« Protecting your Kafka resources using Strimzi OAuth »
11:10 - 12:00
JUDCon Conference [Amphi 139]

Strimzi is a Kubernetes operator for running Kafka clusters on Kubernetes. It contains a sub-project Strimzi Kafka OAuth that takes advantage of Kafka's pluggable design to provide OAuth 2.0 token-based authentication support. It also brings a token-based authorization alternative to default ACL implementation that comes with Kafka by using Keycloak Authorization Services. This way we don't have to create special users and permissions policies in each of our Kafka clusters. Rather, we create them in our central identity server where all the other users are managed. Kafka brokers use our extensions to make authentication and authorization decisions based on OAuth tokens. We'll thoroughly explain how OAuth 2 token-based authentication and authorization work, and how to configure Kafka brokers and clients. We'll also show how to configure Keycloak Authorization Services in order to manage not only users, but user's permissions centrally.