-
Notifications
You must be signed in to change notification settings - Fork 55
/
docker-compose-auth.yml
68 lines (61 loc) · 2.86 KB
/
docker-compose-auth.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# By default, this docker-compose setup uses Kafka 2.7.0. This version can
# be overwritten by setting the KAFKA_IMAGE_TAG environment variable.
#
# See https://hub.docker.com/r/bitnami/kafka/tags for the complete list.
#
# This config sets up a simple, single-node cluster that's equipped to use SSL/TLS and/or SASL.
# It exposes access on four separate ports:
#
# 1. 9092: plaintext, no SASL
# 2. 9093: SSL, no SASL
# 3. 9094: SASL over plaintext
# 4. 9095: SASL over SSL
#
# See examples/auth for the associated cluster configs and certs.
version: '3'
services:
zookeeper:
container_name: zookeeper
hostname: zookeeper
image: bitnami/zookeeper:latest
ports:
- "2181:2181"
environment:
ALLOW_ANONYMOUS_LOGIN: yes
kafka:
container_name: kafka
hostname: kafka
image: bitnami/kafka:${KAFKA_IMAGE_TAG:-2.7.0}
depends_on:
- zookeeper
restart: on-failure:3
ports:
- 9092:9092
- 9093:9093
- 9094:9094
- 9095:9095
environment:
KAFKA_CFG_BROKER_ID: 1
KAFKA_CFG_BROKER_RACK: zone1
KAFKA_CFG_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_CFG_MESSAGE_MAX_BYTES: 200000000
KAFKA_CFG_LISTENERS: "PLAINTEXT://:9092,SSL://:9093,SASL_PLAINTEXT://:9094,SASL_SSL://:9095"
KAFKA_CFG_ADVERTISED_LISTENERS: "PLAINTEXT://localhost:9092,SSL://localhost:9093,SASL_PLAINTEXT://localhost:9094,SASL_SSL://localhost:9095"
KAFKA_CFG_SASL_ENABLED_MECHANISMS: "PLAIN,SCRAM-SHA-256,SCRAM-SHA-512"
KAFKA_CFG_AUTHORIZER_CLASS_NAME: "kafka.security.auth.SimpleAclAuthorizer"
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true"
KAFKA_CFG_SSL_KEYSTORE_LOCATION: /opt/bitnami/kafka/config/certs/kafka.truststore.jks
KAFKA_CFG_SSL_KEYSTORE_PASSWORD: test123
KAFKA_CFG_SSL_TRUSTSTORE_LOCATION: /opt/bitnami/kafka/config/certs/kafka.truststore.jks
KAFKA_CFG_SSL_TRUSTSTORE_PASSWORD: test123
KAFKA_CFG_SSL_CLIENT_AUTH: none
KAFKA_CFG_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: ""
KAFKA_OPTS: "-Djava.security.auth.login.config=/opt/bitnami/kafka/config/kafka_jaas.conf"
ALLOW_PLAINTEXT_LISTENER: "yes"
entrypoint:
- "/bin/bash"
- "-c"
- echo -e 'KafkaServer {\norg.apache.kafka.common.security.scram.ScramLoginModule required\n username="adminscram"\n password="admin-secret";\n org.apache.kafka.common.security.plain.PlainLoginModule required\n username="adminplain"\n password="admin-secret"\n user_adminplain="admin-secret";\n };' > /opt/bitnami/kafka/config/kafka_jaas.conf; /opt/bitnami/kafka/bin/kafka-configs.sh --zookeeper zookeeper:2181 --alter --add-config "SCRAM-SHA-256=[password=admin-secret-256],SCRAM-SHA-512=[password=admin-secret-512]" --entity-type users --entity-name adminscram; exec /entrypoint.sh /run.sh
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./examples/auth/certs:/opt/bitnami/kafka/config/certs