Andrew Kenworthy

The licenses are downloaded/parsed in a similar way in the license-maven-plugin: See https://github.com/mojohaus/license-maven-plugin/blob/master/src/main/java/org/codehaus/mojo/license/download/LicensedArtifactResolver.java The difference being that in license-maven-plugin both setResolveDependencies and setProcessPlugins are set to false: ``` ProjectBuildingRequest projectBuildingRequest...

I've just opened pull-request #17.

Below is a draft custom resource for a Kafka cluster, using overrides. a few things to note: - the custom image `docker.stackable.tech/apoc/stackable/kafka:3.7.1-stackable0.0.0-cyrus-sasl-gssapi` adds `(microdnf install) cyrus-sasl-gssapi` to the kafka image...

Herre is a sample client job: ``` --- apiVersion: batch/v1 kind: Job metadata: name: access-kafka namespace: stackable-products spec: template: spec: containers: - name: access-kafka image: docker.stackable.tech/stackable/kafka:3.7.1-stackable0.0.0-cyrus-sasl-gssapi command: - /bin/bash -...

See also https://github.com/stackabletech/docker-images/pull/874

Not sure how to proceed with this: we have a working solution that allows clients to connect to one or more of the broker listeners, but not the listener bootstrap....

We have a fix: - add a new internal listener: `BOOTSTRAP://0.0.0.0:9094` - advertised as: `BOOTSTRAP://test-kafka-broker-default-0-listener-broker.kuttl-test-tight-shad.svc.cluster.local:9093` - add jaas config for this listener: `--override "listener.name.bootstrap.gssapi.sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab=\"/stackable/kerberos/keytab\" principal=\"kafka/$(cat /stackable/listener-bootstrap/default-address/address)@$KERBEROS_REALM\";"`...

Docs are [here](https://github.com/stackabletech/kafka-operator/blob/main/docs/modules/kafka/pages/usage-guide/security.adoc#kerberos).

> Support for Kerberos authentication has been extended to Apache Kafka in this release. This feature is currently experimental as the details regarding client connectivity may be subject to change.

This PR was necessary as it checks a *label* (which causes the test to fail if not updated to the release version).