![]() It connects to Kafka using Shopify/sarama and fetches information about ACLs and topics directly from the cluster. Kafka-acl-viewer is a small open-source application written in Go. Let's fix that! Deploying kafka-acl-viewer These Kubernetes resources already give a nice and searchable definition of your cluster access model but it is somewhat difficult to get an overview. More information about the specifics of the Kafka access model can be found here: Authorization using ACLs - Confluent Platform. This specific example gives the user access to perform API calls grouped under the Write operation on the shipments topic. The ACLs listed in the acls section are applied on the Kafka cluster by the User Operator as well. ![]() The client is then identified by its certificate and the cluster can authorise it to access resources in the cluster according to the ACLs. This allows a client to connect and authenticate with the Kafka cluster using mutual TLS. The certificate along with the private key will be stored in a Kubernetes Secret with the same name as the user, the secret also contains the public key of the certificate authority issuing the certificates for the cluster nodes. This resource will be picked up by the Strimzi User Operator which will issue a client certificate signed by the certificate authority trusted by the Kafka cluster nodes. To avoid issues make sure you configure Minikube with at least 4GB of RAM when you start your cluster. One thing to note if you do go with Minikube is that Strimzi requires a bit more RAM in your cluster than the default 2GB. During development I usually use Minikube, but any Kubernetes cluster will do just fine. In order to get started you will need a Kubernetes cluster to run Strimzi and kafka-acl-viewer. ![]() Strimzi leverages Kubernetes Custom Resources and the Operator pattern so that we can work with Kafka in the same declarative manner that we are used to with Kubernetes. We will set up a Kafka cluster on Kubernetes using Strimzi and deploy kafka-acl-viewer in order to visualize the ACLs as a graph. Using access control lists (ACLs) to limit access in a Kafka cluster is a great way to secure your data but it can quickly become difficult to overview who can access what. In this article, we describe an open source tool that makes it possible to visualize access control lists in Kafka to help you get an overview of how access in a Kafka cluster is configured.
0 Comments
Leave a Reply. |