docker-compose.yml

# Notes
# To run one instance of zk, kafka and the registry service:
# - $ docker-compose up [-d]
#
# To run the tests (one-off; does not require a previous docker-compose up):
# - $ docker-compose run --rm --name registry_test registry go test --tags=integration ./...
#
# To run 3 instances of kafka, and 1 instance of zk and the registry:
# - $ docker-compose up --scale kafka=3
#
# To query the registry:
#  - $ curl -s $(docker-machine ip):8080/v1/topics/list | jq
# Note: by default, SSL is enabled. In order to test the registry
# over PLAINTEXT, update the following env vars to:
# REGISTRY_BOOTSTRAP_SERVERS: kafka:9092
# REGISTRY_KAFKA_SSL_ENABLED: "false"

version: "3"
services:
  ssl_setup:
    build:
      context: .
      dockerfile: Dockerfile.ssl_setup
    volumes:
      - "ssl-store:/etc/kafka/config"
  zookeeper:
    image: wurstmeister/zookeeper
    ports:
      - "2181:2181"
    healthcheck:
      test: nc -z localhost 2181 || exit -1
      interval: 5s
      timeout: 5s
      retries: 5
      start_period: 5s
  kafka:
    image: wurstmeister/kafka:${KAFKA_VERSION:-2.13-2.8.1}
    deploy:
      replicas: 3
    ports:
      - "9092"
      - "9093"
    healthcheck:
      test: nc -z localhost 9092 || exit -1
      interval: 5s
      timeout: 5s
      retries: 5
      start_period: 15s
    depends_on:
      - ssl_setup
      - zookeeper
    environment:
      HOSTNAME_COMMAND: hostname -i
      PORT_COMMAND: "docker port $$(hostname) 9092/tcp | cut -d: -f2"
      KAFKA_ADVERTISED_LISTENERS: OUTSIDE://localhost:_{PORT_COMMAND},INSIDE://:9094,SASL_SSL://_{HOSTNAME_COMMAND}:9093
      KAFKA_LISTENERS: OUTSIDE://:9092,INSIDE://:9094,SASL_SSL://:9093
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: OUTSIDE:PLAINTEXT,INSIDE:PLAINTEXT,SASL_SSL:SASL_SSL
      KAFKA_PORT: 9093
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_CREATE_TOPICS: "test1:1:3,test2:2:2"
      KAFKA_BROKER_RACK: 1a
      KAFKA_SECURITY_INTER_BROKER_PROTOCOL: "SASL_SSL"
      KAFKA_SSL_KEYSTORE_LOCATION: "/etc/kafka/config/keystore.jks"
      KAFKA_SSL_KEYSTORE_PASSWORD: "password"
      KAFKA_SSL_KEYSTORE_TYPE: "JKS"
      KAFKA_SSL_TRUSTSTORE_LOCATION: "/etc/kafka/config/truststore.jks"
      KAFKA_SSL_TRUSTSTORE_PASSWORD: "password"
      KAFKA_SSL_TRUSTSTORE_TYPE: "JKS"
      KAFKA_SSL_KEY_PASSWORD: "password"
      KAFKA_SSL_ENABLED_PROTOCOLS: "TLSv1.2"
      KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: ""
      KAFKA_SASL_ENABLED_MECHANISMS: "PLAIN"
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: "PLAIN"
      KAFKA_LISTENER_NAME_SASL_SSL_PLAIN_SASL_JAAS_CONFIG: "org.apache.kafka.common.security.plain.PlainLoginModule required \
      username='admin' password='admin-secret' \
      user_admin='admin-secret' \
      user_registry='registry-secret';"
      CUSTOM_INIT_SCRIPT: "sh -c \" \
      sed -i 's/listener.name.sasl.ssl.plain.sasl.jaas.config/listener.name.sasl_ssl.plain.sasl.jaas.config/g' \
      /opt/kafka/config/server.properties\""
      # useful for SSL debugging
      # LOG4J_LOGGER_KAFKA_AUTHORIZER_LOGGER: "DEBUG, authorizerAppender"
      # KAFKA_OPTS: "-Djavax.net.debug=all"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - "ssl-store:/etc/kafka/config"
  registry:
    command: "/go/bin/registry"
    build:
      context: .
      dockerfile: Dockerfile
    ports:
      - "8080"
      - "8090"
    healthcheck:
      test: curl -f localhost:8080/v1/brokers/list
      interval: 5s
      timeout: 5s
      retries: 5
      start_period: 5s
    depends_on:
      - zookeeper
      - kafka
    environment:
      TEST_ZK_ADDR: zookeeper:2181
      REGISTRY_ENABLE_LOCKING: "true"
      REGISTRY_ZK_ADDR: zookeeper:2181
      REGISTRY_BOOTSTRAP_SERVERS: kafka:9093
      REGISTRY_HTTP_LISTEN: 0.0.0.0:8080
      REGISTRY_GRPC_LISTEN: 0.0.0.0:8090
      REGISTRY_KAFKA_SECURITY_PROTOCOL: SASL_SSL
      REGISTRY_KAFKA_SSL_CA_LOCATION: "/etc/kafka/config/kafka-ca-crt.pem"
      REGISTRY_KAFKA_SASL_MECHANISM: PLAIN
      REGISTRY_KAFKA_SASL_USERNAME: registry
      REGISTRY_KAFKA_SASL_PASSWORD: registry-secret
      REGISTRY_WRITE_RATE_LIMIT: 60
      REGISTRY_READ_RATE_LIMIT: 60

    volumes:
      - "ssl-store:/etc/kafka/config"

volumes:
  ssl-store: