SASL-Authorisierung von PLAIN auf SCRAM-SHA-512 umgestellt

[demos/kafka/training] / docker / docker-compose.yml

version: '3.2'
services:
  zookeeper:
    image: confluentinc/cp-zookeeper:7.5.1
    environment:
      ZOOKEEPER_CLIENT_PORT: 2181
    ports:
      - 2181:2181
    volumes:
      - zookeeper-data:/var/lib/zookeeper/data
      - zookeeper-log:/var/lib/zookeeper/log

  kafka-1:
    image: juplo/kafka
    environment:
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_LISTENERS: BROKER://:9091, DOCKER://:9092, LOCALHOST://:9081
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:PLAINTEXT, DOCKER:SASL_PLAINTEXT, LOCALHOST:SASL_PLAINTEXT
      KAFKA_ADVERTISED_LISTENERS: BROKER://kafka-1:9091, DOCKER://kafka-1:9092, LOCALHOST://localhost:9081
      KAFKA_BROKER_ID: 1
      KAFKA_INTER_BROKER_LISTENER_NAME: BROKER
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3
      KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false"
      KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
      KAFKA_SUPER_USERS: User:ANONYMOUS
      KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO
      KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter
      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091
      KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512
      KAFKA_LISTENER_NAME_DOCKER_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required;
      KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512
      KAFKA_LISTENER_NAME_LOCALHOST_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required;
      KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
    volumes:
      - kafka-1-data:/var/lib/kafka/data
    ports:
      - 9081:9081
    stop_grace_period: 120s
    depends_on:
      - zookeeper

  kafka-2:
    image: juplo/kafka
    environment:
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_LISTENERS: BROKER://:9091, DOCKER://:9092, LOCALHOST://:9082
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:PLAINTEXT, DOCKER:SASL_PLAINTEXT, LOCALHOST:SASL_PLAINTEXT
      KAFKA_ADVERTISED_LISTENERS: BROKER://kafka-2:9091, DOCKER://kafka-2:9092, LOCALHOST://localhost:9082
      KAFKA_BROKER_ID: 2
      KAFKA_INTER_BROKER_LISTENER_NAME: BROKER
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3
      KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false"
      KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
      KAFKA_SUPER_USERS: User:ANONYMOUS
      KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO
      KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter
      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091
      KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512
      KAFKA_LISTENER_NAME_DOCKER_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required;
      KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512
      KAFKA_LISTENER_NAME_LOCALHOST_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required;
      KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
    volumes:
      - kafka-2-data:/var/lib/kafka/data
    ports:
      - 9092:9082
      - 9082:9082
    networks:
      default:
        aliases:
          - kafka
    stop_grace_period: 120s
    depends_on:
      - zookeeper

  kafka-3:
    image: juplo/kafka
    environment:
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_LISTENERS: BROKER://:9091, DOCKER://:9092, LOCALHOST://:9083
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:PLAINTEXT, DOCKER:SASL_PLAINTEXT, LOCALHOST:SASL_PLAINTEXT
      KAFKA_ADVERTISED_LISTENERS: BROKER://kafka-3:9091, DOCKER://kafka-3:9092, LOCALHOST://localhost:9083
      KAFKA_BROKER_ID: 3
      KAFKA_INTER_BROKER_LISTENER_NAME: BROKER
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3
      KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false"
      KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
      KAFKA_SUPER_USERS: User:ANONYMOUS
      KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO
      KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter
      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091
      KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512
      KAFKA_LISTENER_NAME_DOCKER_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required;
      KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512
      KAFKA_LISTENER_NAME_LOCALHOST_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required;
      KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
    volumes:
      - kafka-3-data:/var/lib/kafka/data
    ports:
      - 9083:9083
    stop_grace_period: 120s
    depends_on:
      - zookeeper

  kafka-4:
    image: juplo/kafka
    environment:
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_LISTENERS: BROKER://:9091, DOCKER://:9092, LOCALHOST://:9084
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: BROKER:PLAINTEXT, DOCKER:SASL_PLAINTEXT, LOCALHOST:SASL_PLAINTEXT
      KAFKA_ADVERTISED_LISTENERS: BROKER://kafka-4:9091, DOCKER://kafka-4:9092, LOCALHOST://localhost:9084
      KAFKA_BROKER_ID: 4
      KAFKA_INTER_BROKER_LISTENER_NAME: BROKER
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3
      KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false"
      KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
      KAFKA_SUPER_USERS: User:ANONYMOUS
      KAFKA_LOG4J_LOGGERS: kafka.authorizer.logger=INFO
      KAFKA_METRIC_REPORTERS: com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter
      KAFKA_CRUISE_CONTROL_METRICS_REPORTER_BOOTSTRAP_SERVERS: localhost:9091
      KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512
      KAFKA_LISTENER_NAME_DOCKER_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required;
      KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512
      KAFKA_LISTENER_NAME_LOCALHOST_SCRAM-SHA-512_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required;
      KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
    volumes:
      - kafka-4-data:/var/lib/kafka/data
    ports:
      - 9084:9084
    stop_grace_period: 120s
    depends_on:
      - zookeeper

