MINOR: improve security docs for Kafka Streams#4532
Conversation
|
Call for review @bbejeck @miguno @joel-hamill |
| <code class="docutils literal"><span class="pre">--cluster</span> <span class="pre">--operation</span> <span class="pre">Create</span></code> set so that the application has the permissions to create | ||
| <a class="reference internal" href="manage-topics.html#streams-developer-guide-topics-internal"><span class="std std-ref">internal topics</span></a>.</p> | ||
| <p>If you don't want to provide this permission to your application you can create the required internal topics manually. | ||
| If the expected internal topics exist, Kafka Streams will not try to re-create but used them right away. |
There was a problem hiding this comment.
nit: Kafka Streams will not try to re-create but used them right away. -> Kafka Streams will not try to re-create them, but use them right away.
|
one minor comment, otherwise LGTM. |
|
Updated. Note, |
| <p>When applications are run against a secured Kafka cluster, the principal running the application must have the ACL | ||
| <code class="docutils literal"><span class="pre">--cluster</span> <span class="pre">--operation</span> <span class="pre">Create</span></code> set so that the application has the permissions to create | ||
| <a class="reference internal" href="manage-topics.html#streams-developer-guide-topics-internal"><span class="std std-ref">internal topics</span></a>.</p> | ||
| <p>If you don't want to provide this permission to your application you can create the required internal topics manually. |
There was a problem hiding this comment.
suggest: To avoid providing this permission to your application, you can create the required internal topics manually. If the internal topics exist, Kafka Streams will not try to recreate them.
| <a class="reference internal" href="manage-topics.html#streams-developer-guide-topics-internal"><span class="std std-ref">internal topics</span></a>.</p> | ||
| <p>If you don't want to provide this permission to your application you can create the required internal topics manually. | ||
| If the expected internal topics exist, Kafka Streams will not try to re-create them, but use them right away. | ||
| Note, that the internal repartition and changelog topics must be created with the correct number of partitions—otherwise, Kafka Streams will fail on startup. |
There was a problem hiding this comment.
suggest: Note, that the internal repartition and changelog topics must be created with the correct number of partitions—otherwise, Kafka Streams will fail on startup.
| <p>If you don't want to provide this permission to your application you can create the required internal topics manually. | ||
| If the expected internal topics exist, Kafka Streams will not try to re-create them, but use them right away. | ||
| Note, that the internal repartition and changelog topics must be created with the correct number of partitions—otherwise, Kafka Streams will fail on startup. | ||
| As a rule of thumb, the topics need to be created with the same number of partitions as your input topic (or max number of partitions over all input topics if there are multiple). |
There was a problem hiding this comment.
suggest: The topics must be created with the same number of partitions as your input topic, or if there are multiple topics, the maximum number of partitions across all input topics.
| As a rule of thumb, the topics need to be created with the same number of partitions as your input topic (or max number of partitions over all input topics if there are multiple). | ||
| Additionally, changelog topics <emph>must</emph> be created with log compaction enabled—otherwise, your application might lose data. | ||
| You can learn about the names of the required internal topics via <code>Topology#describe()</code>. | ||
| All internal topics follow the naming pattern <code><application.id>-<operatorName>-<suffix></code> with <code>suffix</code> is either <code>repartition</code> or <code>changelog</code>. |
There was a problem hiding this comment.
suggest: All internal topics follow the naming pattern <code><application.id>-<operatorName>-<suffix></code> where the <code>suffix</code> is either <code>repartition</code> or <code>changelog</code>.
| Note, that the internal repartition and changelog topics must be created with the correct number of partitions—otherwise, Kafka Streams will fail on startup. | ||
| As a rule of thumb, the topics need to be created with the same number of partitions as your input topic (or max number of partitions over all input topics if there are multiple). | ||
| Additionally, changelog topics <emph>must</emph> be created with log compaction enabled—otherwise, your application might lose data. | ||
| You can learn about the names of the required internal topics via <code>Topology#describe()</code>. |
There was a problem hiding this comment.
suggest: You can find out more about the names...
|
I assume the corresponding changes will also be made to the CP docs? |
|
@joel-hamill Yes. Tracked as internal ticket KSTREAMS-1295 assigned to you. |
Author: Matthias J. Sax <matthias@confluent.io> Reviewers: Bill Bejeck <bill@confluent.io>, Joel Hamill <joel@confluent.io>, Guozhang Wang <guozhang@confluent.io>
Author: Matthias J. Sax <matthias@confluent.io> Reviewers: Bill Bejeck <bill@confluent.io>, Joel Hamill <joel@confluent.io>, Guozhang Wang <guozhang@confluent.io>
|
Merged to |
4 participants
No description provided.