堆栈内存溢出
  简体   繁体   English

想要一些如何使用 kafkaUser 的实际示例

[英]Want some practical example how to use kafkaUser

 原文  2020-11-18 06:48:06       apache-kafka/ kafka-topic/ strimzi

问题描述

I am using Kafka with strimzi operator.我正在使用带有 strimzi 运算符的 Kafka。 I don't know how to use KafkaUser can anyone please suggest to me where I should learn it's practical implementation.我不知道如何使用 KafkaUser 任何人都可以向我建议我应该在哪里学习它的实际实现。 I just created a Kafka user and KafkaTopic now I am totally blank about what to do.我刚刚创建了一个 Kafka 用户和 KafkaTopic 现在我完全不知道该怎么做。 This is my KafkaUSer yml code :这是我的 KafkaUSer yml 代码:

apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaUser
metadata:
  name: my-user
  labels:
    strimzi.io/cluster: my-cluster
spec:
  authentication:
    type: tls
  authorization:
    type: simple
    acls:
      # Example consumer Acls for topic my-topic using consumer group my-group
      - resource:
          type: topic
          name: my-topic
          patternType: literal
        operation: Read
        host: "*"
      - resource:
          type: topic
          name: my-topic
          patternType: literal
        operation: Describe
        host: "*"
      - resource:
          type: group
          name: my-group
          patternType: literal
        operation: Read
        host: "*"
      # Example Producer Acls for topic my-topic
      - resource:
          type: topic
          name: my-topic
          patternType: literal
        operation: Write
        host: "*"
      - resource:
          type: topic
          name: my-topic
          patternType: literal
        operation: Create
        host: "*"
      - resource:
          type: topic
          name: my-topic
          patternType: literal
        operation: Describe
        host: "*"

and this is my KafkaTopic yml file code :这是我的 KafkaTopic yml 文件代码:

apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaTopic
metadata:
  name: my-topic
  labels:
    strimzi.io/cluster: my-cluster
spec:
  partitions: 1
  replicas: 1
  config:
    retention.ms: 7200000
    segment.bytes: 1073741824

1 个解决方案

解决方案1
 1 已采纳  2020-11-18 08:21:44

If you enabled the tls authentication on the user I would expect that in your Kafka custom resource you have authentication enabled as well.如果您对用户启用了tls身份验证,我希望在您的Kafka自定义资源中您也启用了身份验证。 When the KafkaUser is created with this authentication type, a corresponding Secret is generated with user private key and certificate for the mutual TLS authentication with the broker.当使用此身份验证类型创建KafkaUser ,会使用用户私钥和证书生成相应的 Secret,以便与代理进行KafkaUser TLS 身份验证。 You have to extract key and certificate from the Secret and configure your keystore in your client application (it depends on the language you are using. If it's Java you can just extract the keystore directly from the Secret in P12 format with corresponding password).您必须从 Secret 中提取密钥和证书,并在您的客户端应用程序中配置您的密钥库(这取决于您使用的语言。如果是 Java,您可以直接从带有相应密码的 P12 格式的 Secret 中提取密钥库)。 If it's Java you can refer on official Kafka doc for setting up keystore and truststore when extracted from the Secrets: https://kafka.apache.org/documentation/#security_configclients如果它是 Java,您可以参考官方 Kafka 文档,在从 Secrets 中提取时设置密钥库和信任库: https : //kafka.apache.org/documentation/#security_configclients

Having mutual TLS enabled authentication, it means that you also have to connect via TLS to the brokers (you have enabled it in the Kafka resource) so you have to extract from the cluster CA Secret, the certificate and import it into your truststore.启用双向 TLS 身份验证,这意味着您还必须通过 TLS 连接到代理(您已在Kafka资源中启用它),因此您必须从集群 CA Secret 中提取证书并将其导入您的信任库。 That point the client will be able to connect, to be authenticated and the ACLs you described will be applied.那时客户端将能够连接、进行身份验证并且您描述的 ACL 将被应用。

More info are on the official documentation:更多信息在官方文档中:

About user authentication https://strimzi.io/docs/operators/master/using.html#con-securing-client-authentication-str关于用户认证https://strimzi.io/docs/operators/master/using.html#con-securing-client-authentication-str

About clients running on Kubernetes connecting to the cluster https://strimzi.io/docs/operators/master/using.html#configuring-internal-clients-to-trust-cluster-ca-str关于在 Kubernetes 上运行的客户端连接到集群https://strimzi.io/docs/operators/master/using.html#configuring-internal-clients-to-trust-cluster-ca-str

About clients running outside Kubernetes connecting to the cluster https://strimzi.io/docs/operators/master/using.html#configuring-external-clients-to-trust-cluster-ca-str关于在 Kubernetes 之外运行的客户端连接到集群https://strimzi.io/docs/operators/master/using.html#configuring-external-clients-to-trust-cluster-ca-str

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Select 正确的 KafkaUser 身份验证类型? - Select proper KafkaUser authentication type? 关于如何将 Headers 与 Confluent Kafka C# 库一起使用的示例 - Example on how to use Headers with Confluent Kafka C# library Spring Kafka - 事件源 - 使用Kafka + KafkaStreams API查询某些实体状态的示例 - Spring Kafka - Event sourcing - Example of how to query some entity state using Kafka + KafkaStreams API 在 Spring Boot 你如何配置一些监听器使用自动确认和其他使用手动确认 - In Spring Boot How do you configure some listeners to use automatic Acknowledgment and others to use manual acknowledgment Kafka压缩,如何将其限制为列出的某些主题? 如何使用客户端产生的API使用Compressed.topics属性? - Kafka compression, how to limit it to some listed topics? How to use compressed.topics property using clients produce API? 在风暴中存储批处理的kafka消息需要一些例子 - store batched kafka messages in storm need some example 如何通过代理通过 tcp 连接到 Kafka 代理(不想使用 kafka rest) - How to connect to Kafka brokers via proxy over tcp (don't want to use kafka rest) 如果其他人可以举出实时示例,那么zookeeper是否仅用于kafka? - Is zookeeper used only for kafka if others then can some one give realtime example? 在这个例子中使用 Kafka 有什么意义,为什么不直接使用 DB? - What is the point of using Kafka in this example and why not use DB straightaway? 在Kafka中使用某些组进行分区的原因是什么? - What is reason to use some groups for partition in Kafka?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM