Can I create user without creating/updating Secret?

[dilox]

Hi Strimzi! I am using this file to create KafkaUser, I would like to know if there is a way to say to the user-operator to not create/update the secret, since I manage it by the application.

apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaUser
metadata:
  name: username
  namespace: namespace
  labels:
    strimzi.io/cluster: kafka-external
spec:
  authentication:
    type: scram-sha-512
  authorization:
    type: simple
    acls:
      - resource:
          type: topic
          name: topic-name
          patternType: literal
        operation: All

[scholzj]

What do you mean with I manage it by the application? You can use something like this:

apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaUser
metadata:
  name: username
  namespace: namespace
  labels:
    strimzi.io/cluster: kafka-external
spec:
  authorization:
    type: simple
    acls:
      - resource:
          type: topic
          name: topic-name
          patternType: literal
        operation: All

Which will not create the password and only set the ACLs. But you cannot create the SCRAM-HA user manually with that, because the operator would delete it. If you want to manage your users manually, you can just disable the User Operator and not use it.

[dilox]

Hi scholz, thanks for super fast reply. My fault, I think I was confusing password and secrets... I only need to create secret and kafkauser with the same name

[scholzj]

By default the operator will always generate new random passwords. But you should be able to create the password first before the KafkaUser resource and then the operator will just reuse the password from the secret. Just first create one user regularly to check the structure of the ecret, labels etc. But I think the password is stored under the password key.

[nimmichele]

Sure, this is perfect.

[scholzj]

Great. I will close this issue than. If you have anything more, feel free to reopen it or open a new one. Thanks.