主页
产品
Red Hat AMQ
2020.Q4
在 OpenShift 中使用 AMQ Streams
2.2.3. 配置 Kafka Connect 用户授权

2.2.3. 配置 Kafka Connect 用户授权

这个步骤描述了如何授权用户对 Kafka Connect 的访问。

当 Kafka 中使用任何类型的授权时，Kafka Connect 用户需要对消费者组的读/写访问权限以及 Kafka Connect 的内部主题。

用户组和内部主题的属性由 AMQ Streams 自动配置，或者可以在 KafkaConnect 或 KafkaConnect S2I 资源的 spec 中明确指定。

KafkaConnect 资源中的配置属性示例

apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaConnect
metadata:
  name: my-connect
spec:
  # ...
  config:
    group.id: my-connect-cluster 
    offset.storage.topic: my-connect-cluster-offsets 
    config.storage.topic: my-connect-cluster-configs 
    status.storage.topic: my-connect-cluster-status 
    # ...
  # ...

apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaConnect
metadata:
  name: my-connect
spec:
  # ...
  config:
    group.id: my-connect-cluster


    offset.storage.topic: my-connect-cluster-offsets


    config.storage.topic: my-connect-cluster-configs


    status.storage.topic: my-connect-cluster-status


    # ...
  # ...

Copy to Clipboard

Toggle word wrap

1: 属于该实例的 Kafka Connect 集群组。
2: 存储连接器偏移的 Kafka 主题。
3: 存储连接器和任务状态配置的 Kafka 主题。
4: 存储连接器和任务状态更新的 Kafka 主题。

此流程演示了在使用 简单 授权时如何提供访问权限。

简单的授权使用由 Kafka AclAuthorizer 插件处理的 ACL 规则来提供正确的访问级别。有关将 KafkaUser 资源配置为使用简单授权的更多信息，请参阅 AclRule schema 引用。

注意

运行多个实例时，使用者组和主题的默认值将有所不同。

先决条件

OpenShift 集群
一个正在运行的 Cluster Operator

步骤

编辑 KafkaUser 资源中 的授权 属性，以便为用户提供访问权限。

在以下示例中，使用 字面 名称值为 Kafka Connect 主题和消费者组配置访问权限：

Expand

属性	Name
`offset.storage.topic`	`connect-cluster-offsets`
`status.storage.topic`	`connect-cluster-status`
`config.storage.topic`	`connect-cluster-configs`
`group`	`connect-cluster`

apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaUser
metadata:
  name: my-user
  labels:
    strimzi.io/cluster: my-cluster
spec:
  # ...
  authorization:
    type: simple
    acls:
      # access to offset.storage.topic
      - resource:
          type: topic
          name: connect-cluster-offsets
          patternType: literal
        operation: Write
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-offsets
          patternType: literal
        operation: Create
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-offsets
          patternType: literal
        operation: Describe
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-offsets
          patternType: literal
        operation: Read
        host: "*"
      # access to status.storage.topic
      - resource:
          type: topic
          name: connect-cluster-status
          patternType: literal
        operation: Write
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-status
          patternType: literal
        operation: Create
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-status
          patternType: literal
        operation: Describe
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-status
          patternType: literal
        operation: Read
        host: "*"
      # access to config.storage.topic
      - resource:
          type: topic
          name: connect-cluster-configs
          patternType: literal
        operation: Write
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-configs
          patternType: literal
        operation: Create
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-configs
          patternType: literal
        operation: Describe
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-configs
          patternType: literal
        operation: Read
        host: "*"
      # consumer group
      - resource:
          type: group
          name: connect-cluster
          patternType: literal
        operation: Read
        host: "*"

apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaUser
metadata:
  name: my-user
  labels:
    strimzi.io/cluster: my-cluster
spec:
  # ...
  authorization:
    type: simple
    acls:
      # access to offset.storage.topic
      - resource:
          type: topic
          name: connect-cluster-offsets
          patternType: literal
        operation: Write
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-offsets
          patternType: literal
        operation: Create
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-offsets
          patternType: literal
        operation: Describe
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-offsets
          patternType: literal
        operation: Read
        host: "*"
      # access to status.storage.topic
      - resource:
          type: topic
          name: connect-cluster-status
          patternType: literal
        operation: Write
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-status
          patternType: literal
        operation: Create
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-status
          patternType: literal
        operation: Describe
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-status
          patternType: literal
        operation: Read
        host: "*"
      # access to config.storage.topic
      - resource:
          type: topic
          name: connect-cluster-configs
          patternType: literal
        operation: Write
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-configs
          patternType: literal
        operation: Create
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-configs
          patternType: literal
        operation: Describe
        host: "*"
      - resource:
          type: topic
          name: connect-cluster-configs
          patternType: literal
        operation: Read
        host: "*"
      # consumer group
      - resource:
          type: group
          name: connect-cluster
          patternType: literal
        operation: Read
        host: "*"

Copy to Clipboard

Toggle word wrap

创建或更新资源。
```
oc apply -f KAFKA-USER-CONFIG-FILE
```
```
oc apply -f KAFKA-USER-CONFIG-FILE
```
Copy to Clipboard Toggle word wrap

返回顶部

2.2.3. 配置 Kafka Connect 用户授权

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links