X-Git-Url: http://juplo.de/gitweb/?a=blobdiff_plain;f=docker%2Fdocker-compose.yml;h=f4a4e98134fb3eeaa3ffd0b30206c90ecabf5e4a;hb=9e40d480716c71977b2ce81a010f9450c67fc238;hp=a3762f0d1e13604cb8f2e9a69bd7b1c2982dc100;hpb=730dd2b5b540f25e360cb0b252be14a85f138127;p=demos%2Fkafka%2Ftraining diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index a3762f0..f4a4e98 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -22,29 +22,20 @@ services: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3 KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false" KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer - KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true" + KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false" + KAFKA_SUPER_USERS: User:ANONYMOUS + KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO KAFKA_OPTS: -javaagent:/usr/share/java/cp-base-new/jmx_prometheus_javaagent-0.18.0.jar=0.0.0.0:80:/etc/jmx-exporter.yml -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=9101 -Dcom.sun.management.jmxremote.authenticate=false KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9092 - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SECURITY_PROTOCOL: SASL_PLAINTEXT - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_MECHANISM: PLAIN - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_JAAS_CONFIG: org.apache.kafka.common.security.plain.PlainLoginModule required username="ccreporter" password="ccreporter-secret"; - KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_schemaregistry="schemaregistry-secret" \ - user_connect="connect-secret" \ - user_ccreporter="ccreporter-secret" \ - user_ui="ui-secret" \ - user_client="client-secret"; - KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_client="client-secret"; + KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091 + KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_DOCKER_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; + KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_LOCALHOST_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; KAFKA_INTER_BROKER_LISTENER_NAME: BROKER KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 volumes: @@ -69,29 +60,20 @@ services: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3 KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false" KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer - KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true" + KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false" + KAFKA_SUPER_USERS: User:ANONYMOUS + KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO KAFKA_OPTS: -javaagent:/usr/share/java/cp-base-new/jmx_prometheus_javaagent-0.18.0.jar=0.0.0.0:80:/etc/jmx-exporter.yml -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=9101 -Dcom.sun.management.jmxremote.authenticate=false KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9092 - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SECURITY_PROTOCOL: SASL_PLAINTEXT - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_MECHANISM: PLAIN - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_JAAS_CONFIG: org.apache.kafka.common.security.plain.PlainLoginModule required username="ccreporter" password="ccreporter-secret"; - KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_schemaregistry="schemaregistry-secret" \ - user_connect="connect-secret" \ - user_ccreporter="ccreporter-secret" \ - user_ui="ui-secret" \ - user_client="client-secret"; - KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_client="client-secret"; + KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091 + KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_DOCKER_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; + KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_LOCALHOST_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; KAFKA_INTER_BROKER_LISTENER_NAME: BROKER KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 volumes: @@ -121,29 +103,20 @@ services: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3 KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false" KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer - KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true" + KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false" + KAFKA_SUPER_USERS: User:ANONYMOUS + KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO KAFKA_OPTS: -javaagent:/usr/share/java/cp-base-new/jmx_prometheus_javaagent-0.18.0.jar=0.0.0.0:80:/etc/jmx-exporter.yml -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=9101 -Dcom.sun.management.jmxremote.authenticate=false KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9092 - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SECURITY_PROTOCOL: SASL_PLAINTEXT - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_MECHANISM: PLAIN - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_JAAS_CONFIG: org.apache.kafka.common.security.plain.PlainLoginModule required username="ccreporter" password="ccreporter-secret"; - KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_schemaregistry="schemaregistry-secret" \ - user_connect="connect-secret" \ - user_ccreporter="ccreporter-secret" \ - user_ui="ui-secret" \ - user_client="client-secret"; - KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_client="client-secret"; + KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091 + KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_DOCKER_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; + KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_LOCALHOST_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; KAFKA_INTER_BROKER_LISTENER_NAME: BROKER KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 volumes: @@ -168,29 +141,20 @@ services: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3 KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false" KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer - KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true" + KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false" + KAFKA_SUPER_USERS: User:ANONYMOUS + KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO KAFKA_OPTS: -javaagent:/usr/share/java/cp-base-new/jmx_prometheus_javaagent-0.18.0.jar=0.0.0.0:80:/etc/jmx-exporter.yml -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=9101 -Dcom.sun.management.jmxremote.authenticate=false KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9092 - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SECURITY_PROTOCOL: SASL_PLAINTEXT - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_MECHANISM: PLAIN - KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_JAAS_CONFIG: org.apache.kafka.common.security.plain.PlainLoginModule required username="ccreporter" password="ccreporter-secret"; - KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_schemaregistry="schemaregistry-secret" \ - user_connect="connect-secret" \ - user_ccreporter="ccreporter-secret" \ - user_ui="ui-secret" \ - user_client="client-secret"; - KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_client="client-secret"; + KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091 + KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_DOCKER_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; + KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_LOCALHOST_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; KAFKA_INTER_BROKER_LISTENER_NAME: BROKER KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 volumes: @@ -219,10 +183,9 @@ services: SCHEMA_REGISTRY_LISTENERS: http://0.0.0.0:8085 SCHEMA_REGISTRY_LOG4J_ROOT_LOGLEVEL: INFO SCHEMA_REGISTRY_KAFKASTORE_SECURITY_PROTOCOL: SASL_PLAINTEXT - SCHEMA_REGISTRY_KAFKASTORE_SASL_MECHANISM: PLAIN + SCHEMA_REGISTRY_KAFKASTORE_SASL_MECHANISM: SCRAM-SHA-512 SCHEMA_REGISTRY_KAFKASTORE_SASL_JAAS_CONFIG: > - org.apache.kafka.common.security.plain.PlainLoginModule - required + org.apache.kafka.common.security.scram.ScramLoginModule required username="schemaregistry" password="schemaregistry-secret"; ports: @@ -256,25 +219,25 @@ services: CONNECT_STATUS_STORAGE_REPLICATION_FACTOR: 1 CONNECT_PLUGIN_PATH: /usr/share/java/ # Configure the Connect workers to use SASL/PLAIN. - CONNECT_SASL_MECHANISM: PLAIN + CONNECT_SASL_MECHANISM: SCRAM-SHA-512 CONNECT_SECURITY_PROTOCOL: SASL_PLAINTEXT # JAAS CONNECT_SASL_JAAS_CONFIG: > - org.apache.kafka.common.security.plain.PlainLoginModule required + org.apache.kafka.common.security.scram.ScramLoginModule required username="connect" password="connect-secret"; # producer - CONNECT_PRODUCER_SASL_MECHANISM: PLAIN + CONNECT_PRODUCER_SASL_MECHANISM: SCRAM-SHA-512 CONNECT_PRODUCER_SECURITY_PROTOCOL: SASL_PLAINTEXT CONNECT_PRODUCER_SASL_JAAS_CONFIG: > - org.apache.kafka.common.security.plain.PlainLoginModule required + org.apache.kafka.common.security.scram.ScramLoginModule required username="connect" password="connect-secret"; # consumer - CONNECT_CONSUMER_SASL_MECHANISM: PLAIN + CONNECT_CONSUMER_SASL_MECHANISM: SCRAM-SHA-512 CONNECT_CONSUMER_SECURITY_PROTOCOL: SASL_PLAINTEXT CONNECT_CONSUMER_SASL_JAAS_CONFIG: > - org.apache.kafka.common.security.plain.PlainLoginModule required + org.apache.kafka.common.security.scram.ScramLoginModule required username="connect" password="connect-secret"; @@ -360,8 +323,8 @@ services: properties: bootstrap.servers: "kafka:9092" security.protocol: SASL_PLAINTEXT - sasl.mechanism: PLAIN - sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="ui" password="ui-secret"; + sasl.mechanism: SCRAM-SHA-512 + sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="ui" password="ui-secret"; schema-registry: url: "http://schema-registry:8085" connect: @@ -382,8 +345,8 @@ services: spring.kafka.producer.properties.linger.ms: 100 spring.kafka.jaas.enabled: "true" spring.kafka.properties.security.protocol: SASL_PLAINTEXT - spring.kafka.properties.sasl.mechanism: PLAIN - spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="client-secret"; + spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512 + spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="client" password="client-secret"; consumer-1: image: juplo/spring-consumer:1.0-SNAPSHOT @@ -392,8 +355,8 @@ services: spring.kafka.client-id: consumer-1 spring.kafka.jaas.enabled: "true" spring.kafka.properties.security.protocol: SASL_PLAINTEXT - spring.kafka.properties.sasl.mechanism: PLAIN - spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="client-secret"; + spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512 + spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="client" password="client-secret"; consumer-2: image: juplo/spring-consumer:1.0-SNAPSHOT @@ -402,8 +365,8 @@ services: spring.kafka.client-id: consumer-1 spring.kafka.jaas.enabled: "true" spring.kafka.properties.security.protocol: SASL_PLAINTEXT - spring.kafka.properties.sasl.mechanism: PLAIN - spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="client-secret"; + spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512 + spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="client" password="client-secret"; consumer-3: image: juplo/spring-consumer:1.0-SNAPSHOT @@ -412,8 +375,8 @@ services: spring.kafka.client-id: consumer-1 spring.kafka.jaas.enabled: "true" spring.kafka.properties.security.protocol: SASL_PLAINTEXT - spring.kafka.properties.sasl.mechanism: PLAIN - spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="client-secret"; + spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512 + spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="client" password="client-secret"; volumes: zookeeper-data: