Strimzi 操作员 Kafka 集群 ACL 未启用类型:简单 [英] Strimzi operator Kafka cluster ACL not enabling with type: simple

问题描述

我们知道要在 server.properties 中添加 Kafka ACL 属性 authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer 但是如何启用它，如果Kafka 集群由 Strimzi 运营商运行?

We know to enable Kafka ACL property authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer to be added in server.properties but how to enable that if Kafka cluster is running by Strimzi operator?

从我从Strimzi文档中了解到，为了启用授权，需要在规范下为kind: Kafka启用以下代码:

From Strimzi documents I have come to know in order to enable authorization, need to enable below code for kind: Kafka under spec:

listeners:
      tls:
        authentication:
         type: tls 

完整代码@kafka-zookeeper-apps-t启用.yml

还有以下 kind: KafkaUser

authentication:
    type: tls
  authorization:
    type: simple

完整代码@example-consumer-deny-deployment-authenticationTLS-alias-SSL.yml

在上面的 example-consumer-deny-deployment-authentication-TLS-alias-SSL.yml 代码中，虽然 ACL type: deny我仍然可以使用消息.

In above example-consumer-deny-deployment-authentication-TLS-alias-SSL.yml code although ACL type: deny am still able to consume messages.

问题出在我在 kafka my-cluster-kafka-0 pod 环境变量 KAFKA_AUTHORIZATION_TYPE=simple 中看到的上述代码中，即使 授权者也不存在.server.properties

Problem is even with the above code I see in kafka my-cluster-kafka-0 pod environment variable KAFKA_AUTHORIZATION_TYPE=simple is absent even the authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer is absent in server.properties

注意: 部署上述代码时 strimzi-cluster-operator pod 的日志中没有警告/错误.

Note: No Warnings/Errors in log of strimzi-cluster-operator pod while deploying above code.

我第一次在 Strimzi 上工作，所以请帮我启用 ACL.

I am working on Strimzi for 1st time so please help me enabling ACL's.

推荐答案

你的Kafka自定义资源没有启用你需要添加`授权部分.

Your Kafka custom resource doesn't enable You need to add the `authorization section.

    listeners:
      tls:
        authentication:
          type: tls
      external:
        type: route
        authentication:
          type: tls
    authorization:
      type: simple
      superUsers:
        - CN=my-user

您可以在文档中阅读更多相关信息:https://strimzi.io/docs/latest/full.html#assembly-kafka-authentication-and-authorization-deployment-configuration-kafka

You can read more about it in the documentation: https://strimzi.io/docs/latest/full.html#assembly-kafka-authentication-and-authorization-deployment-configuration-kafka

这篇关于Strimzi 操作员 Kafka 集群 ACL 未启用类型:简单的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！