Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 12. Using the User Operator to manage Kafka users

When you create, modify or delete a user using the KafkaUser resource, the User Operator ensures that these changes are reflected in the Kafka cluster.

For more information on the KafkaUser resource, see the KafkaUser schema reference.

12.1. Configuring Kafka users
링크 복사

Use the properties of the KafkaUser resource to configure Kafka users.

You can use oc apply to create or modify users, and oc delete to delete existing users.

For example:

  • oc apply -f <user_config_file>
  • oc delete KafkaUser <user_name>

Users represent Kafka clients. When you configure Kafka users, you enable the user authentication and authorization mechanisms required by clients to access Kafka. The mechanism used must match the equivalent Kafka configuration. For more information on using Kafka and KafkaUser resources to secure access to Kafka brokers, see https://docs.redhat.com/en/documentation/red_hat_streams_for_apache_kafka/2.9/html-single/deploying_and_managing_streams_for_apache_kafka_on_openshift/index#assembly-securing-access-str.

Prerequisites

  • A running Kafka cluster configured with a Kafka broker listener using mTLS authentication and TLS encryption.
  • A running User Operator (typically deployed with the Entity Operator).

Procedure

  1. Configure the KafkaUser resource.

    This example specifies mTLS authentication and simple authorization using ACLs.

    Example Kafka user configuration

    apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
  name: my-user-1
  labels:
    strimzi.io/cluster: my-cluster
spec:
  authentication:
    type: tls
  authorization:
    type: simple
    acls:
      # Example consumer Acls for topic my-topic using consumer group my-group
      - resource:
          type: topic
          name: my-topic
          patternType: literal
        operations:
          - Describe
          - Read
        host: "*"
      - resource:
          type: group
          name: my-group
          patternType: literal
        operations:
          - Read
        host: "*"
      # Example Producer Acls for topic my-topic
      - resource:
          type: topic
          name: my-topic
          patternType: literal
        operations:
          - Create
          - Describe
          - Write
        host: "*"
    Copy to Clipboard Toggle word wrap

  2. Create the KafkaUser resource in OpenShift. 

    oc apply -f <user_config_file>
    Copy to Clipboard Toggle word wrap

  3. Wait for the ready status of the user to change to True: 

    oc get kafkausers -o wide -w -n <namespace>
    Copy to Clipboard Toggle word wrap

    Kafka user status

    NAME       CLUSTER     AUTHENTICATION  AUTHORIZATION READY
my-user-1  my-cluster  tls             simple        True
my-user-2  my-cluster  tls             simple
my-user-3  my-cluster  tls             simple        True
    Copy to Clipboard Toggle word wrap

    User creation is successful when the READY output shows True.

  4. If the READY column stays blank, get more details on the status from the resource YAML or User Operator logs.

    Messages provide details on the reason for the current status. 

    oc get kafkausers my-user-2 -o yaml
    Copy to Clipboard Toggle word wrap

    Details on a user with a NotReady status

    # ...
status:
  conditions:
  - lastTransitionTime: "2022-06-10T10:07:37.238065Z"
    message: Simple authorization ACL rules are configured but not supported in the
      Kafka cluster configuration.
    reason: InvalidResourceException
    status: "True"
    type: NotReady
    Copy to Clipboard Toggle word wrap

    In this example, the reason the user is not ready is because simple authorization is not enabled in the Kafka configuration.

    Kafka configuration for simple authorization

      apiVersion: kafka.strimzi.io/v1beta2
  kind: Kafka
  metadata:
    name: my-cluster
  spec:
    kafka:
      # ...
      authorization:
        type: simple
    Copy to Clipboard Toggle word wrap

    After updating the Kafka configuration, the status shows the user is ready. 

    oc get kafkausers my-user-2 -o wide -w -n <namespace>
    Copy to Clipboard Toggle word wrap

    Status update of the user

    NAME       CLUSTER     AUTHENTICATION  AUTHORIZATION READY
my-user-2  my-cluster  tls             simple        True
    Copy to Clipboard Toggle word wrap

    Fetching the details shows no messages. 

    oc get kafkausers my-user-2 -o yaml
    Copy to Clipboard Toggle word wrap

    Details on a user with a READY status

    # ...
status:
  conditions:
  - lastTransitionTime: "2022-06-10T10:33:40.166846Z"
    status: "True"
    type: Ready
    Copy to Clipboard Toggle word wrap

맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2025 Red Hat