forked from vdesabou/kafka-docker-playground
-
Notifications
You must be signed in to change notification settings - Fork 1
/
docker-compose.yml
46 lines (39 loc) · 2.05 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
---
version: '3.5'
services:
restproxy:
image: confluentinc/cp-kafka-rest:${TAG}
restart: always
hostname: restproxy
container_name: restproxy
volumes:
- ../../ccloud/rest-proxy-security-plugin/security:/etc/kafka/secrets
- ../../ccloud/rest-proxy-security-plugin/kafka-rest.jaas.conf:/etc/kafka/kafka-rest.jaas.conf
environment:
KAFKA_REST_HOST_NAME: restproxy
KAFKA_REST_BOOTSTRAP_SERVERS: $BOOTSTRAP_SERVERS
KAFKA_REST_LISTENERS: "https://0.0.0.0:8086"
# Security configurations between REST Proxy and HTTP client
KAFKA_REST_SSL_TRUSTSTORE_LOCATION: /etc/kafka/secrets/kafka.restproxy.truststore.jks
KAFKA_REST_SSL_TRUSTSTORE_PASSWORD: confluent
KAFKA_REST_SSL_KEYSTORE_LOCATION: /etc/kafka/secrets/kafka.restproxy.keystore.jks
KAFKA_REST_SSL_KEYSTORE_PASSWORD: confluent
KAFKA_REST_SSL_KEY_PASSWORD: confluent
KAFKA_REST_SSL_ENDPOINT_IDENTIFIED_ALGORITHM: "https"
# Security configurations between REST Proxy and broker
KAFKA_REST_CLIENT_SECURITY_PROTOCOL: SASL_SSL
KAFKA_REST_CLIENT_SASL_MECHANISM: PLAIN
KAFKA_REST_CLIENT_ENDPOINT_IDENTIFICATION_ALGORITHM: "https"
KAFKA_REST_CLIENT_SASL_JAAS_CONFIG: $SASL_JAAS_CONFIG
# Security configurations between REST Proxy and CCSR
KAFKA_REST_SCHEMA_REGISTRY_URL: $SCHEMA_REGISTRY_URL
KAFKA_REST_CLIENT_BASIC_AUTH_CREDENTIALS_SOURCE: USER_INFO
KAFKA_REST_CLIENT_SCHEMA_REGISTRY_BASIC_AUTH_USER_INFO: $SCHEMA_REGISTRY_BASIC_AUTH_USER_INFO
KAFKAREST_OPTS: -Djava.security.auth.login.config=/etc/kafka/kafka-rest.jaas.conf
KAFKA_REST_CONFLUENT_LICENSE: "your license"
# KAFKA_REST_SSL_CLIENT_AUTHENTICATION: "REQUIRED"
KAFKA_REST_SSL_CLIENT_AUTH: "true" # deprecated, KAFKA_REST_SSL_CLIENT_AUTHENTICATION: "REQUIRED"
KAFKA_REST_KAFKA_REST_RESOURCE_EXTENSION_CLASS: io.confluent.kafkarest.security.KafkaRestSecurityResourceExtension
KAFKA_REST_CONFLUENT_REST_AUTH_SSL_PRINCIPAL_MAPPING_RULES: RULE:^CN=(.*?),OU=TEST.*$$/$$1/,DEFAULT
ports:
- 8086:8086