projects / demos / kafka / training / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Die Adressen DOCKER und LOCALHOST über ACLs abgesichert
[demos/kafka/training] / docker / docker-compose.yml
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index a3762f0..64ab239 100644 (file)
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -22,23 +22,21 @@ services:
       KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3
       KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false"
       KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
-      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true"
+      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
+      KAFKA_SUPER_USERS: User:ANONYMOUS
+      KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO
       KAFKA_OPTS:
         -javaagent:/usr/share/java/cp-base-new/jmx_prometheus_javaagent-0.18.0.jar=0.0.0.0:80:/etc/jmx-exporter.yml
         -Dcom.sun.management.jmxremote=true
         -Dcom.sun.management.jmxremote.port=9101
         -Dcom.sun.management.jmxremote.authenticate=false
       KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9092
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SECURITY_PROTOCOL: SASL_PLAINTEXT
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_MECHANISM: PLAIN
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_JAAS_CONFIG: org.apache.kafka.common.security.plain.PlainLoginModule required username="ccreporter" password="ccreporter-secret";
+      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091
       KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
         user_schemaregistry="schemaregistry-secret" \
         user_connect="connect-secret" \
-        user_ccreporter="ccreporter-secret" \
         user_ui="ui-secret" \
         user_client="client-secret";
       KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN
@@ -69,23 +67,21 @@ services:
       KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3
       KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false"
       KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
-      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true"
+      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
+      KAFKA_SUPER_USERS: User:ANONYMOUS
+      KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO
       KAFKA_OPTS:
         -javaagent:/usr/share/java/cp-base-new/jmx_prometheus_javaagent-0.18.0.jar=0.0.0.0:80:/etc/jmx-exporter.yml
         -Dcom.sun.management.jmxremote=true
         -Dcom.sun.management.jmxremote.port=9101
         -Dcom.sun.management.jmxremote.authenticate=false
       KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9092
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SECURITY_PROTOCOL: SASL_PLAINTEXT
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_MECHANISM: PLAIN
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_JAAS_CONFIG: org.apache.kafka.common.security.plain.PlainLoginModule required username="ccreporter" password="ccreporter-secret";
+      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091
       KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
         user_schemaregistry="schemaregistry-secret" \
         user_connect="connect-secret" \
-        user_ccreporter="ccreporter-secret" \
         user_ui="ui-secret" \
         user_client="client-secret";
       KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN
@@ -121,23 +117,21 @@ services:
       KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3
       KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false"
       KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
-      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true"
+      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
+      KAFKA_SUPER_USERS: User:ANONYMOUS
+      KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO
       KAFKA_OPTS:
         -javaagent:/usr/share/java/cp-base-new/jmx_prometheus_javaagent-0.18.0.jar=0.0.0.0:80:/etc/jmx-exporter.yml
         -Dcom.sun.management.jmxremote=true
         -Dcom.sun.management.jmxremote.port=9101
         -Dcom.sun.management.jmxremote.authenticate=false
       KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9092
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SECURITY_PROTOCOL: SASL_PLAINTEXT
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_MECHANISM: PLAIN
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_JAAS_CONFIG: org.apache.kafka.common.security.plain.PlainLoginModule required username="ccreporter" password="ccreporter-secret";
+      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091
       KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
         user_schemaregistry="schemaregistry-secret" \
         user_connect="connect-secret" \
-        user_ccreporter="ccreporter-secret" \
         user_ui="ui-secret" \
         user_client="client-secret";
       KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN
@@ -168,23 +162,21 @@ services:
       KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3
       KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false"
       KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
-      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true"
+      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
+      KAFKA_SUPER_USERS: User:ANONYMOUS
+      KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO
       KAFKA_OPTS:
         -javaagent:/usr/share/java/cp-base-new/jmx_prometheus_javaagent-0.18.0.jar=0.0.0.0:80:/etc/jmx-exporter.yml
         -Dcom.sun.management.jmxremote=true
         -Dcom.sun.management.jmxremote.port=9101
         -Dcom.sun.management.jmxremote.authenticate=false
       KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9092
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SECURITY_PROTOCOL: SASL_PLAINTEXT
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_MECHANISM: PLAIN
-      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_JAAS_CONFIG: org.apache.kafka.common.security.plain.PlainLoginModule required username="ccreporter" password="ccreporter-secret";
+      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091
       KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
         user_schemaregistry="schemaregistry-secret" \
         user_connect="connect-secret" \
-        user_ccreporter="ccreporter-secret" \
         user_ui="ui-secret" \
         user_client="client-secret";
       KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN
Unnamed repository; edit this file 'description' to name the repository.