Closed dilox closed 4 years ago
What do you mean with I manage it by the application? You can use something like this:
apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaUser
metadata:
name: username
namespace: namespace
labels:
strimzi.io/cluster: kafka-external
spec:
authorization:
type: simple
acls:
- resource:
type: topic
name: topic-name
patternType: literal
operation: All
Which will not create the password and only set the ACLs. But you cannot create the SCRAM-HA user manually with that, because the operator would delete it. If you want to manage your users manually, you can just disable the User Operator and not use it.
Hi scholz, thanks for super fast reply. My fault, I think I was confusing password and secrets... I only need to create secret and kafkauser with the same name
By default the operator will always generate new random passwords. But you should be able to create the password first before the KafkaUser resource and then the operator will just reuse the password from the secret. Just first create one user regularly to check the structure of the ecret, labels etc. But I think the password is stored under the password
key.
Sure, this is perfect.
Great. I will close this issue than. If you have anything more, feel free to reopen it or open a new one. Thanks.
Hi Strimzi! I am using this file to create KafkaUser, I would like to know if there is a way to say to the user-operator to not create/update the secret, since I manage it by the application.