Skip to content
This repository has been archived by the owner on Mar 17, 2024. It is now read-only.

List permissions required by Kafka Lag Exporter to run against a secured Kafka cluster #152

Merged
merged 1 commit into from
Sep 1, 2020
Merged

List permissions required by Kafka Lag Exporter to run against a secured Kafka cluster #152

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
- [Configuration](#configuration-1)
- [Running Docker Image](#running-docker-image)
- [Troubleshooting](#troubleshooting)
- [Required Permissions for Kafka ACL](#required-permissions-for-kafka-acl)
- [Estimate Consumer Group Time Lag](#estimate-consumer-group-time-lag)
- [Strimzi Kafka Cluster Watcher](#strimzi-kafka-cluster-watcher)
- [Monitoring with Grafana](#monitoring-with-grafana)
Expand Down Expand Up @@ -352,6 +353,28 @@ If installing with Helm then you can enable `DEBUG` logging with the `kafkaLogLe

When running in standalone mode you can either define assign the `KAFKA_LAG_EXPORTER_KAFKA_LOG_LEVEL` environment variable to `DEBUG`, or override the log level of `com.lightbend.kafkalagexporter` directly in the `logback.xml`.

## Required Permissions for Kafka ACL

Kafka Lag Exporter (`kafka-lag-exporter`) requires the `DESCRIBE` operation permission for consumer groups and topics at the cluster level.

```
ACLs for principal `User:kafka-lag-exporter`
Current ACLs for resource `Cluster:LITERAL:kafka-cluster`:
User:kafka-lag-exporter has Allow permission for operations: Describe from hosts: *

Current ACLs for resource `Group:LITERAL:*`:
User:kafka-lag-exporter has Allow permission for operations: Describe from hosts: *

Current ACLs for resource `Topic:LITERAL:*`:
User:kafka-lag-exporter has Allow permission for operations: Describe from hosts: *
```

This can be added using the following command:

```
kafka-acls --add --allow-principal "User:kafka-lag-exporter" --operation DESCRIBE --group '*' --topic '*' --cluster
```

## Estimate Consumer Group Time Lag

One of Kafka Lag Exporter’s more unique features is its ability to estimate the length of time that a consumer group is behind the last produced value for a particular partition, time lag (wait time). Offset lag is useful to indicate that the consumer group is lagging, but it doesn’t provide a sense of the actual latency of the consuming application.
Expand Down