banzaicloud/koperator

Implement access control to Kafka consumer groups

MilkyWay-core opened this issue · 0 comments

Problem Statement

In many large and fully managed systems are important to control access to the consumer groups. This simplifies the work for SRE and the information security department.

Proposed Solution

Extend the srd and implement the corresponding api call in kafka from the operator


              groupGrants:
                items:
                  description: ConsumerGroupGrant is the desired permissions for the KafkaUser
                  properties:
                    accessType:
                      description: KafkaAccessType hold info about Kafka ACL
                      enum:
                      - read
                      - write
                      type: string
                    patternType:
                      description: KafkaPatternType hold the Resource Pattern Type of kafka ACL
                      enum:
                      - literal                     
                      - match                     
                      - prefixed                     
                      - any                   
                      type: string
                    topicName:
                      type: string

Alternatives Considered

At the moment, we have to refuse to control access to consumer groups, or manage it manually, which is not possible in installations with dozens of clusters