Chapter 21. KafkaAuthorizationSimple schema reference
Used in: KafkaClusterSpec
Full list of KafkaAuthorizationSimple schema properties
For simple authorization, Streams for Apache Kafka uses Kafka’s built-in authorization plugins: the StandardAuthorizer for KRaft mode and the AclAuthorizer for ZooKeeper-based cluster management. ACLs allow you to define which users have access to which resources at a granular level.
Configure the Kafka custom resource to use simple authorization. Set the type property in the authorization section to the value simple, and configure a list of super users.
Access rules are configured for the KafkaUser, as described in the ACLRule schema reference.
21.1. superUsers
A list of user principals treated as super users, so that they are always allowed without querying ACL rules.
An example of simple authorization configuration
apiVersion: kafka.strimzi.io/v1beta2
kind: Kafka
metadata:
name: my-cluster
namespace: myproject
spec:
kafka:
# ...
authorization:
type: simple
superUsers:
- CN=client_1
- user_2
- CN=client_3
# ...
The super.user configuration option in the config property in Kafka.spec.kafka is ignored. Designate super users in the authorization property instead. For more information, see Kafka broker configuration.
21.2. KafkaAuthorizationSimple schema properties
The type property is a discriminator that distinguishes use of the KafkaAuthorizationSimple type from KafkaAuthorizationOpa, KafkaAuthorizationKeycloak, KafkaAuthorizationCustom. It must have the value simple for the type KafkaAuthorizationSimple.
| Property | Property type | Description |
|---|---|---|
| type | string |
Must be |
| superUsers | string array | List of super users. Should contain list of user principals which should get unlimited access rights. |