  cruise-control:
    image: juplo/cruise-control
    environment:
      BOOTSTRAP_SERVERS: kafka-1:9091,kafka-2:9091,kafka-3:9091
      ZOOKEEPER_CONNECT: zookeeper:2181/
    ports:
      - "9090:9090"

  schema-registry:
    image: confluentinc/cp-schema-registry:7.5.1
    environment:
      SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: kafka-1:9092,kafka-2:9092,kafka-3:9092
      SCHEMA_REGISTRY_HOST_NAME: schema-registry
      SCHEMA_REGISTRY_LISTENERS: http://0.0.0.0:8085
      SCHEMA_REGISTRY_LOG4J_ROOT_LOGLEVEL: INFO
      SCHEMA_REGISTRY_KAFKASTORE_SECURITY_PROTOCOL: SASL_PLAINTEXT
      SCHEMA_REGISTRY_KAFKASTORE_SASL_MECHANISM: SCRAM-SHA-512
      SCHEMA_REGISTRY_KAFKASTORE_SASL_JAAS_CONFIG: >
        org.apache.kafka.common.security.scram.ScramLoginModule required
        username="schemaregistry"
        password="schemaregistry-secret";
    ports:
      - 8085:8085
    depends_on:
      - kafka-1
      - kafka-2
      - kafka-3

  connect:
    image: confluentinc/cp-kafka-connect:7.5.1
    environment:
      CONNECT_BOOTSTRAP_SERVERS: kafka-1:9092,kafka-2:9092,kafka-3:9092
      CONNECT_REST_PORT: 8083
      CONNECT_REST_LISTENERS: http://0.0.0.0:8083
      CONNECT_REST_ADVERTISED_HOST_NAME: connect
      CONNECT_CONFIG_STORAGE_TOPIC: __connect-config
      CONNECT_OFFSET_STORAGE_TOPIC: __connect-offsets
      CONNECT_STATUS_STORAGE_TOPIC: __connect-status
      CONNECT_GROUP_ID: kafka-connect
      CONNECT_KEY_CONVERTER_SCHEMAS_ENABLE: "true"
      CONNECT_KEY_CONVERTER: io.confluent.connect.avro.AvroConverter
      CONNECT_KEY_CONVERTER_SCHEMA_REGISTRY_URL: http://schema-registry:8085
      CONNECT_VALUE_CONVERTER_SCHEMAS_ENABLE: "true"
      CONNECT_VALUE_CONVERTER: io.confluent.connect.avro.AvroConverter
      CONNECT_VALUE_CONVERTER_SCHEMA_REGISTRY_URL: http://schema-registry:8085
      CONNECT_INTERNAL_KEY_CONVERTER: org.apache.kafka.connect.json.JsonConverter
      CONNECT_INTERNAL_VALUE_CONVERTER: org.apache.kafka.connect.json.JsonConverter
      CONNECT_OFFSET_STORAGE_REPLICATION_FACTOR: 1
      CONNECT_CONFIG_STORAGE_REPLICATION_FACTOR: 1
      CONNECT_STATUS_STORAGE_REPLICATION_FACTOR: 1
      CONNECT_PLUGIN_PATH: /usr/share/java/
      # Configure the Connect workers to use SASL/PLAIN.
      CONNECT_SASL_MECHANISM: SCRAM-SHA-512
      CONNECT_SECURITY_PROTOCOL: SASL_PLAINTEXT
      # JAAS
      CONNECT_SASL_JAAS_CONFIG: >
        org.apache.kafka.common.security.scram.ScramLoginModule required
        username="connect"
        password="connect-secret";
      # producer
      CONNECT_PRODUCER_SASL_MECHANISM: SCRAM-SHA-512
      CONNECT_PRODUCER_SECURITY_PROTOCOL: SASL_PLAINTEXT
      CONNECT_PRODUCER_SASL_JAAS_CONFIG: >
        org.apache.kafka.common.security.scram.ScramLoginModule required
        username="connect"
        password="connect-secret";
      # consumer
      CONNECT_CONSUMER_SASL_MECHANISM: SCRAM-SHA-512
      CONNECT_CONSUMER_SECURITY_PROTOCOL: SASL_PLAINTEXT
      CONNECT_CONSUMER_SASL_JAAS_CONFIG: >
        org.apache.kafka.common.security.scram.ScramLoginModule required
        username="connect"
        password="connect-secret";

