| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 |
- ---
- version: '3.4'
- services:
- kafka-ui:
- container_name: kafka-ui
- image: provectuslabs/kafka-ui:latest
- ports:
- - 8080:8080
- depends_on:
- - zookeeper0
- - kafka0
- environment:
- KAFKA_CLUSTERS_0_NAME: local
- KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL: SSL
- KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: kafka0:29092 # SSL LISTENER!
- KAFKA_CLUSTERS_0_ZOOKEEPER: zookeeper0:2181
- KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION: /kafka.truststore.jks
- KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_PASSWORD: secret
- volumes:
- - ./ssl/kafka.truststore.jks:/kafka.truststore.jks
- zookeeper0:
- image: confluentinc/cp-zookeeper:6.0.1
- environment:
- ZOOKEEPER_CLIENT_PORT: 2181
- ZOOKEEPER_TICK_TIME: 2000
- ports:
- - 2181:2181
- kafka0:
- image: confluentinc/cp-kafka:6.0.1
- hostname: kafka0
- depends_on:
- - zookeeper0
- ports:
- - '9092:9092'
- environment:
- KAFKA_BROKER_ID: 1
- KAFKA_ZOOKEEPER_CONNECT: zookeeper0:2181
- KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
- KAFKA_ADVERTISED_LISTENERS: SSL://kafka0:29092,PLAINTEXT_HOST://localhost:9092
- KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: SSL:SSL,PLAINTEXT_HOST:PLAINTEXT
- KAFKA_INTER_BROKER_LISTENER_NAME: SSL
- KAFKA_SECURITY_PROTOCOL: SSL
- KAFKA_SSL_ENABLED_MECHANISMS: PLAIN,SSL
- KAFKA_SSL_KEYSTORE_FILENAME: kafka.keystore.jks
- KAFKA_SSL_KEYSTORE_CREDENTIALS: creds
- KAFKA_SSL_KEY_CREDENTIALS: creds
- KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.truststore.jks
- KAFKA_SSL_TRUSTSTORE_CREDENTIALS: creds
- #KAFKA_SSL_CLIENT_AUTH: 'required'
- KAFKA_SSL_CLIENT_AUTH: "requested"
- KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: '' # COMMON NAME VERIFICATION IS DISABLED SERVER-SIDE
- volumes:
- - ./ssl/creds:/etc/kafka/secrets/creds
- - ./ssl/kafka.truststore.jks:/etc/kafka/secrets/kafka.truststore.jks
- - ./ssl/kafka.keystore.jks:/etc/kafka/secrets/kafka.keystore.jks
|
