forked from directcsd/kafka-docker-security-acls
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdocker-compose.yml
95 lines (86 loc) · 3.72 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
services:
zookeeper:
image: confluentinc/cp-zookeeper:latest
# ZooKeeper is designed to "fail-fast", so it is important to allow it to
# restart automatically.
restart: unless-stopped
hostname: zookeeper
container_name: zookeeper
ports:
- "2181:2181"
environment:
ZOOKEEPER_CLIENT_PORT: 2181
ZOOKEEPER_TICK_TIME: 2000
ZOO_SERVERS: server.1=zookeeper:2888:3888
KAFKA_OPTS: "-Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Djava.security.auth.login.config=/opt/security/zookeeper-server.jaas"
deploy:
resources:
limits:
memory: 2048M
volumes:
- ./security:/opt/security
kafka:
image: confluentinc/cp-server:latest
hostname: kafka
container_name: kafka
depends_on:
- zookeeper
ports:
- "9092:9092"
volumes:
- ./security:/opt/security
- ./client-properties:/home/appuser/client-properties
environment:
KAFKA_OPTS: "-Djava.security.auth.login.config=/opt/security/kafka-server.jaas"
KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
KAFKA_SUPER_USERS: "User:admin"
KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
KAFKA_ZOOKEEPER_CONNECT: "zookeeper:2181"
KAFKA_LOG4J_LOGGERS: "kafka.controller=INFO,kafka.producer.async.DefaultEventHandler=INFO,state.change.logger=INFO,kafka.authorizer.logger=INFO"
KAFKA_ZOOKEEPER_SET_ACL: "true"
KAFKA_BROKER_ID: 1
KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL:SASL_PLAINTEXT,EXTERNAL:SASL_PLAINTEXT
KAFKA_ADVERTISED_LISTENERS: INTERNAL://kafka:29092,EXTERNAL://${DOCKER_HOST_IP:-127.0.0.1}:9092
KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
KAFKA_SASL_ENABLED_MECHANISMS: PLAIN #, SASL, SCRAM-SHA-256 #, OAUTHBEARER
KAFKA_LISTENER_NAME_INTERNAL_SASL_ENABLED_MECHANISMS: PLAIN
# KAFKA_LISTENER_NAME_INTERNAL_PLAIN_SASL_JAAS_CONFIG: |
# org.apache.kafka.common.security.plain.PlainLoginModule required \
# username="admin" \
# password="admin-secret" \
# user_admin="admin-secret";
KAFKA_LISTENER_NAME_EXTERNAL_SASL_ENABLED_MECHANISMS: PLAIN
# KAFKA_LISTENER_NAME_EXTERNAL_PLAIN_SASL_JAAS_CONFIG: |
# org.apache.kafka.common.security.plain.PlainLoginModule required \
# username="admin" \
# password="admin-secret" \
# user_admin="admin-secret";
KAFKA_METRIC_REPORTERS: io.confluent.metrics.reporter.ConfluentMetricsReporter
# these came from the old docker/docker-compose.kafka.yml
KAFKA_AUTO_CREATE_TOPICS_ENABLE: "true"
KAFKA_DELETE_TOPIC_ENABLE: "true"
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 0
KAFKA_CONFLUENT_LICENSE_TOPIC_REPLICATION_FACTOR: 1
KAFKA_CONFLUENT_BALANCER_TOPIC_REPLICATION_FACTOR: 1
KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
KAFKA_JMX_PORT: 9101
KAFKA_JMX_HOSTNAME: localhost
CONFLUENT_METRICS_REPORTER_BOOTSTRAP_SERVERS: kafka:29092
CONFLUENT_METRICS_REPORTER_SASL_MECHANISM: PLAIN
CONFLUENT_METRICS_REPORTER_SECURITY_PROTOCOL: SASL_PLAINTEXT
# CONFLUENT_METRICS_REPORTER_SASL_JAAS_CONFIG: |
# org.apache.kafka.common.security.plain.PlainLoginModule required \
# username="admin" \
# password="admin-secret" \
# user_admin="admin-secret";
CONFLUENT_METRICS_REPORTER_TOPIC_REPLICAS: 1
CONFLUENT_METRICS_ENABLE: "true"
CONFLUENT_METRICS_REPORTER_TOPIC_RETENTION_MS: 86400000
CONFLUENT_SUPPORT_CUSTOMER_ID: "anonymous"
deploy:
resources:
limits:
memory: 2048M