X-Git-Url: http://juplo.de/gitweb/?a=blobdiff_plain;f=docker%2Fdocker-compose.yml;h=f4a4e98134fb3eeaa3ffd0b30206c90ecabf5e4a;hb=dad7e004d54485c4cea94c2175a326668c297240;hp=bf9addde10ec46307397b71f42ee2f95b931d9c9;hpb=663a9aa3a9f3dc285ea78847813db8c5c3443cca;p=demos%2Fkafka%2Ftraining diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index bf9addd..f4a4e98 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -22,7 +22,9 @@ services: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3 KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false" KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer - KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true" + KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false" + KAFKA_SUPER_USERS: User:ANONYMOUS + KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO KAFKA_OPTS: -javaagent:/usr/share/java/cp-base-new/jmx_prometheus_javaagent-0.18.0.jar=0.0.0.0:80:/etc/jmx-exporter.yml -Dcom.sun.management.jmxremote=true @@ -30,16 +32,10 @@ services: -Dcom.sun.management.jmxremote.authenticate=false KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091 - KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_schemaregistry="schemaregistry-secret" \ - user_connect="connect-secret" \ - user_client="client-secret"; - KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_client="client-secret"; + KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_DOCKER_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; + KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_LOCALHOST_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; KAFKA_INTER_BROKER_LISTENER_NAME: BROKER KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 volumes: @@ -64,7 +60,9 @@ services: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3 KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false" KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer - KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true" + KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false" + KAFKA_SUPER_USERS: User:ANONYMOUS + KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO KAFKA_OPTS: -javaagent:/usr/share/java/cp-base-new/jmx_prometheus_javaagent-0.18.0.jar=0.0.0.0:80:/etc/jmx-exporter.yml -Dcom.sun.management.jmxremote=true @@ -72,16 +70,10 @@ services: -Dcom.sun.management.jmxremote.authenticate=false KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091 - KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_schemaregistry="schemaregistry-secret" \ - user_connect="connect-secret" \ - user_client="client-secret"; - KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_client="client-secret"; + KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_DOCKER_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; + KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_LOCALHOST_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; KAFKA_INTER_BROKER_LISTENER_NAME: BROKER KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 volumes: @@ -111,7 +103,9 @@ services: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3 KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false" KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer - KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true" + KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false" + KAFKA_SUPER_USERS: User:ANONYMOUS + KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO KAFKA_OPTS: -javaagent:/usr/share/java/cp-base-new/jmx_prometheus_javaagent-0.18.0.jar=0.0.0.0:80:/etc/jmx-exporter.yml -Dcom.sun.management.jmxremote=true @@ -119,16 +113,10 @@ services: -Dcom.sun.management.jmxremote.authenticate=false KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091 - KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_schemaregistry="schemaregistry-secret" \ - user_connect="connect-secret" \ - user_client="client-secret"; - KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_client="client-secret"; + KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_DOCKER_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; + KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_LOCALHOST_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; KAFKA_INTER_BROKER_LISTENER_NAME: BROKER KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 volumes: @@ -153,7 +141,9 @@ services: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3 KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false" KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer - KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true" + KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false" + KAFKA_SUPER_USERS: User:ANONYMOUS + KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO KAFKA_OPTS: -javaagent:/usr/share/java/cp-base-new/jmx_prometheus_javaagent-0.18.0.jar=0.0.0.0:80:/etc/jmx-exporter.yml -Dcom.sun.management.jmxremote=true @@ -161,16 +151,10 @@ services: -Dcom.sun.management.jmxremote.authenticate=false KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091 - KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_schemaregistry="schemaregistry-secret" \ - user_connect="connect-secret" \ - user_client="client-secret"; - KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN - KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: | - org.apache.kafka.common.security.plain.PlainLoginModule required \ - user_client="client-secret"; + KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_DOCKER_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; + KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512 + KAFKA_LISTENER_NAME_LOCALHOST_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required; KAFKA_INTER_BROKER_LISTENER_NAME: BROKER KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512 volumes: @@ -194,10 +178,16 @@ services: schema-registry: image: confluentinc/cp-schema-registry:7.5.1 environment: - SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: kafka-1:9091,kafka-2:9091,kafka-3:9091 + SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: kafka-1:9092,kafka-2:9092,kafka-3:9092 SCHEMA_REGISTRY_HOST_NAME: schema-registry SCHEMA_REGISTRY_LISTENERS: http://0.0.0.0:8085 SCHEMA_REGISTRY_LOG4J_ROOT_LOGLEVEL: INFO + SCHEMA_REGISTRY_KAFKASTORE_SECURITY_PROTOCOL: SASL_PLAINTEXT + SCHEMA_REGISTRY_KAFKASTORE_SASL_MECHANISM: SCRAM-SHA-512 + SCHEMA_REGISTRY_KAFKASTORE_SASL_JAAS_CONFIG: > + org.apache.kafka.common.security.scram.ScramLoginModule required + username="schemaregistry" + password="schemaregistry-secret"; ports: - 8085:8085 depends_on: @@ -208,7 +198,7 @@ services: connect: image: confluentinc/cp-kafka-connect:7.5.1 environment: - CONNECT_BOOTSTRAP_SERVERS: kafka-1:9091,kafka-2:9091,kafka-3:9091 + CONNECT_BOOTSTRAP_SERVERS: kafka-1:9092,kafka-2:9092,kafka-3:9092 CONNECT_REST_PORT: 8083 CONNECT_REST_LISTENERS: http://0.0.0.0:8083 CONNECT_REST_ADVERTISED_HOST_NAME: connect @@ -228,6 +218,29 @@ services: CONNECT_CONFIG_STORAGE_REPLICATION_FACTOR: 1 CONNECT_STATUS_STORAGE_REPLICATION_FACTOR: 1 CONNECT_PLUGIN_PATH: /usr/share/java/ + # Configure the Connect workers to use SASL/PLAIN. + CONNECT_SASL_MECHANISM: SCRAM-SHA-512 + CONNECT_SECURITY_PROTOCOL: SASL_PLAINTEXT + # JAAS + CONNECT_SASL_JAAS_CONFIG: > + org.apache.kafka.common.security.scram.ScramLoginModule required + username="connect" + password="connect-secret"; + # producer + CONNECT_PRODUCER_SASL_MECHANISM: SCRAM-SHA-512 + CONNECT_PRODUCER_SECURITY_PROTOCOL: SASL_PLAINTEXT + CONNECT_PRODUCER_SASL_JAAS_CONFIG: > + org.apache.kafka.common.security.scram.ScramLoginModule required + username="connect" + password="connect-secret"; + # consumer + CONNECT_CONSUMER_SASL_MECHANISM: SCRAM-SHA-512 + CONNECT_CONSUMER_SECURITY_PROTOCOL: SASL_PLAINTEXT + CONNECT_CONSUMER_SASL_JAAS_CONFIG: > + org.apache.kafka.common.security.scram.ScramLoginModule required + username="connect" + password="connect-secret"; + ports: - 8083:8083 depends_on: @@ -308,7 +321,10 @@ services: connections: docker-kafka-server: properties: - bootstrap.servers: "kafka:9091" + bootstrap.servers: "kafka:9092" + security.protocol: SASL_PLAINTEXT + sasl.mechanism: SCRAM-SHA-512 + sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="ui" password="ui-secret"; schema-registry: url: "http://schema-registry:8085" connect: @@ -320,26 +336,47 @@ services: - kafka-3 producer: - image: juplo/simple-producer:1.0-SNAPSHOT - command: kafka:9092 test producer + image: juplo/endless-stream-spring-producer:1.0-SNAPSHOT + environment: + producer.throttle-ms: 1 + spring.kafka.bootstrap-servers: kafka-1:9092, kafka-2:9092, kafka-3:9092 + spring.kafka.client-id: producer + spring.kafka.template.default-topic: test + spring.kafka.producer.properties.linger.ms: 100 + spring.kafka.jaas.enabled: "true" + spring.kafka.properties.security.protocol: SASL_PLAINTEXT + spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512 + spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="client" password="client-secret"; consumer-1: image: juplo/spring-consumer:1.0-SNAPSHOT environment: spring.kafka.bootstrap-servers: kafka-1:9092, kafka-2:9092, kafka-3:9092 spring.kafka.client-id: consumer-1 + spring.kafka.jaas.enabled: "true" + spring.kafka.properties.security.protocol: SASL_PLAINTEXT + spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512 + spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="client" password="client-secret"; consumer-2: image: juplo/spring-consumer:1.0-SNAPSHOT environment: spring.kafka.bootstrap-servers: kafka-1:9092, kafka-2:9092, kafka-3:9092 spring.kafka.client-id: consumer-1 + spring.kafka.jaas.enabled: "true" + spring.kafka.properties.security.protocol: SASL_PLAINTEXT + spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512 + spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="client" password="client-secret"; consumer-3: image: juplo/spring-consumer:1.0-SNAPSHOT environment: spring.kafka.bootstrap-servers: kafka-1:9092, kafka-2:9092, kafka-3:9092 spring.kafka.client-id: consumer-1 + spring.kafka.jaas.enabled: "true" + spring.kafka.properties.security.protocol: SASL_PLAINTEXT + spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512 + spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="client" password="client-secret"; volumes: zookeeper-data: