Creating a user

If you have a project, you can create an Apache Kafka® user in it.

Using the CLIUsing the CLI

1. If the project does not exist yet, create it: kubectl create namespace <project name>.

2. Create a file of the KafkaUserAccess resource, e.g., using the touch kafkauseraccess.yaml command.

3. Open the file and paste the configuration below into it. Create a secret along with the user:

   Admin

   Consumer

   Producer

   apiVersion: kafka.stackland.yandex.cloud/v1alpha1
   kind: KafkaUserAccess
   metadata:
     name: kafka-user
     labels:
       kafka-cluster: cluster-omdb
   spec:
     authentication:
       username: kafka-admin
       passwordSecretRef:
         name: kafka-credentials
         key: password
     acl:
       - topic: "*"
         roles:
           - admin
   ---
   apiVersion: v1
   kind: Secret
   metadata:
     name: kafka-credentials
   type: kubernetes.io/basic-auth
   stringData:
       password: kafka-password
   ---
   

   apiVersion: kafka.stackland.yandex.cloud/v1alpha1
   kind: KafkaUserAccess
   metadata:
     name: kafka-user-consumer
     labels:
       kafka-cluster: cluster-omdb
   spec:
     authentication:
       username: kafka-consumer
       passwordSecretRef:
         name: kafka-credentials
         key: password
     acl:
       - topic: someTopic
         roles:
           - consumer
   ---
   apiVersion: v1
   kind: Secret
   metadata:
     name: kafka-credentials
   type: kubernetes.io/basic-auth
   stringData:
       password: kafka-password
   ---
   

   apiVersion: kafka.stackland.yandex.cloud/v1alpha1
   kind: KafkaUserAccess
   metadata:
     name: kafka-user-producer
     labels:
       kafka-cluster: cluster-omdb
   spec:
     authentication:
       username: kafka-producer
       passwordSecretRef:
         name: kafka-credentials
         key: password
     acl:
       - topic: someTopic
         roles:
           - producer
   ---
   apiVersion: v1
   kind: Secret
   metadata:
     name: kafka-credentials
   type: kubernetes.io/basic-auth
   stringData:
       password: kafka-password
   ---
   

4. Apply the manifest: kubectl apply -f kafkauseraccess.yaml -n <project name>. Optionally, you can specify the project name in the metadata.namespace resource property and skip it in the command.

Using the management consoleUsing the management console

1. If you have not opened a project yet, select one.
2. In the left-hand menu, select Kafka Clusters.
3. Select a cluster.
4. Go to the Users tab.
5. Click Create user.
6. Enter the username and password.
7. Click Use pattern below the topic selection.
8. To select all topics, enter "*".
9. Choose the role.
10. Click Create.