KafkaACL
Prerequisites¶
- A Kubernetes cluster with the operator installed using helm, kubectl or kind (for local development).
- A Kubernetes Secret with an Aiven authentication token.
Required permissions¶
To create and manage this resource, you must have the appropriate roles or permissions. See the Aiven documentation for details on managing permissions.
This resource uses the following API operations, and for each operation, any of the listed permissions is sufficient:
| Operation | Permissions |
|---|---|
| ServiceGet | project:services:read |
| ServiceKafkaAclAdd | service:data:write |
| ServiceKafkaAclDelete | service:data:write |
| ServiceKafkaAclList | service:data:write |
Usage example¶
Apply the resource with:
Verify the newly created KafkaACL:
The output is similar to the following:
Name Service Name Project Username Permission Topic
my-kafka-acl my-kafka my-aiven-project my-user admin my-topic
KafkaACL¶
KafkaACL is the Schema for the kafkaacls API.
Required
apiVersion(string). Valueaiven.io/v1alpha1.kind(string). ValueKafkaACL.metadata(object). Data that identifies the object, including anamestring and optionalnamespace.spec(object). KafkaACLSpec defines the desired state of KafkaACL. See below for nested schema.
spec¶
Appears on KafkaACL.
KafkaACLSpec defines the desired state of KafkaACL.
Required
permission(string, Enum:admin,read,readwrite,write). Kafka permission to grant (admin, read, readwrite, write).project(string, Immutable, Pattern:^[a-zA-Z0-9_-]+$, MaxLength: 63). Identifies the project this resource belongs to.serviceName(string, Immutable, Pattern:^[a-z][-a-z0-9]+$, MaxLength: 63). Specifies the name of the service that this resource belongs to.topic(string). Topic name pattern for the ACL entry.username(string). Username pattern for the ACL entry.
Optional
authSecretRef(object). Authentication reference to Aiven token in a secret. See below for nested schema.
authSecretRef¶
Appears on spec.
Authentication reference to Aiven token in a secret.
Required