/
docker-compose.yml
61 lines (59 loc) 路 2.53 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
---
version: '3.5'
services:
zookeeper:
image: confluentinc/cp-zookeeper:7.3.2
container_name: zookeeper-sasl-scram-sha-512-tls
ports:
- "2189:2189"
environment:
ZOOKEEPER_SERVER_ID: 1
ZOOKEEPER_CLIENT_PORT: 2189
ZOOKEEPER_TICK_TIME: 2000
ZOOKEEPER_LOG4J_ROOT_LOGLEVEL: "DEBUG"
KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/zookeeper_server_jaas.conf
-Dquorum.auth.enableSasl=true
-Dquorum.auth.learnerRequireSasl=true
-Dquorum.auth.serverRequireSasl=true
-Dquorum.cnxn.threads.size=20
-Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
-Dzookeeper.authProvider.2=org.apache.zookeeper.server.auth.DigestAuthenticationProvider
-DjaasLoginRenew=3600000
-DrequireClientAuthScheme=sasl
-Dquorum.auth.learner.loginContext=QuorumLearner
-Dquorum.auth.server.loginContext=QuorumServer
volumes:
- ./zookeeper_server_jaas.conf:/etc/kafka/secrets/zookeeper_server_jaas.conf
- ./zookeeper_client_jaas.conf:/etc/kafka/secrets/zookeeper_client_jaas.conf
kafka-broker:
image: confluentinc/cp-kafka:7.3.2
container_name: kafka-broker-scram-sha-512-tls
ports:
- "9099:9099"
- "29099:29099"
depends_on:
- zookeeper
environment:
KAFKA_BROKER_ID: 1
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2189
KAFKA_LISTENERS: SASL_SSL://0.0.0.0:9099, PLAINTEXT://0.0.0.0:290929
KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
KAFKA_ADVERTISED_LISTENERS: SASL_SSL://localhost:9099, PLAINTEXT://localhost:29099
KAFKA_SSL_ENABLED_PROTOCOLS: TLSv1.2,TLSv1.1,TLSv1
KAFKA_SSL_KEYSTORE_FILENAME: server.keystore.jks
KAFKA_SSL_KEYSTORE_CREDENTIALS: ssl_keystore_credentials
KAFKA_SSL_KEY_CREDENTIALS: ssl_key_credentials
KAFKA_SASL_ENABLED_MECHANISMS: SCRAM-SHA-256
KAFKA_AUTO_CREATE_TOPICS_ENABLE: "true"
KAFKA_OFFSETS_RETENTION_MINUTES: 172800
KAFKA_LOG4J_LOGGERS: "kafka.authorizer.logger=DEBUG,kafka.controller=DEBUG"
KAFKA_LOG4J_ROOT_LOGLEVEL: "DEBUG"
KAFKA_SUPER_USERS: User:kafkabroker;User:kafkaclient
KAFKA_ZOOKEEPER_SASL_ENABLED: "true"
KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
KAFKA_OPTS: -Dzookeeper.sasl.client=true
-Dzookeeper.sasl.clientconfig=Client
-Djava.security.auth.login.config=/etc/kafka/secrets/conf/kafka_server_jaas.conf
volumes:
- ./ssl:/etc/kafka/secrets
- ./broker_jaas.conf:/etc/kafka/secrets/conf/kafka_server_jaas.conf