To avoid providing this permission to your application, you can create the required internal topics manually. +
If the streams rebalance protocol is enabled by setting group.protocol=streams, the following ACLs are required on the topic and group resources:
| API PROTOCOL | +OPERATION | +Resource | +Notes | +
|---|---|---|---|
| STREAMS_GROUP_HEARTBEAT | +Read | +Group | +Required for the application's streams group | +
| STREAMS_GROUP_HEARTBEAT | +Create | +Cluster or Topic | +
+ Required only if auto-creating internal topics. + • Create on Cluster resource+ • or Create on all topics in StateChangelogTopics and RepartitionSourceTopics+ Not required if internal topics are pre-created + |
+
| STREAMS_GROUP_HEARTBEAT | +Describe | +Topic | +Required for all topics used in the application's topology, when first joining. | +
| STREAMS_GROUP_DESCRIBE | +Describe | +Group | +Required for the application's streams group | +
| STREAMS_GROUP_DESCRIBE | +Describe | +Topic | +Required for all topics used in the group's topology | +
As mentioned earlier, Kafka Streams applications need appropriate ACLs to create internal topics when running against a secured Kafka cluster. + To avoid providing this permission to your application, you can create the required internal topics manually. If the internal topics exist, Kafka Streams will not try to recreate them. Note, that the internal repartition and changelog topics must be created with the correct number of partitions—otherwise, Kafka Streams will fail on startup. The topics must be created with the same number of partitions as your input topic, or if there are multiple topics, the maximum number of partitions across all input topics. @@ -89,6 +147,7 @@ and KIP-290 for details).
+The purpose is to configure a Kafka Streams application to enable client authentication and encrypt data-in-transit when