0

I have a Kafka cluster running with Zookeeper, Confluent Schema registry and Kafka security manager(KSM). KSM, https://github.com/conduktor/kafka-security-manager, is software makes it easy to manager Kafka ACL with a csv file instead of using the command line tool.

The confluent schema registry let us store Avro schema for Kafka. It is currently open and I need to secured it. I want to give every user the READ or GET permission only. I am currently using kubernetes to deploy all the tools.

How can I do that with KSM? Where can I find examples?

Thank you

CMPE
  • 1,853
  • 4
  • 21
  • 37

1 Answers1

0

Kafka ACLs don't apply to the Schema Registry, they would apply to the underlying _schemas topic, which you'd setup in the Registry's configuration

The API itself can be secured using TLS and HTTP Authentication

https://docs.confluent.io/platform/current/schema-registry/security/index.html

give every user the READ or GET permission only.

I don't think you can lock down HTTP method level access to specific users, you'll likely need a proxy for this, but also without POST, there's no way to register topics...

OneCricketeer
  • 179,855
  • 19
  • 132
  • 245