Closed tombentley closed 6 years ago
Some further points to consider / keep in mind:
- The weak security model should be taken into consideration
ZK has per-znode ACLs. Or did you mean some other security aspect?
Well, the ACLs set up by Kafka are AFAIK only about write access, right? So everyone has read access. We either need to address this or use the multi-tenant ZK only in cases where it doesn't matter, such as:
The cluster controller currently deploys both Kafka and Zookeeper from single ConfigMap. In order to make ZK multitenant, we would need to split the ConfigMap into two - one for Kafka and one for Zookeeper and add a "link" to the zookeeper node to the Kafka config map.
This idea has been abandoned as there is currently no need for it. I will close it and we can raise a new one later if needed.
It may be possible for a single ZK ensemble to support multiple Kafka clusters. To know whether that would be worthwhile we need a better understanding of: