JAAS config at org.apache.kafka.common.security.JaasConfig.parseAppConfigurationEntry(JaasConfig.java:110)at org.apache.kafka.common.security.JaasConfig.<init>(JaasConfig.java:63)at org.apache.kafka.common.security.JaasContext.load(JaasContext.java:90)at org.apache.kafka.common.security.JaasContext.loadClientContext(JaasContext.java:84)at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:134) at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:73)at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:105)at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:740)

any idea?

Using your PR, I get

Caused by: java.lang.IllegalArgumentException: Login module control flag not specified in JAAS config at org.apache.kafka.common.security.JaasConfig.parseAppConfigurationEntry(JaasConfig.java:110)at org.apache.kafka.common.security.JaasConfig.<init>(JaasConfig.java:63)at org.apache.kafka.common.security.JaasContext.load(JaasContext.java:90)at org.apache.kafka.common.security.JaasContext.loadClientContext(JaasContext.java:84)at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:134) at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:73)at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:105)at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:740)

any idea?

@fabioformosa We need to specify a semi colon at the end of the
--KAFKA_JAAS_CONFIG='software.amazon.msk.auth.iam.IAMLoginModule;'
Can check after making the change?

What are the differences respect to this other PR to address the same target?#275

Have you pushed the docker image of your forked project in dockerhub?

This MR aims to use the role scoped to a service account for a pod in an eks cluster if such a role exists.#275 by default would use the role assigned to an ec2 instance.

@fabioformosa We need to specify a semi colon at the end of the
--KAFKA_JAAS_CONFIG='software.amazon.msk.auth.iam.IAMLoginModule;'
Can check after making the change?

@creed123 Do you mean maybesoftware.amazon.msk.auth.iam.IAMLoginModule required; ?

Yes, I've tried. It solves but now I get:

ERROR 1 [| kafdrop-admin] o.a.k.c.NetworkClient: [AdminClient clientId=kafdrop-admin] Connection to node (b-2.xxx.eu-south-1.amazonaws.com/xxxx:9098) failed authentication due to: Access deniedWARN 1 [| kafdrop-admin] o.a.k.c.a.i.AdminMetadataManager : [AdminClient clientId=kafdrop-admin] Metadata update failed due to authentication error org.apache.kafka.common.errors.SaslAuthenticationException: Access denied

My eks automatically created a IAM Role, I gave fullAdminAccess to this Role to try to solve. Same error.

In your view, what can it be the cause?

@fabioformosa We need to specify a semi colon at the end of the
--KAFKA_JAAS_CONFIG='software.amazon.msk.auth.iam.IAMLoginModule;'
Can check after making the change?

@creed123 Do you mean maybesoftware.amazon.msk.auth.iam.IAMLoginModule required; ?

Yes, I've tried. It solves but now I get:

ERROR 1 [| kafdrop-admin] o.a.k.c.NetworkClient: [AdminClient clientId=kafdrop-admin] Connection to node (b-2.xxx.eu-south-1.amazonaws.com/xxxx:9098) failed authentication due to: Access deniedWARN 1 [| kafdrop-admin] o.a.k.c.a.i.AdminMetadataManager : [AdminClient clientId=kafdrop-admin] Metadata update failed due to authentication error org.apache.kafka.common.errors.SaslAuthenticationException: Access denied

My eks automatically created a IAM Role, I gave fullAdminAccess to this Role to try to solve. Same error.

In your view, what can it be the cause?

@fabioformosa Can you check if the role attached to your ec2 instance has the correct permissions?

In case it helps, I verified this works from OpenShift (Kubernetes) cluster using IRSA (https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html). The only additional change I had to make was to provideAWS_REGION as an environment variable for AWS STS (Security Token Service) to work. I do believe this could work just with thepom.xml changes added to this pull request. For convenience I published my image to quay.io:https://quay.io/yortch/kafdrop and this is how I built it:

git clone https://github.com/creed123/kafdrop.gitcd kafdropmvn clean packagemvn assembly:single docker:builddocker run -d --rm obsidiandynamics/kafdrop:3.28.0-SNAPSHOTdocker login quay.io#provide quay.io credentialsdocker ps -l #get container ID and replace it belowdocker commit <container_id> quay.io/yortch/kafdrop:3.28.0-SNAPSHOTdocker push quay.io/yortch/kafdrop:3.28.0-SNAPSHOT#subsequently made quay.io repository public

gentle ping

Gentle ping X2

gentle ping x3

I will be happy to merge this PR, but someone need to resolve the conflicts and review it.

I will be happy to merge this PR, but someone need to resolve the conflicts and review it. <

I'm happy to help out with the conflicts, but I guess I need to become a contributor over here.

I will be happy to merge this PR, but someone need to resolve the conflicts and review it. <

I'm happy to help out with the conflicts, but I guess I need to become a contributor over here.

@mfinger-incontact
I think it is better to just fork the repository (or this branch) and apply the same changes, resolve conflicts then create a new PullRequest

@mfinger-incontact gentle ping