first commit
This commit is contained in:
sttlab
@@ -0,0 +1,53 @@
|
||||
---
|
||||
# Admin account: super user (declared in Kafka CR → authorization.superUsers).
|
||||
# Strimzi-generated secret: kubectl -n kafka get secret kafka-admin
|
||||
apiVersion: kafka.strimzi.io/v1
|
||||
kind: KafkaUser
|
||||
metadata:
|
||||
name: kafka-admin
|
||||
namespace: kafka
|
||||
labels:
|
||||
strimzi.io/cluster: kafka
|
||||
spec:
|
||||
authentication:
|
||||
type: scram-sha-512
|
||||
---
|
||||
# Application account with explicit ACLs — duplicate per application.
|
||||
# Strimzi-generated secret: kubectl -n kafka get secret kafka-client
|
||||
apiVersion: kafka.strimzi.io/v1
|
||||
kind: KafkaUser
|
||||
metadata:
|
||||
name: kafka-client
|
||||
namespace: kafka
|
||||
labels:
|
||||
strimzi.io/cluster: kafka
|
||||
spec:
|
||||
authentication:
|
||||
type: scram-sha-512
|
||||
authorization:
|
||||
type: simple
|
||||
acls:
|
||||
- resource:
|
||||
type: topic
|
||||
name: "*"
|
||||
patternType: literal
|
||||
operations:
|
||||
- Read
|
||||
- Write
|
||||
- Create
|
||||
- Describe
|
||||
- DescribeConfigs
|
||||
- resource:
|
||||
type: group
|
||||
name: "*"
|
||||
patternType: literal
|
||||
operations:
|
||||
- Read
|
||||
- Describe
|
||||
- resource:
|
||||
type: transactionalId
|
||||
name: "*"
|
||||
patternType: literal
|
||||
operations:
|
||||
- Describe
|
||||
- Write
|
||||
Reference in New Issue
Block a user