KafkaUser

kafka.strimzi.io / v1

apiVersion: kafka.strimzi.io/v1 kind: KafkaUser metadata: name: example

apiVersion string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata object

spec object required

The specification of the user.

authentication object

Authentication mechanism enabled for this Kafka user. The supported authentication mechanisms are `scram-sha-512`, `tls`, and `tls-external`. * `scram-sha-512` generates a secret with SASL SCRAM-SHA-512 credentials. * `tls` generates a secret with user certificate for mutual TLS authentication. * `tls-external` does not generate a user certificate. But prepares the user for using mutual TLS authentication using a user certificate generated outside the User Operator. ACLs and quotas set for this user are configured in the `CN=<username>` format. Authentication is optional. If authentication is not configured, no credentials are generated. ACLs and quotas set for the user are configured in the `<username>` format suitable for SASL authentication.

password object

Specify the password for the user. If not set, a new password is generated by the User Operator.

valueFrom object required

Secret from which the password should be read.

secretKeyRef object

Selects a key of a Secret in the resource's namespace.

key string

name string

optional boolean

type string required

Authentication type.

enum: tls, tls-external, scram-sha-512

authorization object

Authorization rules for this Kafka user.

acls []object required

List of ACL rules which should be applied to this user.

host string

The host from which the action described in the ACL rule is allowed or denied. If not set, it defaults to `*`, allowing or denying the action from any host.

operations []string required

List of operations to allow or deny. Supported operations are: Read, Write, Create, Delete, Alter, Describe, ClusterAction, AlterConfigs, DescribeConfigs, IdempotentWrite and All. Only certain operations work with the specified resource.

resource object required

Indicates the resource for which given ACL rule applies.

name string

Name of resource for which given ACL rule applies. Can be combined with `patternType` field to use prefix pattern.

patternType string

Describes the pattern used in the resource field. The supported types are `literal` and `prefix`. With `literal` pattern type, the resource field will be used as a definition of a full name. With `prefix` pattern type, the resource name will be used only as a prefix. Default value is `literal`.

enum: literal, prefix

type string required

Resource type. The available resource types are `topic`, `group`, `cluster`, and `transactionalId`.

enum: topic, group, cluster, transactionalId

type string

The type of the rule. ACL rules with type `allow` are used to allow user to execute the specified operations. ACL rules with type `deny` are used to deny user to execute the specified operations. Default value is `allow`.

enum: allow, deny

type string required

Authorization type. Currently the only supported type is `simple`. `simple` authorization type uses the Kafka Admin API for managing the ACL rules.

enum: simple

quotas object

Quotas on requests to control the broker resources used by clients. Network bandwidth and request rate quotas can be enforced. For more information, see the Apache Kafka design documentation about quotas.

consumerByteRate integer

A quota on the maximum bytes per-second that each client group can fetch from a broker before the clients in the group are throttled. Defined on a per-broker basis.

minimum: 0

controllerMutationRate number

A quota on the rate at which mutations are accepted for the create topics request, the create partitions request and the delete topics request. The rate is accumulated by the number of partitions created or deleted.

minimum: 0

producerByteRate integer

A quota on the maximum bytes per-second that each client group can publish to a broker before the clients in the group are throttled. Defined on a per-broker basis.

minimum: 0

requestPercentage integer

A quota on the maximum CPU utilization of each client group as a percentage of network and I/O threads.

minimum: 0

template object

Template to specify how Kafka User `Secrets` are generated.

secret object

Template for KafkaUser resources. The template allows users to specify how the `Secret` with password or TLS certificates is generated.

metadata object

Metadata applied to the resource.

annotations object

Annotations added to the Kubernetes resource.

labels object

Labels added to the Kubernetes resource.

status object

The status of the Kafka User.

conditions []object

List of status conditions.

lastTransitionTime string

Last time the condition of a type changed from one status to another. The required format is 'yyyy-MM-ddTHH:mm:ssZ', in the UTC time zone.

message string

Human-readable message indicating details about the condition's last transition.

reason string

The reason for the condition's last transition (a single word in CamelCase).

status string

The status of the condition, either True, False or Unknown.

type string

The unique identifier of a condition, used to distinguish between other conditions in the resource.

observedGeneration integer

The generation of the CRD that was last reconciled by the operator.

secret string

The name of `Secret` where the credentials are stored.

username string

Username.

No matches. Try .spec.authentication for an exact path