forked from Mongey/terraform-provider-kafka
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.kafka
40 lines (31 loc) · 1.65 KB
/
Dockerfile.kafka
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
FROM apache/kafka-native:3.8.0
ARG broker_id
ARG listener_host
ARG listener_port
COPY secrets/ /etc/kafka/secrets
ENV KAFKA_BROKER_ID=$broker_id
ENV KAFKA_NODE_ID=$broker_id
ENV KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1
ENV KAFKA_PROCESS_ROLES='broker,controller'
ENV KAFKA_CONTROLLER_QUORUM_VOTERS=1@kafka1:9093
ENV KAFKA_CONTROLLER_LISTENER_NAMES='CONTROLLER'
# confluent's bash script looks for an 'SSL' suffix in listener names:
# https://github.com/confluentinc/cp-docker-images/blob/76d786d0243ea16626b8b46dba34ec0b1066de84/debian/kafka/include/etc/confluent/docker/configure#L65
ENV KAFKA_LISTENERS=INTERNAL_SSL://$listener_host:9090,EXTERNAL_SSL://$listener_host:9092
ENV KAFKA_ADVERTISED_LISTENERS=INTERNAL_SSL://$listener_host:9090,EXTERNAL_SSL://localhost:$listener_port
ENV KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=INTERNAL_SSL:SSL,EXTERNAL_SSL:SSL,CONTROLLER:PLAINTEXT
ENV KAFKA_INTER_BROKER_LISTENER_NAME=INTERNAL_SSL
ENV KAFKA_SSL_KEYSTORE_FILENAME=kafka.$listener_host.keystore.jks
ENV KAFKA_SSL_KEYSTORE_CREDENTIALS=password
ENV KAFKA_SSL_TRUSTSTORE_FILENAME=kafka.truststore.jks
ENV KAFKA_SSL_TRUSTSTORE_CREDENTIALS=password
ENV KAFKA_SSL_KEY_CREDENTIALS=password
ENV KAFKA_SSL_CLIENT_AUTH=required
ENV KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM=
ENV KAFKA_LISTENER_NAME_INTERNAL_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM=
ENV KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND=true
ENV KAFKA_AUTHORIZER_CLASS_NAME=org.apache.kafka.metadata.authorizer.StandardAuthorizer
ENV KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS=0
ENV KAFKA_TRANSACTION_STATE_LOG_MIN_ISR=1
ENV KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR=1
ENV KAFKA_LOG4J_LOGGERS='org.apache.kafka.image.loader.MetadataLoader=WARN'