堆栈内存溢出
  简体   繁体   English

Strimzi 操作员 Kafka 集群 ACL 未启用类型:简单

[英]Strimzi operator Kafka cluster ACL not enabling with type: simple

 原文  2020-04-05 07:31:03       apache-kafka/ apache-kafka-security/ strimzi

问题描述

We know to enable Kafka ACL property authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer to be added in server.properties but how to enable that if Kafka cluster is running by Strimzi operator?我们知道要在server.properties中添加 Kafka ACL 属性authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer但是如果 Kafka 集群由 Strimzi 操作员运行,如何启用它?

From Strimzi documents I have come to know in order to enable authorization, need to enable below code for kind: Kafka under spec:从我了解到的 Strimzi 文档中,为了启用授权,需要为kind: Kafka下的规范:

listeners:
      tls:
        authentication:
         type: tls

Full code @ kafka-zookeeper-apps-tls-enabled.yml完整代码@ kafka-zookeeper-apps-tls-enabled.yml

Also the below code for kind: KafkaUser还有下面的代码kind: KafkaUser

authentication:
    type: tls
  authorization:
    type: simple

Full code@ example-consumer-deny-deployment-authentication-TLS-alias-SSL.yml完整代码@ example-consumer-deny-deployment-authentication-TLS-alias-SSL.yml

In above example-consumer-deny-deployment-authentication-TLS-alias-SSL.yml code although ACL type: deny am still able to consume messages.在上面example-consumer-deny-deployment-authentication-TLS-alias-SSL.yml代码中,尽管 ACL type: deny仍然能够使用消息。

Problem is even with the above code I see in kafka my-cluster-kafka-0 pod environment variable KAFKA_AUTHORIZATION_TYPE=simple is absent even the authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer is absent in server.properties问题是即使我在 kafka my-cluster-kafka-0 pod 环境变量KAFKA_AUTHORIZATION_TYPE=simple中看到的上述代码,即使authorizer.class.name=kafka.security.auth.SimpleAclAuthorizerserver.properties中不存在

Note: No Warnings/Errors in log of strimzi-cluster-operator pod while deploying above code.注意:部署上述代码时, srimzi-cluster-operator pod 的日志中没有警告/错误。

I am working on Strimzi for 1st time so please help me enabling ACL's.我正在第一次使用 Strimzi,所以请帮助我启用 ACL。

1 个解决方案

解决方案1
 1 已采纳  2020-04-05 15:17:58

Your Kafka custom resource doesn't enable You need to add the `authorization section.您的 Kafka 自定义资源未启用您需要添加“授权”部分。

    listeners:
      tls:
        authentication:
          type: tls
      external:
        type: route
        authentication:
          type: tls
    authorization:
      type: simple
      superUsers:
        - CN=my-user

You can read more about it in the documentation: https://strimzi.io/docs/latest/full.html#assembly-kafka-authentication-and-authorization-deployment-configuration-kafka您可以在文档中阅读有关它的更多信息: https://strimzi.io/docs/latest/full.html#assembly-kafka-authentication-and-authorization-deployment-configuration-kafka

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 strimzi kafka operator 已经支持kafka版本 - strimzi kafka operator have supported kafka versions 如何将创建的用户传递给 Kubernetes Strimzi Kafka Operator 集群中的 producer.sh/consumer.sh? - How to pass user created to producer.sh/consumer.sh in Kubernetes Strimzi Kafka Operator cluster? 连接到 srimzi kafka 集群的 UI 工具 - UI tools to connect to strimzi kafka cluster Strimzi Kube.netes Kafka 集群 ID 不匹配 - Strimzi Kubernetes Kafka Cluster ID not matching 在Openshift上使用Strimzi运算符的Apache Kafka-无法连接 - Apache Kafka with Strimzi operator on Openshift - cannot connect strimzi 运算符 0.20 kafka 'useServiceDnsDomain' 无效 - strimzi operator 0.20 kafka 'useServiceDnsDomain' has no effect 将 Jolokia 附加到使用 Strimzi 运算符部署的 kafka 代理 - Attaching Jolokia to kafka brokers deployed using Strimzi operator 使用 strimzi 运算符时如何列出 Kafka 主题 - How to list Kafka topics while I am using strimzi operator 在Prometheus Discovery中配置Kafka-zookeeper集群(使用Strimzi Kafka集群) - Configuring Kafka-zookeeper cluster in Prometheus Discovery(Using Strimzi Kafka cluster) 是否可以访问在 OpenShift 上安装了 Route 侦听器类型的 Strimzi Kafka 中的 Zookeeper? - Is it possible to access Zookeeper in Strimzi Kafka installed with Route listener type on OpenShift?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM