步骤1注册表运营商部署
helm install ssr lsstsqre/strimzi-registry-operator \
--namespace strimzi-registry-operator \
--set clusterNamespace="kafka" \
--set clusterName="cluster1"
步骤2。部署kafkatopic
部署架构注册表将用作其主要存储的Kafkatopic。apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaTopic
metadata:
name: registry-schemas
namespace: kafka
labels:
strimzi.io/cluster: cluster1
spec:
partitions: 1
replicas: 3
config:
# http://kafka.apache.org/doc umentation/#topicconfigs
cleanup.policy: compact
步骤3。部署kafkauser
为图式注册表部署Kafkauser,以赋予模式注册表足够的权限:
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
name: confluent-schema-registry
namespace: kafka
labels:
strimzi.io/cluster: cluster1
spec:
authentication:
type: tls
authorization:
# Official docs on authorizations required for the Schema Registry:
# https://docs.confluent.io/current/schema-registry/security/index.html#authorizing-access-to-the-schemas-topic
type: simple
acls:
# Allow all operations on the registry-schemas topic
# Read, Write, and DescribeConfigs are known to be required
- resource:
type: topic
name: registry-schemas
patternType: literal
operation: All
type: allow
# Allow all operations on the schema-registry* group
- resource:
type: group
name: schema-registry
patternType: prefix
operation: All
type: allow
# Allow Describe on the __consumer_offsets topic
- resource:
type: topic
name: __consumer_offsets
patternType: literal
operation: Describe
type: allow
步骤4。部署strimzischemaregistry
apiVersion: roundtable.lsst.codes/v1beta1
kind: StrimziSchemaRegistry
metadata:
name: confluent-schema-registry
namespace: strimzi-registry-operator
spec:
strimziVersion: v1beta2
listener: tls
securityProtocol: tls
compatibilityLevel: forward
registryImage: confluentinc/cp-schema-registry
registryImageTag: "7.2.1"
执行我在命名空间中执行所有这些步骤后StrimziRegistry-Operator
shivam:~ $ kubectl get all -n strimzi-registry-operator
NAME READY STATUS RESTARTS AGE
pod/strimzi-registry-operator-59dcb64c6d-q5ffx 1/1 Running 0 54m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/strimzi-registry-operator 1/1 1 1 18h
NAME DESIRED CURRENT READY AGE
replicaset.apps/strimzi-registry-operator-59dcb64c6d 1 1 1 18h
shivam:~ $ kubectl get StrimziSchemaRegistry -n strimzi-registry-operator
NAME AGE
confluent-schema-registry 83m
添加到strimzi registry-operator中
shivam:~ $ kubectl get clusterrole strimzi-registry-operator -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
meta.helm.sh/release-name: ssr
meta.helm.sh/release-namespace: strimzi-registry-operator
creationTimestamp: "2025-03-16T16:45:19Z"
labels:
app.kubernetes.io/managed-by: Helm
name: strimzi-registry-operator
resourceVersion: "362494337"
uid: 39554036-ed33-463f-bc18-d8e7abc915e3
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- list
- get
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- roundtable.lsst.codes
resources:
- strimzischemaregistries
verbs:
- get
- list
- watch
- patch
- apiGroups:
- ""
resources:
- secrets
- configmaps
- services
verbs:
- get
- list
- watch
- patch
- create
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list
- watch
- patch
- create
- apiGroups:
- kafka.strimzi.io
resources:
- kafkausers
- kafkas
verbs:
- list
- get
问题
为什么strimzi注册操作员不创建模式注册表的部署? 注册表在哪里? contrimzi Registry-operator的集群是否包括为Strimzischemaregistries创建权限吗?
目前,它具有获取,列表,观看,补丁,但没有创建。遵守上述步骤,牢记这些要点:
values.yaml:
------------
# -- Name of the Strimzi Kafka cluster
clusterName: "cluster1"
# -- Namespace where the Strimzi Kafka cluster is deployed
clusterNamespace: "kafka"
# -- Namespace where the strimzi-registry-operator is deployed
operatorNamespace: "kafka"
apiVersion: roundtable.lsst.codes/v1beta1
kind: StrimziSchemaRegistry
metadata:
name: confluent-schema-registry
namespace: strimzi-registry-operator
spec:
strimziVersion: v1beta2
listener: tls
securityProtocol: SSL
compatibilityLevel: forward
registryImage: confluentinc/cp-schema-registry
registryImageTag: "7.7.2"