KafkaSchemaRegistryACL

Prerequisites¶

A Kubernetes cluster with the operator installed using helm, kubectl or kind (for local development).
A Kubernetes Secret with an Aiven authentication token.

Required permissions¶

To create and manage this resource, you must have the appropriate roles or permissions. See the Aiven documentation for details on managing permissions.

This resource uses the following API operations, and for each operation, any of the listed permissions is sufficient:

Operation	Permissions
ServiceGet	`project:services:read`
ServiceSchemaRegistryAclAdd	`service:data:write`
ServiceSchemaRegistryAclDelete	`service:data:write`
ServiceSchemaRegistryAclList	`service:data:write`

Usage example¶

apiVersion: aiven.io/v1alpha1
kind: KafkaSchemaRegistryACL
metadata:
  name: my-kafka-schema-registry-acl
spec:
  authSecretRef:
    name: aiven-token
    key: token

  project: aiven-project-name
  serviceName: my-kafka
  resource: Subject:my-topic
  username: my-user
  permission: schema_registry_read

Apply the resource with:

kubectl apply -f example.yaml

Verify the newly created KafkaSchemaRegistryACL:

kubectl get kafkaschemaregistryacls my-kafka-schema-registry-acl

The output is similar to the following:

Name                            Project               Service Name    Resource            Username    State      
my-kafka-schema-registry-acl    aiven-project-name    my-kafka        Subject:my-topic    my-user     RUNNING

KafkaSchemaRegistryACL¶

KafkaSchemaRegistryACL is the Schema for the kafkaschemaregistryacls API.

Required

apiVersion (string). Value aiven.io/v1alpha1.
kind (string). Value KafkaSchemaRegistryACL.
metadata (object). Data that identifies the object, including a name string and optional namespace.
spec (object). KafkaSchemaRegistryACLSpec defines the desired state of KafkaSchemaRegistryACL. See below for nested schema.

spec¶

Appears on KafkaSchemaRegistryACL.

KafkaSchemaRegistryACLSpec defines the desired state of KafkaSchemaRegistryACL.

Required

permission (string, Enum: schema_registry_read, schema_registry_write, Immutable).
project (string, Immutable, Pattern: ^[a-zA-Z0-9_-]+$, MaxLength: 63). Identifies the project this resource belongs to.
resource (string, Immutable, MaxLength: 249). Resource name pattern for the Schema Registry ACL entry.
serviceName (string, Immutable, Pattern: ^[a-z][-a-z0-9]+$, MaxLength: 63). Specifies the name of the service that this resource belongs to.
username (string, Immutable, MaxLength: 64). Username pattern for the ACL entry.

Optional

authSecretRef (object). Authentication reference to Aiven token in a secret. See below for nested schema.

authSecretRef¶

Appears on spec.

Authentication reference to Aiven token in a secret.

Required

key (string, MinLength: 1).
name (string, MinLength: 1).