docker-compose.yml

#
# Copyright 2019 the original author or authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

version: '2.1'

services:
  
  zookeeper:
    image: confluentinc/cp-zookeeper:5.3.1
    container_name: zookeeper
    ports:
      - "2181:2181"
    environment:
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000
    networks:
      - schema
      
  kafka:
    image: confluentinc/cp-server:5.3.1
    container_name: kafka
    depends_on:
      - zookeeper
    ports:
      - "9092:9092"
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_BROKER_RACK: docker
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: SSL:SSL,SSL_HOST:SSL
      KAFKA_LISTENERS: SSL://kafka:9092,SSL_HOST://kafka:29092
      KAFKA_ADVERTISED_LISTENERS: SSL://localhost:9092,SSL_HOST://kafka:29092
      KAFKA_METRIC_REPORTERS: io.confluent.metrics.reporter.ConfluentMetricsReporter
      KAFKA_SSL_KEYSTORE_FILENAME: kafka.server.keystore.jks
      KAFKA_SSL_KEYSTORE_CREDENTIALS: credentials
      KAFKA_SSL_KEY_CREDENTIALS: credentials
      KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.server.truststore.jks
      KAFKA_SSL_TRUSTSTORE_CREDENTIALS: credentials
      KAFKA_SSL_CLIENT_AUTH: 'required'
      KAFKA_SECURITY_PROTOCOL: SSL
      KAFKA_INTER_BROKER_LISTENER_NAME: SSL_HOST
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: "HTTPS"
      KAFKA_SUPER_USERS: User:kafka-server;User:schema-registry-server;User:control-center-server;User:application-client
      KAFKA_SSL_PRINCIPAL_MAPPING_RULES: RULE:^[Cc][Nn]=([a-zA-Z-]*).*$$/$$1/L
      KAFKA_SSL_ENABLED_PROTOCOLS: TLSv1.2,TLSv1.1,TLSv1
      KAFKA_SSL_KEYMANAGER_ALGORITHM: SunX509
      KAFKA_SSL_KEYSTORE_TYPE: JKS
      KAFKA_SSL_TRUSTMANAGER_ALGORITHM: PKIX
      KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.auth.SimpleAclAuthorizer
      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: 'false'
      KAFKA_NUM_NETWORK_THREADS: 6
      KAFKA_NUM_IO_THREADS: 11
      KAFKA_SOCKET_SEND_BUFFER_BYTES: 102400
      KAFKA_SOCKET_RECEIVE_BUFFER_BYTES: 102400
      KAFKA_SOCKET_REQUEST_MAX_BYTES: 104857600
      KAFKA_NUM_REPLICA_FETCHERS: 4
      KAFKA_NUM_PARTITIONS: 1
      KAFKA_NUM_RECOVERY_THREADS_PER_DATA_DIR: 16
      KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
      KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
      KAFKA_LOG_RETENTION_HOURS: 72
      KAFKA_LOG_SEGMENT_BYTES: 1073741824
      KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 300000
      KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS: 6000
      KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: 'false'
      KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 0
      KAFKA_DEFAULT_REPLICATION_FACTOR: 1
      KAFKA_MIN_INSYNC_REPLICAS: 1
      KAFKA_UNCLEAR_LEADER_ELECTION_ENABLE: 'false'
      KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true'
      KAFKA_DELETE_TOPIC_ENABLE: 'false'
      KAFKA_BACKGROUND_THREADS: 10
      KAFKA_INTER_BROKER_PROTOCOL_VERSION: 2.2
      KAFKA_LOG_MESSAGE_FORMAT_VERSION: 2.2
      CONFLUENT_METRICS_REPORTER_BOOTSTRAP_SERVERS: kafka:29092
      CONFLUENT_METRICS_REPORTER_TOPIC_REPLICAS: 1
      CONFLUENT_METRICS_REPORTER_SECURITY_PROTOCOL: SSL
      CONFLUENT_METRICS_REPORTER_SSL_KEYSTORE_LOCATION: /etc/kafka/secrets/kafka.server.keystore.jks
      CONFLUENT_METRICS_REPORTER_SSL_KEYSTORE_PASSWORD: changeit
      CONFLUENT_METRICS_REPORTER_SSL_KEY_PASSWORD: changeit
      CONFLUENT_METRICS_REPORTER_SSL_TRUSTSTORE_LOCATION: /etc/kafka/secrets/kafka.server.truststore.jks
      CONFLUENT_METRICS_REPORTER_SSL_TRUSTSTORE_PASSWORD: changeit
      CONFLUENT_METRICS_ENABLE: "true"
    volumes:
       - ./certificates/kafka:/etc/kafka/secrets
    networks:
      - schema
      
