37 lines
1 KiB
YAML
37 lines
1 KiB
YAML
|
apiVersion: kafka.strimzi.io/v1beta2
|
||
|
|
kind: KafkaUser
|
||
|
|
metadata:
|
||
|
|
name: confluent-schema-registry
|
||
|
|
labels:
|
||
|
|
strimzi.io/cluster: kafka-cluster
|
||
|
|
spec:
|
||
|
|
authentication:
|
||
|
|
type: tls
|
||
|
|
authorization:
|
||
|
|
# Official docs on authorizations required for the Schema Registry:
|
||
|
|
# https://docs.confluent.io/current/schema-registry/security/index.html#authorizing-access-to-the-schemas-topic
|
||
|
|
type: simple
|
||
|
|
acls:
|
||
|
|
# Allow all operations on the registry-schemas topic
|
||
|
|
# Read, Write, and DescribeConfigs are known to be required
|
||
|
|
- resource:
|
||
|
|
type: topic
|
||
|
|
name: registry-schemas
|
||
|
|
patternType: literal
|
||
|
|
operation: All
|
||
|
|
type: allow
|
||
|
|
# Allow all operations on the schema-registry* group
|
||
|
|
- resource:
|
||
|
|
type: group
|
||
|
|
name: schema-registry
|
||
|
|
patternType: prefix
|
||
|
|
operation: All
|
||
|
|
type: allow
|
||
|
|
# Allow Describe on the __consumer_offsets topic
|
||
|
|
- resource:
|
||
|
|
type: topic
|
||
|
|
name: __consumer_offsets
|
||
|
|
patternType: literal
|
||
|
|
operation: Describe
|
||
|
|
type: allow
|