forked from DataDog/kafka-kit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
95 lines (92 loc) · 3.21 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# Notes
# To run one instance of zk, kafka and the registry service:
# - $ docker-compose up [-d]
#
# To run the tests (one-off; does not require a previous docker-compose up):
# - $ docker-compose run --rm --name registry_test registry go test -v ./...
#
# To run 3 instances of kafka, and 1 instance of zk and the registry:
# - $ docker-compose up --scale kafka=3
#
# To query the registry:
# - $ curl -s $(docker-machine ip):8080/v1/topics/list | jq
# Note: by default, SSL is enabled. In order to test the registry
# over PLAINTEXT, update the following env vars to:
# REGISTRY_BOOTSTRAP_SERVERS: kafka:9092
# REGISTRY_KAFKA_SSL_ENABLED: "false"
version: "3"
services:
ssl_setup:
build:
context: .
dockerfile: Dockerfile.ssl_setup
volumes:
- "ssl-store:/etc/kafka/config"
zookeeper:
image: wurstmeister/zookeeper
ports:
- "2181:2181"
kafka:
image: wurstmeister/kafka:${KAFKA_VERSION:-2.12-2.2.2}
ports:
- "9092"
- "9093"
depends_on:
- ssl_setup
- zookeeper
environment:
KAFKA_LISTENERS: SASL_SSL://:9093
KAFKA_PORT: 9093
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_CREATE_TOPICS: "test1:1:3,test2:2:2"
KAFKA_BROKER_RACK: 1a
KAFKA_SECURITY_INTER_BROKER_PROTOCOL: "SASL_SSL"
KAFKA_SSL_KEYSTORE_LOCATION: "/etc/kafka/config/keystore.jks"
KAFKA_SSL_KEYSTORE_PASSWORD: "password"
KAFKA_SSL_KEYSTORE_TYPE: "JKS"
KAFKA_SSL_TRUSTSTORE_LOCATION: "/etc/kafka/config/truststore.jks"
KAFKA_SSL_TRUSTSTORE_PASSWORD: "password"
KAFKA_SSL_TRUSTSTORE_TYPE: "JKS"
KAFKA_SSL_KEY_PASSWORD: "password"
KAFKA_SSL_ENABLED_PROTOCOLS: "TLSv1.2"
KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: ""
KAFKA_SASL_ENABLED_MECHANISMS: "PLAIN"
KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: "PLAIN"
KAFKA_LISTENER_NAME_SASL_SSL_PLAIN_SASL_JAAS_CONFIG: "org.apache.kafka.common.security.plain.PlainLoginModule required \
username='admin' password='admin-secret' \
user_admin='admin-secret' \
user_registry='registry-secret';"
CUSTOM_INIT_SCRIPT: "sh -c \" \
sed -i 's/listener.name.sasl.ssl.plain.sasl.jaas.config/listener.name.sasl_ssl.plain.sasl.jaas.config/g' \
/opt/kafka/config/server.properties\""
# useful for SSL debugging
# LOG4J_LOGGER_KAFKA_AUTHORIZER_LOGGER: "DEBUG, authorizerAppender"
# KAFKA_OPTS: "-Djavax.net.debug=all"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- "ssl-store:/etc/kafka/config"
registry:
build:
context: .
dockerfile: Dockerfile.registry
ports:
- "8080:8080"
- "8090:8090"
depends_on:
- zookeeper
- kafka
environment:
TEST_ZK_ADDR: zookeeper:2181
REGISTRY_ZK_ADDR: zookeeper:2181
REGISTRY_BOOTSTRAP_SERVERS: kafka:9093
REGISTRY_HTTP_LISTEN: 0.0.0.0:8080
REGISTRY_GRPC_LISTEN: 0.0.0.0:8090
REGISTRY_KAFKA_SECURITY_PROTOCOL: SASL_SSL
REGISTRY_KAFKA_SSL_CA_LOCATION: "/etc/kafka/config/kafka-ca-crt.pem"
REGISTRY_KAFKA_SASL_MECHANISM: PLAIN
REGISTRY_KAFKA_SASL_USERNAME: registry
REGISTRY_KAFKA_SASL_PASSWORD: registry-secret
volumes:
- "ssl-store:/etc/kafka/config"
volumes:
ssl-store: