Implement access control to Kafka consumer groups
MilkyWay-core opened this issue · 0 comments
MilkyWay-core commented
Problem Statement
In many large and fully managed systems are important to control access to the consumer groups. This simplifies the work for SRE and the information security department.
Proposed Solution
Extend the srd and implement the corresponding api call in kafka from the operator
groupGrants:
items:
description: ConsumerGroupGrant is the desired permissions for the KafkaUser
properties:
accessType:
description: KafkaAccessType hold info about Kafka ACL
enum:
- read
- write
type: string
patternType:
description: KafkaPatternType hold the Resource Pattern Type of kafka ACL
enum:
- literal
- match
- prefixed
- any
type: string
topicName:
type: string
Alternatives Considered
At the moment, we have to refuse to control access to consumer groups, or manage it manually, which is not possible in installations with dozens of clusters