  schema-registry:
    image: confluentinc/cp-schema-registry:5.3.1
    container_name: schema-registry
    depends_on:
      - zookeeper
      - kafka
    ports:
      - "8082:8082"
    environment:
      SCHEMA_REGISTRY_HOST_NAME: localhost
      SCHEMA_REGISTRY_LISTENERS: 'https://0.0.0.0:8082'
      SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL: zookeeper:2181
      SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: SSL://kafka:29092
      SCHEMA_REGISTRY_KAFKASTORE_SECURITY_PROTOCOL: SSL
      SCHEMA_REGISTRY_KAFKASTORE_SSL_KEYSTORE_LOCATION: /etc/schema-registry/secrets/schema-registry.server.keystore.jks
      SCHEMA_REGISTRY_SSL_KEYSTORE_LOCATION: /etc/schema-registry/secrets/schema-registry.server.keystore.jks
      SCHEMA_REGISTRY_KAFKASTORE_SSL_KEYSTORE_PASSWORD: changeit
      SCHEMA_REGISTRY_SSL_KEYSTORE_PASSWORD: changeit
      SCHEMA_REGISTRY_KAFKASTORE_SSL_KEY_PASSWORD: changeit
      SCHEMA_REGISTRY_SSL_KEY_PASSWORD: changeit
      SCHEMA_REGISTRY_KAFKASTORE_SSL_TRUSTSTORE_LOCATION: /etc/schema-registry/secrets/schema-registry.server.truststore.jks
      SCHEMA_REGISTRY_SSL_TRUSTSTORE_LOCATION: /etc/schema-registry/secrets/schema-registry.server.truststore.jks
      SCHEMA_REGISTRY_KAFKASTORE_SSL_TRUSTSTORE_PASSWORD: changeit
      SCHEMA_REGISTRY_SSL_TRUSTSTORE_PASSWORD: changeit
      SCHEMA_REGISTRY_SCHEMA_REGISTRY_INTER_INSTANCE_PROTOCOL: https
      SCHEMA_REGISTRY_SSL_CLIENT_AUTH: 'true'
      SCHEMA_REGISTRY_ACCESS_CONTROL_ALLOW_ORIGIN: "*"
      SCHEMA_REGISTRY_ACCESS_CONTROL_ALLOW_METHODS: "GET,POST,PUT,OPTIONS"
      SCHEMA_REGISTRY_KAFKASTORE_TOPIC: _schemas
    volumes:
       - ./certificates/schema-registry:/etc/schema-registry/secrets
    networks:
      - schema
      
  control-center:
    image: confluentinc/cp-enterprise-control-center:5.3.1
    container_name: control-center
    depends_on:
      - zookeeper
      - kafka
      - schema-registry
    ports:
      - "9021:9021"
    environment:
      CONTROL_CENTER_BOOTSTRAP_SERVERS: kafka:29092
      CONTROL_CENTER_ZOOKEEPER_CONNECT: zookeeper:2181
      CONTROL_CENTER_SCHEMA_REGISTRY_URL: "https://schema-registry:8082"
      CONTROL_CENTER_REPLICATION_FACTOR: 1
      CONTROL_CENTER_INTERNAL_TOPICS_PARTITIONS: 1
      CONTROL_CENTER_MONITORING_INTERCEPTOR_TOPIC_PARTITIONS: 1
      CONFLUENT_METRICS_TOPIC_REPLICATION: 1
      CONTROL_CENTER_STREAMS_SECURITY_PROTOCOL: SSL
      CONTROL_CENTER_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: ""
      CONTROL_CENTER_STREAMS_SSL_TRUSTSTORE_LOCATION: /etc/control-center/secrets/control-center.server.truststore.jks
      CONTROL_CENTER_STREAMS_SSL_KEYSTORE_LOCATION: /etc/control-center/secrets/control-center.server.keystore.jks
      CONTROL_CENTER_STREAMS_SSL_TRUSTSTORE_PASSWORD: changeit
      CONTROL_CENTER_STREAMS_SSL_KEYSTORE_PASSWORD: changeit
      CONTROL_CENTER_STREAMS_SSL_KEY_PASSWORD: changeit
      PORT: 9021
    volumes:
       - ./certificates/control-center:/etc/control-center/secrets
    networks:
      - schema
networks:
  schema:
    name: schema