-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose-ssl-single.yml
90 lines (86 loc) · 3.5 KB
/
docker-compose-ssl-single.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
---
## Single Broker NO Public IP
version: '2'
services:
zookeeper:
image: confluentinc/cp-zookeeper:6.2.0
container_name: zookeeper
hostname: zookeeper.local
restart: always
ports:
- "2181:2181"
environment:
ZOOKEEPER_SERVER_ID: 1
ZOOKEEPER_CLIENT_PORT: 2181
ZOOKEEPER_TICK_TIME: 2000
volumes:
- ./zookeeper/zk-data:/var/lib/zookeeper/data
- ./zookeeper/zk-txn-logs:/var/lib/zookeeper/log
broker1:
image: confluentinc/cp-kafka:6.2.0
container_name: broker1
hostname: broker1.local
restart: always
ports:
- "29092:29092"
- "9092:9092"
- "9102:9102" # JMX Ready
depends_on:
- zookeeper
environment:
KAFKA_BROKER_ID: 1
KAFKA_ZOOKEEPER_CONNECT: 'zookeeper.local:2181'
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: SSL:SSL,SSL_HOST:SSL
KAFKA_ADVERTISED_LISTENERS: 'SSL://broker1.local:29092,SSL_HOST://localhost:9092'
KAFKA_LISTENERS: 'SSL://broker1.local:29092,SSL_HOST://broker1.local:9092'
KAFKA_SSL_KEYSTORE_FILENAME: broker1.keystore.jks
KAFKA_SSL_KEYSTORE_CREDENTIALS: cert_creds
KAFKA_SSL_KEY_CREDENTIALS: cert_creds
KAFKA_SSL_TRUSTSTORE_FILENAME: broker1.truststore.jks
KAFKA_SSL_TRUSTSTORE_CREDENTIALS: cert_creds
KAFKA_SSL_CLIENT_AUTH: 'required'
KAFKA_SECURITY_PROTOCOL: SSL
KAFKA_SECURITY_INTER_BROKER_PROTOCOL: SSL
KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'false'
KAFKA_CONFLUENT_SCHEMA_REGISTRY_URL: 'https://schema-registry.local:8181'
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 100
KAFKA_LOG_RETENTION_BYTES: 314572800
KAFKA_LOG_RETENTION_MS: 86400000 # 1 day
KAFKA_LOG_SEGMENT_BYTES: 31457280
volumes:
- ./broker1/kafka-data:/var/lib/kafka/data
- ./secrets:/etc/kafka/secrets
schema-registry:
image: confluentinc/cp-schema-registry:6.2.0
container_name: schema-registry
hostname: schema-registry.local
depends_on:
- zookeeper
- broker1
restart: always
ports:
- "8181:8181"
environment:
SCHEMA_REGISTRY_HOST_NAME: schema-registry.local
SCHEMA_REGISTRY_LISTENERS: 'https://0.0.0.0:8181'
SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL: 'zookeeper.local:2181'
SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: 'SSL://broker1.local:29092'
SCHEMA_REGISTRY_KAFKASTORE_SECURITY_PROTOCOL: SSL
SCHEMA_REGISTRY_KAFKASTORE_SSL_KEYSTORE_LOCATION: /etc/schema-registry/secrets/schema-registry.keystore.jks
SCHEMA_REGISTRY_SSL_KEYSTORE_LOCATION: /etc/schema-registry/secrets/schema-registry.keystore.jks
SCHEMA_REGISTRY_KAFKASTORE_SSL_KEYSTORE_PASSWORD: 'PASSWORD'
SCHEMA_REGISTRY_SSL_KEYSTORE_PASSWORD: 'PASSWORD'
SCHEMA_REGISTRY_KAFKASTORE_SSL_KEY_PASSWORD: 'PASSWORD'
SCHEMA_REGISTRY_SSL_KEY_PASSWORD: 'PASSWORD'
SCHEMA_REGISTRY_KAFKASTORE_SSL_TRUSTSTORE_LOCATION: /etc/schema-registry/secrets/schema-registry.truststore.jks
SCHEMA_REGISTRY_SSL_TRUSTSTORE_LOCATION: /etc/schema-registry/secrets/schema-registry.truststore.jks
SCHEMA_REGISTRY_KAFKASTORE_SSL_TRUSTSTORE_PASSWORD: 'PASSWORD'
SCHEMA_REGISTRY_SSL_TRUSTSTORE_PASSWORD: 'PASSWORD'
SCHEMA_REGISTRY_SCHEMA_REGISTRY_INTER_INSTANCE_PROTOCOL: https
SCHEMA_REGISTRY_KAFKASTORE_TOPIC: _schemas
SCHEMA_REGISTRY_SSL_CLIENT_AUTH: 'true'
volumes:
- ./secrets:/etc/schema-registry/secrets