Kafka Connect の承認が有効である場合、Kafka Connect ユーザーを設定し、Kafka Connect のコンシューマーグループおよび内部トピックに読み書き権限を付与する必要があります。
apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaConnect
metadata:
name: my-connect
spec:
# ...
config:
group.id: my-connect-cluster
offset.storage.topic: my-connect-cluster-offsets
config.storage.topic: my-connect-cluster-configs
status.storage.topic: my-connect-cluster-status
# ...
# ...
apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaConnect
metadata:
name: my-connect
spec:
config:
group.id: my-connect-cluster
1
offset.storage.topic: my-connect-cluster-offsets
2
config.storage.topic: my-connect-cluster-configs
3
status.storage.topic: my-connect-cluster-status
4
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
この手順では、Kafka Connect のユーザーアクセスを承認する方法を説明します。
Kafka でいかなるタイプの承認が使用される場合、Kafka Connect ユーザーは Kafka Connect のコンシューマーグループおよび内部トピックへのアクセス権限が必要になります。
この手順では、simple 承認の使用時にアクセス権限が付与される方法を説明します。
簡易 (simple) 承認は、Kafka SimpleAclAuthorizer プラグインによって処理される ACL ルールを使用し、適切なレベルのアクセス権限が提供されます。KafkaUser リソースの設定による簡易承認の使用に関する詳細は Kafka User リソース を参照してください。
前提条件
-
OpenShift クラスター
-
稼働中の Cluster Operator
手順
KafkaUser リソースの authorization プロパティーを編集し、アクセス権限をユーザーに付与します。
以下の例では、literal の名前の値を使用して Kafka Connect トピックおよびコンシューマーグループにアクセス権限が設定されます。
Expand| プロパティー | 名前 |
|---|
|
offset.storage.topic
|
connect-cluster-offsets
|
|
status.storage.topic
|
connect-cluster-status
|
|
config.storage.topic
|
connect-cluster-configs
|
|
group
|
connect-cluster
|
apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaUser
metadata:
name: my-user
labels:
strimzi.io/cluster: my-cluster
spec:
# ...
authorization:
type: simple
acls:
# access to offset.storage.topic
- resource:
type: topic
name: connect-cluster-offsets
patternType: literal
operation: Write
host: "*"
- resource:
type: topic
name: connect-cluster-offsets
patternType: literal
operation: Create
host: "*"
- resource:
type: topic
name: connect-cluster-offsets
patternType: literal
operation: Describe
host: "*"
- resource:
type: topic
name: connect-cluster-offsets
patternType: literal
operation: Read
host: "*"
# access to status.storage.topic
- resource:
type: topic
name: connect-cluster-status
patternType: literal
operation: Write
host: "*"
- resource:
type: topic
name: connect-cluster-status
patternType: literal
operation: Create
host: "*"
- resource:
type: topic
name: connect-cluster-status
patternType: literal
operation: Describe
host: "*"
- resource:
type: topic
name: connect-cluster-status
patternType: literal
operation: Read
host: "*"
# access to config.storage.topic
- resource:
type: topic
name: connect-cluster-configs
patternType: literal
operation: Write
host: "*"
- resource:
type: topic
name: connect-cluster-configs
patternType: literal
operation: Create
host: "*"
- resource:
type: topic
name: connect-cluster-configs
patternType: literal
operation: Describe
host: "*"
- resource:
type: topic
name: connect-cluster-configs
patternType: literal
operation: Read
host: "*"
# consumer group
- resource:
type: group
name: connect-cluster
patternType: literal
operation: Read
host: "*"
apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaUser
metadata:
name: my-user
labels:
strimzi.io/cluster: my-cluster
spec:
authorization:
type: simple
acls:
- resource:
type: topic
name: connect-cluster-offsets
patternType: literal
operation: Write
host: "*"
- resource:
type: topic
name: connect-cluster-offsets
patternType: literal
operation: Create
host: "*"
- resource:
type: topic
name: connect-cluster-offsets
patternType: literal
operation: Describe
host: "*"
- resource:
type: topic
name: connect-cluster-offsets
patternType: literal
operation: Read
host: "*"
- resource:
type: topic
name: connect-cluster-status
patternType: literal
operation: Write
host: "*"
- resource:
type: topic
name: connect-cluster-status
patternType: literal
operation: Create
host: "*"
- resource:
type: topic
name: connect-cluster-status
patternType: literal
operation: Describe
host: "*"
- resource:
type: topic
name: connect-cluster-status
patternType: literal
operation: Read
host: "*"
- resource:
type: topic
name: connect-cluster-configs
patternType: literal
operation: Write
host: "*"
- resource:
type: topic
name: connect-cluster-configs
patternType: literal
operation: Create
host: "*"
- resource:
type: topic
name: connect-cluster-configs
patternType: literal
operation: Describe
host: "*"
- resource:
type: topic
name: connect-cluster-configs
patternType: literal
operation: Read
host: "*"
- resource:
type: group
name: connect-cluster
patternType: literal
operation: Read
host: "*"
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
リソースを作成または更新します。
oc apply -f your-file
oc apply -f your-file
Copy to Clipboard
Copied!
Toggle word wrap
Toggle overflow
Red Hat Summit
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}