[英]Strimzi operator Kafka cluster ACL not enabling with type: simple
We know to enable Kafka ACL property authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
to be added in server.properties
but how to enable that if Kafka cluster is running by Strimzi operator?我们知道要在
server.properties
中添加 Kafka ACL 属性authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
但是如果 Kafka 集群由 Strimzi 操作员运行,如何启用它?
From Strimzi documents I have come to know in order to enable authorization, need to enable below code for kind: Kafka
under spec:从我了解到的 Strimzi 文档中,为了启用授权,需要为
kind: Kafka
下的规范:
listeners:
tls:
authentication:
type: tls
Full code @ kafka-zookeeper-apps-tls-enabled.yml完整代码@ kafka-zookeeper-apps-tls-enabled.yml
Also the below code for kind: KafkaUser
还有下面的代码
kind: KafkaUser
authentication:
type: tls
authorization:
type: simple
Full code@ example-consumer-deny-deployment-authentication-TLS-alias-SSL.yml完整代码@ example-consumer-deny-deployment-authentication-TLS-alias-SSL.yml
In above example-consumer-deny-deployment-authentication-TLS-alias-SSL.yml
code although ACL type: deny
am still able to consume messages.在上面
example-consumer-deny-deployment-authentication-TLS-alias-SSL.yml
代码中,尽管 ACL type: deny
仍然能够使用消息。
Problem is even with the above code I see in kafka my-cluster-kafka-0 pod environment variable KAFKA_AUTHORIZATION_TYPE=simple is absent even the authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
is absent in server.properties
问题是即使我在 kafka my-cluster-kafka-0 pod 环境变量KAFKA_AUTHORIZATION_TYPE=simple中看到的上述代码,即使
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
在server.properties
中不存在
Note: No Warnings/Errors in log of strimzi-cluster-operator pod while deploying above code.注意:部署上述代码时, srimzi-cluster-operator pod 的日志中没有警告/错误。
I am working on Strimzi for 1st time so please help me enabling ACL's.我正在第一次使用 Strimzi,所以请帮助我启用 ACL。
Your Kafka custom resource doesn't enable You need to add the `authorization section.您的 Kafka 自定义资源未启用您需要添加“授权”部分。
listeners:
tls:
authentication:
type: tls
external:
type: route
authentication:
type: tls
authorization:
type: simple
superUsers:
- CN=my-user
You can read more about it in the documentation: https://strimzi.io/docs/latest/full.html#assembly-kafka-authentication-and-authorization-deployment-configuration-kafka您可以在文档中阅读有关它的更多信息: https://strimzi.io/docs/latest/full.html#assembly-kafka-authentication-and-authorization-deployment-configuration-kafka
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.