Introduce kafka-oidc feature and enable it by default for restate-server builds #3971
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tillrohrmann
force-pushed
the
kafka-oidc
branch
3 times, most recently
from
4a5adcc to
65c275e
Compare
tillrohrmann
force-pushed
the
kafka-oidc
branch
2 times, most recently
from
cfe2cb0 to
cda039b
Compare
jackkleeman
reviewed
Nov 12, 2025
|
|
||
| # todo only enable those env variables when cross compiling | ||
| # Set krb5 cross-compilation env variables (because we cannot run cross compiled tests) | ||
| ENV krb5_cv_attr_constructor_destructor=yes |
Contributor
There was a problem hiding this comment.
could we just set these in the build.rs of libsasl or something?
Contributor
Author
There was a problem hiding this comment.
I can try to upstream them. Until this is done, I would keep them here to avoid introducing yet another fork.
jackkleeman
reviewed
Nov 12, 2025
| [features] | ||
| default = ["no-trace-logging"] | ||
| # let's see whether kafka-oidc works on all targets, if not, then remove from default features | ||
| default = ["no-trace-logging", "kafka-oidc"] |
Contributor
Author
There was a problem hiding this comment.
First it didn't work. With a few patches to the build script of rdkafka the musl build seems to work. We are relying on https://github.com/restatedev/rust-rdkafka/tree/fix-build-script for this to work.
tillrohrmann
force-pushed
the
kafka-oidc
branch
3 times, most recently
from
6f46511 to
333c8da
Compare
…ver builds To use the Kafka ingress with OIDC authentication, we need to enable the gssapi-vendored and curl-static features on our rdkafka dependency. To make things properly work with cross compilation, we need to patch rust-sasl and rdkafka and bump librdkafka to v2.12.1. The latter allows us to compile with curl-static which saves us the hassle to dynamically link against libraries from a different target architecture. Update transitive dependencies to work with cross compilation Bump rdkafka to use librdkafka 2.12.1
tillrohrmann
force-pushed
the
kafka-oidc
branch
from
333c8da to
83e54de
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
To use the Kafka ingress with OIDC authentication, we need to enable the gssapi-vendored
and curl-static features on our rdkafka dependency. To make things properly work with cross
compilation, we need to patch rust-sasl and rdkafka and bump librdkafka to v2.12.1. The latter
allows us to compile with curl-static which saves us the hassle to dynamically link against
libraries from a different target architecture.