environment:
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_LISTENERS: BROKER://:9091, DOCKER://:9092, LOCALHOST://:9081
- KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:PLAINTEXT, DOCKER:PLAINTEXT, LOCALHOST:PLAINTEXT
+ KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:SASL_PLAINTEXT, DOCKER:SASL_PLAINTEXT, LOCALHOST:SASL_PLAINTEXT
KAFKA_ADVERTISED_LISTENERS: BROKER://kafka-1:9091, DOCKER://kafka-1:9092, LOCALHOST://localhost:9081
KAFKA_BROKER_ID: 1
KAFKA_INTER_BROKER_LISTENER_NAME: BROKER
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3
KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false"
- KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 1000
- KAFKA_LOG4J_LOGGERS: "org.apache.kafka.metadata.migration=TRACE"
+ KAFKA_SUPER_USERS: User:broker
+ KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
+ KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
+ KAFKA_LISTENER_NAME_BROKER_SASL_ENABLED_MECHANISMS: PLAIN
+ KAFKA_LISTENER_NAME_BROKER_PLAIN_SASL_JAAS_CONFIG: |
+ org.apache.kafka.common.security.plain.PlainLoginModule required \
+ user_broker="geheim" \
+ user_client="geheim" \
+ username="broker" \
+ password="geheim"; \
+ KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN
+ KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: |
+ org.apache.kafka.common.security.plain.PlainLoginModule required \
+ user_broker="geheim" \
+ user_client="geheim" \
+ username="broker" \
+ password="geheim"; \
+ KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN
+ KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: |
+ org.apache.kafka.common.security.plain.PlainLoginModule required \
+ user_broker="geheim" \
+ user_client="geheim" \
+ username="broker" \
+ password="geheim"; \
+ KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
+ KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
+ KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 10000
+ KAFKA_LOG4J_LOGGERS: org.apache.kafka.metadata.migration=TRACE, kafka.authorizer.logger=INFO
volumes:
- kafka-1-data:/var/lib/kafka/data
ports:
environment:
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_LISTENERS: BROKER://:9091, DOCKER://:9092, LOCALHOST://:9082
- KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:PLAINTEXT, DOCKER:PLAINTEXT, LOCALHOST:PLAINTEXT
+ KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:SASL_PLAINTEXT, DOCKER:SASL_PLAINTEXT, LOCALHOST:SASL_PLAINTEXT
KAFKA_ADVERTISED_LISTENERS: BROKER://kafka-2:9091, DOCKER://kafka-2:9092, LOCALHOST://localhost:9082
KAFKA_BROKER_ID: 2
KAFKA_INTER_BROKER_LISTENER_NAME: BROKER
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3
KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false"
+ KAFKA_SUPER_USERS: User:broker
+ KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
+ KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
+ KAFKA_LISTENER_NAME_BROKER_SASL_ENABLED_MECHANISMS: PLAIN
+ KAFKA_LISTENER_NAME_BROKER_PLAIN_SASL_JAAS_CONFIG: |
+ org.apache.kafka.common.security.plain.PlainLoginModule required \
+ user_broker="geheim" \
+ user_client="geheim" \
+ username="broker" \
+ password="geheim"; \
+ KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN
+ KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: |
+ org.apache.kafka.common.security.plain.PlainLoginModule required \
+ user_broker="geheim" \
+ user_client="geheim" \
+ username="broker" \
+ password="geheim"; \
+ KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN
+ KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: |
+ org.apache.kafka.common.security.plain.PlainLoginModule required \
+ user_broker="geheim" \
+ user_client="geheim" \
+ username="broker" \
+ password="geheim"; \
+ KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
+ KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 10000
- KAFKA_LOG4J_LOGGERS: "org.apache.kafka.metadata.migration=TRACE"
+ KAFKA_LOG4J_LOGGERS: org.apache.kafka.metadata.migration=TRACE, kafka.authorizer.logger=INFO
volumes:
- kafka-2-data:/var/lib/kafka/data
ports:
environment:
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_LISTENERS: BROKER://:9091, DOCKER://:9092, LOCALHOST://:9083
- KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:PLAINTEXT, DOCKER:PLAINTEXT, LOCALHOST:PLAINTEXT
+ KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:SASL_PLAINTEXT, DOCKER:SASL_PLAINTEXT, LOCALHOST:SASL_PLAINTEXT
KAFKA_ADVERTISED_LISTENERS: BROKER://kafka-3:9091, DOCKER://kafka-3:9092, LOCALHOST://localhost:9083
KAFKA_BROKER_ID: 3
