Strimzi
-
|
Sorry posted with the wrong account, so this is a repost I saw in the release notes that v1 versions of the CRDs had been rolled out now. In the release notes, it states that in the authentication and authorization fields apiVersion: kafka.strimzi.io/v1beta2
kind: Kafka
metadata:
name: kafka
spec:
kafka:
resources:
requests:
memory: 2Gi
cpu: 1
limits:
memory: 4Gi
listeners:
- name: plain
port: 9092
type: internal
tls: false
authentication:
type: oauth
clientId: kafka
clientSecret:
key: secret
secretName: broker-oauth-secret
validIssuerUri: http://keycloak.keycloak.svc.cluster.local:8080/realms/integration_platform
jwksEndpointUri: http://keycloak.keycloak.svc.cluster.local:8080/realms/integration_platform/protocol/openid-connect/certs
userNameClaim: preferred_username
enableMetrics: false
authorization:
type: keycloak
clientId: kafka
superUsers:
- "User:kafka"
tokenEndpointUri: http://keycloak.keycloak.svc.cluster.local:8080/realms/integration_platform/protocol/openid-connect/token
enableMetrics: falseIn the docs for manual changes that has to be made on the Kafka resource it says to replace oauth with custom and instead mount the secrets using the authentication:
type: object
properties:
listenerConfig:
x-kubernetes-preserve-unknown-fields: true
type: object
sasl:
type: boolean
type:
type: string
enum:
- tls
- scram-sha-512
- customIt no longer contains properties like clientId, validIssuerUri, etc. either so I assume these should be moved somewhere else as well? In the oauth section of the documentation it still uses |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Documenation has been updated since I asked this question, so I will mark this as anaswered 😄 |
Beta Was this translation helpful? Give feedback.
Documenation has been updated since I asked this question, so I will mark this as anaswered 😄