sttlab
55 lines
1.2 KiB
YAML
55 lines
1.2 KiB
YAML
---
|
|
# Admin account: super user (declared in Kafka CR → authorization.superUsers).
|
|
# Strimzi-generated secret: kubectl -n kafka get secret kafka-admin
|
|
apiVersion: kafka.strimzi.io/v1
|
|
kind: KafkaUser
|
|
metadata:
|
|
name: kafka-admin
|
|
namespace: kafka
|
|
labels:
|
|
strimzi.io/cluster: kafka
|
|
spec:
|
|
authentication:
|
|
type: scram-sha-512
|
|
---
|
|
# Application account with explicit ACLs — duplicate per application.
|
|
# Strimzi-generated secret: kubectl -n kafka get secret kafka-client
|
|
apiVersion: kafka.strimzi.io/v1
|
|
kind: KafkaUser
|
|
metadata:
|
|
name: kafka-client
|
|
namespace: kafka
|
|
labels:
|
|
strimzi.io/cluster: kafka
|
|
spec:
|
|
authentication:
|
|
type: scram-sha-512
|
|
authorization:
|
|
type: simple
|
|
acls:
|
|
- resource:
|
|
type: topic
|
|
name: "*"
|
|
patternType: literal
|
|
operations:
|
|
- Read
|
|
- Write
|
|
- Create
|
|
- Delete
|
|
- Describe
|
|
- DescribeConfigs
|
|
- resource:
|
|
type: group
|
|
name: "*"
|
|
patternType: literal
|
|
operations:
|
|
- Read
|
|
- Describe
|
|
- resource:
|
|
type: transactionalId
|
|
name: "*"
|
|
patternType: literal
|
|
operations:
|
|
- Describe
|
|
- Write
|