apiVersion: v1 items: - apiVersion: kafka.strimzi.io/v1beta2 kind: Kafka metadata: name: my-cluster namespace: kafka spec: entityOperator: topicOperator: {} userOperator: {} kafka: authorization: #type: simple type: opa url: http://opa.default:8181/v1/data/policy/kafka/authz/allow allowOnError: false initialCacheCapacity: 1000 maximumCacheSize: 10000 expireAfterMs: 10 #60000 superUsers: - CN=henri - anwar - CN=wesley - CN=my-user config: default.replication.factor: 1 inter.broker.protocol.version: "3.2" min.insync.replicas: 1 offsets.topic.replication.factor: 1 transaction.state.log.min.isr: 1 transaction.state.log.replication.factor: 1 listeners: - name: plain port: 9092 tls: false type: internal - name: tls port: 9093 tls: true type: internal - name: external4 port: 9095 type: nodeport tls: false configuration: preferredNodePortAddressType: InternalDNS authentication: type: scram-sha-512 - name: plain2 port: 9096 tls: false type: internal authentication: type: scram-sha-512 - name: plain3 port: 9097 tls: false type: internal authentication: type: oauth checkIssuer: false checkAccessTokenType: true accessTokenIsJwt: true enableOauthBearer: true #jwksEndpointUri: http://keycloak.default:8080/auth/realms/opa/protocol/openid-connect/certs introspectionEndpointUri: http://keycloak.default:8080/auth/realms/opa/protocol/openid-connect/token/introspect clientId: opacli clientSecret: secretName: my-cluster-oauth key: clientSecret validIssuerUri: http://keycloak.default:8080/auth/realms/opa clientAudience: account customClaimCheck: "@.resource_access['opacli'].roles[0] == 'opa-client-role'" replicas: 1 storage: type: jbod volumes: - deleteClaim: false id: 0 size: 10Mi type: persistent-claim version: 3.2.3 zookeeper: replicas: 1 storage: deleteClaim: false size: 10Mi type: persistent-claim kind: List metadata: resourceVersion: "" selfLink: ""