EronWright commented on issue #19771: URL: https://github.com/apache/pulsar/issues/19771#issuecomment-1464968843
I agree that first-class support for "kubernetes" authentication on both the client and broker would be cool, but the beauty of the OIDC route is three-fold: it teaches the broker to interoperate with many identity providers in a common way, it works well with the token authentication client plugin, which is universally supported in the Pulsar ecosystem, and it works with long-running applications (e.g. functions and flink jobs). Also, one can control the token TTL in the function pod spec, so you can limit the exposure. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
