2024-12-04 14:21:52 +01:00
|
|
|
apiVersion: kafka.strimzi.io/v1beta2
|
|
|
|
|
kind: KafkaUser
|
|
|
|
|
metadata:
|
2024-12-06 11:18:49 +01:00
|
|
|
name: schema-registry-user
|
|
|
|
|
namespace: kafka
|
2024-12-04 14:21:52 +01:00
|
|
|
labels:
|
|
|
|
|
strimzi.io/cluster: kafka-cluster
|
|
|
|
|
spec:
|
|
|
|
|
authentication:
|
|
|
|
|
type: tls
|
|
|
|
|
authorization:
|
|
|
|
|
# Official docs on authorizations required for the Schema Registry:
|
|
|
|
|
# https://docs.confluent.io/current/schema-registry/security/index.html#authorizing-access-to-the-schemas-topic
|
|
|
|
|
type: simple
|
|
|
|
|
acls:
|
|
|
|
|
# Allow all operations on the registry-schemas topic
|
|
|
|
|
# Read, Write, and DescribeConfigs are known to be required
|
|
|
|
|
- resource:
|
|
|
|
|
type: topic
|
|
|
|
|
name: registry-schemas
|
|
|
|
|
patternType: literal
|
|
|
|
|
operation: All
|
|
|
|
|
type: allow
|
|
|
|
|
# Allow all operations on the schema-registry* group
|
|
|
|
|
- resource:
|
|
|
|
|
type: group
|
|
|
|
|
name: schema-registry
|
|
|
|
|
patternType: prefix
|
|
|
|
|
operation: All
|
|
|
|
|
type: allow
|
|
|
|
|
# Allow Describe on the __consumer_offsets topic
|
|
|
|
|
- resource:
|
|
|
|
|
type: topic
|
|
|
|
|
name: __consumer_offsets
|
|
|
|
|
patternType: literal
|
|
|
|
|
operation: Describe
|
|
|
|
|
type: allow
|
