I'm securing a Kafka cluster. I read and followed the Confluent Kafka Security Tutorial, and it works like a charm.
Now, I would like to add ACLs to the brokers in order to remove them from the super users list (super.users=User:kafkabroker).
What is the minimum set of ACLs needed by the brokers so they can communicate and operate properly?
Write/read for log location (where the messages are stored). That's all as far as I know in the basic setup. If the cluster is secured then you might want to take a look here https://www.confluent.io/blog/apache-kafka-security-authorization-authentication-encryption/