Chapter 21. KafkaAuthorizationSimple schema reference
Used in: KafkaClusterSpec
Full list of KafkaAuthorizationSimple
schema properties
For simple authorization, Streams for Apache Kafka uses Kafka’s built-in authorization plugins: the StandardAuthorizer
for KRaft mode and the AclAuthorizer
for ZooKeeper-based cluster management. ACLs allow you to define which users have access to which resources at a granular level.
Configure the Kafka
custom resource to use simple authorization. Set the type
property in the authorization
section to the value simple
, and configure a list of super users.
Access rules are configured for the KafkaUser
, as described in the ACLRule schema reference.
21.1. superUsers
A list of user principals treated as super users, so that they are always allowed without querying ACL rules.
An example of simple authorization configuration
apiVersion: kafka.strimzi.io/v1beta2 kind: Kafka metadata: name: my-cluster namespace: myproject spec: kafka: # ... authorization: type: simple superUsers: - CN=client_1 - user_2 - CN=client_3 # ...
The super.user
configuration option in the config
property in Kafka.spec.kafka
is ignored. Designate super users in the authorization
property instead. For more information, see Kafka broker configuration.
21.2. KafkaAuthorizationSimple
schema properties
The type
property is a discriminator that distinguishes use of the KafkaAuthorizationSimple
type from KafkaAuthorizationOpa
, KafkaAuthorizationKeycloak
, KafkaAuthorizationCustom
. It must have the value simple
for the type KafkaAuthorizationSimple
.
Property | Property type | Description |
---|---|---|
type | string |
Must be |
superUsers | string array | List of super users. Should contain list of user principals which should get unlimited access rights. |