    ports:
      - 8083:8083
    depends_on:
      - schema-registry

  cli:
    image: juplo/toolbox
    command: sleep infinity
    stop_grace_period: 0s
    depends_on:
      - kafka-1
      - kafka-2
      - kafka-3

  setup:
    image: juplo/toolbox
    command:
      - bash
      - -c
      - |
        cub kafka-ready -b kafka-1:9091,kafka-2:9091,kafka-3:9091 3 60 > /dev/null 2>&1 || exit 1
        if [ -e INITIALIZED ]
        then
          echo -n Bereits konfiguriert: 
          cat INITIALIZED
          kafka-topics --bootstrap-server kafka:9091 --describe --topic test
          kafka-topics --bootstrap-server kafka:9091 --describe --topic __CruiseControlMetrics
        else
          kafka-topics --bootstrap-server kafka:9091 \
                       --delete \
                       --if-exists \
                       --topic test
          kafka-topics --bootstrap-server kafka:9091 \
                       --create \
                       --topic test \
                       --partitions 2 \
                       --replication-factor 3 \
                       --config min.insync.replicas=2 \
          && echo Das Topic \'test\' wurde erfolgreich angelegt: \
          && kafka-topics --bootstrap-server kafka:9091 --describe --topic test
          kafka-topics --bootstrap-server kafka:9091 \
                       --delete \
                       --if-exists \
                       --topic __CruiseControlMetrics
          kafka-topics --bootstrap-server kafka:9091 \
                       --create \
                       --topic __CruiseControlMetrics \
                       --partitions 2 \
                       --replication-factor 3 \
                       --config min.insync.replicas=2 \
          && echo Das Topic \'__CruiseControlMetrics\' wurde erfolgreich angelegt: \
          && kafka-topics --bootstrap-server kafka:9091 --describe --topic __CruiseControlMetrics
        fi \
        && date > INITIALIZED
    stop_grace_period: 0s
    depends_on:
      - cli

  zoonavigator:
    image: elkozmon/zoonavigator:1.1.2
    ports:
      - "8000:80"
    environment:
      HTTP_PORT: 80
      CONNECTION_JUPLO_NAME: juplo
      CONNECTION_JUPLO_CONN: zookeeper:2181
      AUTO_CONNECT_CONNECTION_ID: JUPLO
    depends_on:
      - zookeeper

  akhq:
    image: tchiotludo/akhq:0.23.0
    ports:
      - 8888:8080
    environment:
      AKHQ_CONFIGURATION: |
        akhq:
          connections:
            docker-kafka-server:
              properties:
                bootstrap.servers: "kafka:9092"
                security.protocol: SASL_PLAINTEXT
                sasl.mechanism: SCRAM-SHA-512
                sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="ui" password="ui-secret";
              schema-registry:
                url: "http://schema-registry:8085"
              connect:
                - name: "connect"
                  url: "http://connect:8083"
    depends_on:
      - kafka-1
      - kafka-2
      - kafka-3

  producer:
    image: juplo/endless-stream-spring-producer:1.0-SNAPSHOT
    environment:
      producer.throttle-ms: 1
      spring.kafka.bootstrap-servers: kafka-1:9092, kafka-2:9092, kafka-3:9092
      spring.kafka.client-id: producer
      spring.kafka.template.default-topic: test
      spring.kafka.producer.properties.linger.ms: 100
      spring.kafka.jaas.enabled: "true"
      spring.kafka.properties.security.protocol: SASL_PLAINTEXT
      spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="client" password="client-secret";

  consumer-1:
    image: juplo/spring-consumer:1.0-SNAPSHOT
    environment:
      spring.kafka.bootstrap-servers: kafka-1:9092, kafka-2:9092, kafka-3:9092
      spring.kafka.client-id: consumer-1
      spring.kafka.jaas.enabled: "true"
      spring.kafka.properties.security.protocol: SASL_PLAINTEXT
      spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="client" password="client-secret";

  consumer-2:
    image: juplo/spring-consumer:1.0-SNAPSHOT
    environment:
      spring.kafka.bootstrap-servers: kafka-1:9092, kafka-2:9092, kafka-3:9092
      spring.kafka.client-id: consumer-2
      spring.kafka.jaas.enabled: "true"
      spring.kafka.properties.security.protocol: SASL_PLAINTEXT
      spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="client" password="client-secret";

  consumer-3:
    image: juplo/spring-consumer:1.0-SNAPSHOT
    environment:
      spring.kafka.bootstrap-servers: kafka-1:9092, kafka-2:9092, kafka-3:9092
      spring.kafka.client-id: consumer-3
      spring.kafka.jaas.enabled: "true"
      spring.kafka.properties.security.protocol: SASL_PLAINTEXT
      spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="client" password="client-secret";

volumes:
  zookeeper-data:
  zookeeper-log:
  kafka-1-data:
  kafka-2-data:
  kafka-3-data:
  kafka-4-data: