Strimzi operator Kafka cluster ACL not enabling with type: simple

不想你离开。 提交于 2020-04-18 06:12:11

问题


We know to enable Kafka ACL property authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer to be added in server.properties but how to enable that if Kafka cluster is running by Strimzi operator?

From Strimzi documents I have come to know in order to enable authorization, need to enable below code for kind: Kafka under spec:

listeners:
      tls:
        authentication:
         type: tls 

Full code @kafka-zookeeper-apps-tls-enabled.yml

Also the below code for kind: KafkaUser

authentication:
    type: tls
  authorization:
    type: simple

Full code@example-consumer-deny-deployment-authentication-TLS-alias-SSL.yml

In above example-consumer-deny-deployment-authentication-TLS-alias-SSL.yml code although ACL type: deny am still able to consume messages.

Problem is even with the above code I see in kafka my-cluster-kafka-0 pod environment variable KAFKA_AUTHORIZATION_TYPE=simple is absent even the authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer is absent in server.properties

Note: No Warnings/Errors in log of strimzi-cluster-operator pod while deploying above code.

I am working on Strimzi for 1st time so please help me enabling ACL's.


回答1:


Your Kafka custom resource doesn't enable You need to add the `authorization section.

    listeners:
      tls:
        authentication:
          type: tls
      external:
        type: route
        authentication:
          type: tls
    authorization:
      type: simple
      superUsers:
        - CN=my-user

You can read more about it in the documentation: https://strimzi.io/docs/latest/full.html#assembly-kafka-authentication-and-authorization-deployment-configuration-kafka



来源:https://stackoverflow.com/questions/61039388/strimzi-operator-kafka-cluster-acl-not-enabling-with-type-simple

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!