13.2.19.6. superUsers

被视为超级用户的用户主体列表,以便始终允许他们而无需查询 open Policy Agent 策略。如需更多信息,请参阅 Kafka 授权

Open Policy Agent 授权器配置示例

apiVersion: kafka.strimzi.io/v1beta2
kind: Kafka
metadata:
  name: my-cluster
  namespace: myproject
spec:
  kafka:
    # ...
    authorization:
      type: opa
      url: http://opa:8181/v1/data/kafka/allow
      allowOnError: false
      initialCacheCapacity: 1000
      maximumCacheSize: 10000
      expireAfterMs: 60000
      superUsers:
        - CN=fred
        - sam
        - CN=edward
    # ...