forked from divolte/docker-divolte
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose-kerberos.yml
79 lines (76 loc) · 2.21 KB
/
docker-compose-kerberos.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
version: "3.3"
services:
# Kafka/Zookeeper container
docker-kdc:
image: krisgeus/docker-kdc
container_name: docker-kdc
hostname: docker-kdc
domainname: divolte_divolte.io
environment:
REALM: EXAMPLE.COM
SUPPORTED_ENCRYPTION_TYPES: aes256-cts-hmac-sha1-96:normal
KADMIN_PRINCIPAL: kadmin/admin
KADMIN_PASSWORD: MITiys4K5
volumes:
# This is needed otherwise there won't be enough entropy to generate a new kerberos realm
- /dev/urandom:/dev/random
networks:
- divolte.io
divolte-kafka:
image: krisgeus/docker-kafka
container_name: divolte-kafka
hostname: divolte-kafka
domainname: divolte_divolte.io
environment:
ENABLE_KERBEROS: "true"
REALM: EXAMPLE.COM
KADMIN_PRINCIPAL: kadmin/admin
KADMIN_PASSWORD: MITiys4K5
KDC_HOST: docker-kdc
ADVERTISED_HOST: divolte-kafka
LOG_RETENTION_HOURS: 1
AUTO_CREATE_TOPICS: "false"
KAFKA_CREATE_TOPICS: divolte:4:1
ADVERTISED_LISTENERS: SASL_PLAINTEXT://divolte-kafka:9092,INTERNAL://localhost:9093
LISTENERS: SASL_PLAINTEXT://0.0.0.0:9092,INTERNAL://0.0.0.0:9093
SECURITY_PROTOCOL_MAP: SASL_PLAINTEXT:SASL_PLAINTEXT,INTERNAL:PLAINTEXT
INTER_BROKER: INTERNAL
depends_on:
- docker-kdc
networks:
- divolte.io
# Divolte container
docker-divolte:
build:
context: .
args:
ENABLE_KERBEROS: 'yes'
container_name: docker-divolte
hostname: docker-divolte
domainname: divolte_divolte.io
environment:
DIVOLTE_KAFKA_BROKER_LIST: divolte-kafka:9092
REALM: EXAMPLE.COM
KDC_HOST: docker-kdc
KADMIN_PRINCIPAL: kadmin/admin
KADMIN_PASSWORD: MITiys4K5
KAFKA_SECURITY_PROTOCOL: SASL_PLAINTEXT
KAFKA_SASL_JAAS_CONFIG: |-
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/divolte.keytab"
principal="divolte/docker-divolte.divolte_divolte.io";
ports:
- 8290:8290
depends_on:
- divolte-kafka
- docker-kdc
links:
- divolte-kafka:divolte-kafka
- docker-kdc:docker-kdc
networks:
- divolte.io
networks:
divolte.io:
driver: bridge