Learn about encryption and authentication in Cruise Control.
You can find the security settings for Cruise Control at.
Keytabs are generated when using Kerberos. You need to provide the trust store file location and the trust store password.
You can enable TLS/SSL for the Cruise Control web server using the
webserver.ssl.enable property. You must provide the TLS/SSL configuration
settings of the Kafka broker to the keystore. For more information about the security settings
for Kafka, see the Kafka documentation.
There are two authentication methods for Cruise Control Spengo and Trusted Proxy. Spengo uses Kerberos over HTTP. Trusted Proxy uses Knox through a gateway mechanism where Knox authenticates with Cruise Control over Spengo and forwards the real user ID.
- Admin role: has access to all endpoints
- User role: has access to all the GET endpoints except
- Viewer role: has access to the most lightweight