KAFKA_INTER_BROKER_LISTENER_NAME: BROKER
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3
KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false"
+ KAFKA_SUPER_USERS: User:broker
+ KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
+ KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
+ KAFKA_LISTENER_NAME_BROKER_SASL_ENABLED_MECHANISMS: PLAIN
+ KAFKA_LISTENER_NAME_BROKER_PLAIN_SASL_JAAS_CONFIG: |
+ org.apache.kafka.common.security.plain.PlainLoginModule required \
+ user_broker="geheim" \
+ user_client="geheim" \
+ username="broker" \
+ password="geheim"; \
+ KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN
+ KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: |
+ org.apache.kafka.common.security.plain.PlainLoginModule required \
+ user_broker="geheim" \
+ user_client="geheim" \
+ username="broker" \
+ password="geheim"; \
+ KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN
+ KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: |
+ org.apache.kafka.common.security.plain.PlainLoginModule required \
+ user_broker="geheim" \
+ user_client="geheim" \
+ username="broker" \
+ password="geheim"; \
+ KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
+ KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 10000
- KAFKA_LOG4J_LOGGERS: "org.apache.kafka.metadata.migration=TRACE"
+ KAFKA_LOG4J_LOGGERS: org.apache.kafka.metadata.migration=TRACE, kafka.authorizer.logger=INFO
volumes:
- kafka-3-data:/var/lib/kafka/data
ports:
cli:
image: juplo/toolbox
command: sleep infinity
+ volumes:
+ - ./admin.properties:/mnt/admin.properties:ro
stop_grace_period: 0s
depends_on:
- kafka-1
setup:
image: juplo/toolbox
+ volumes:
+ - ./admin.properties:/mnt/admin.properties:ro
command:
- bash
- -c
- |
- cub kafka-ready -b kafka-1:9092,kafka-2:9092,kafka-3:9092 3 60 > /dev/null 2>&1 || exit 1
+ cub kafka-ready -c admin.properties -b kafka-1:9092,kafka-2:9092,kafka-3:9092 3 60
if [ -e INITIALIZED ]
then
echo -n Bereits konfiguriert:
cat INITIALIZED
- kafka-topics --bootstrap-server kafka:9092 --describe --topic test
+ kafka-topics --bootstrap-server kafka:9092 --command-config /mnt/admin.properties --describe --topic test
else
kafka-topics --bootstrap-server kafka:9092 \
+ --command-config /mnt/admin.properties \
--delete \
--if-exists \
--topic test
kafka-topics --bootstrap-server kafka:9092 \
+ --command-config /mnt/admin.properties \
--create \
--topic test \
--partitions 2 \
--replication-factor 3 \
--config min.insync.replicas=2 \
&& echo Das Topic \'test\' wurde erfolgreich angelegt: \
- && kafka-topics --bootstrap-server kafka:9092 --describe --topic test \
+ && kafka-topics --bootstrap-server kafka:9092 --command-config /mnt/admin.properties --describe --topic test \
&& date > INITIALIZED
fi
stop_grace_period: 0s
environment:
spring.kafka.bootstrap-servers: kafka-1:9092,kafka-2:9092,kafka-3:9092
spring.kafka.client-id: producer
+ spring.kafka.jaas.enabled: "true"
+ spring.kafka.properties.security.protocol: SASL_PLAINTEXT
+ spring.kafka.properties.sasl.mechanism: PLAIN
+ spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim";
juplo.producer.topic: test
consumer:
environment:
spring.kafka.bootstrap-servers: kafka-1:9092,kafka-2:9092,kafka-3:9092
spring.kafka.client-id: consumer
+ spring.kafka.jaas.enabled: "true"
+ spring.kafka.properties.security.protocol: SASL_PLAINTEXT
+ spring.kafka.properties.sasl.mechanism: PLAIN
+ spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim";
spring.kafka.consumer.auto-offset-reset: earliest
logging.level.org.apache.kafka.clients.consumer: INFO
juplo.consumer.topic: test
environment:
spring.kafka.bootstrap-servers: kafka-1:9092,kafka-2:9092,kafka-3:9092
spring.kafka.client-id: peter
+ spring.kafka.jaas.enabled: "true"
+ spring.kafka.properties.security.protocol: SASL_PLAINTEXT
+ spring.kafka.properties.sasl.mechanism: PLAIN
+ spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim";
spring.kafka.consumer.auto-offset-reset: earliest
logging.level.org.apache.kafka.clients.consumer: INFO
juplo.consumer.topic: test
environment:
spring.kafka.bootstrap-servers: kafka-1:9092,kafka-2:9092,kafka-3:9092
spring.kafka.client-id: ute
+ spring.kafka.jaas.enabled: "true"
+ spring.kafka.properties.security.protocol: SASL_PLAINTEXT
+ spring.kafka.properties.sasl.mechanism: PLAIN
+ spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim";
spring.kafka.consumer.auto-offset-reset: earliest
logging.level.org.apache.kafka.clients.consumer: INFO
juplo.consumer.topic: test