forked from open-policy-agent/contrib
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
40 lines (40 loc) · 1.4 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
version: "2"
services:
opa:
hostname: opa
image: openpolicyagent/opa:0.8.0-dev
ports:
- 8181:8181
command: "run --server --log-level=debug --watch /data/kafka_authz.rego"
volumes:
- ./src/test/resources/:/data
zookeeper:
image: confluentinc/cp-zookeeper:4.0.0-3
environment:
ZOOKEEPER_CLIENT_PORT: 2181
zk_id: "1"
kafka:
hostname: kafka
image: openpolicyagent/demo-kafka:1.0-SNAPSHOT
links:
- zookeeper
- opa
ports:
- "9092:9092"
environment:
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: "1"
KAFKA_ZOOKEEPER_CONNECT: "zookeeper:2181"
KAFKA_ADVERTISED_LISTENERS: "SSL://:9093"
KAFKA_SECURITY_INTER_BROKER_PROTOCOL: SSL
KAFKA_AUTHORIZER_CLASS_NAME: com.lbg.kafka.opa.OpaAuthorizer
KAFKA_OPA_AUTHORIZER_URL: "http://opa:8181/v1/data/kafka/authz/allow"
KAFKA_OPA_AUTHORIZER_ALLOW_ON_ERROR: "false"
KAFKA_OPA_AUTHORIZER_CACHE_INITIAL_CAPACITY: 100
KAFKA_OPA_AUTHORIZER_CACHE_MAXIMUM_SIZE: 100
KAFKA_OPA_AUTHORIZER_CACHE_EXPIRE_AFTER_MS: 600000
KAFKA_SSL_CLIENT_AUTH: required
KAFKA_SSL_KEYSTORE_FILENAME: kafka.broker.keystore.jks
KAFKA_SSL_KEYSTORE_CREDENTIALS: broker_keystore_creds
KAFKA_SSL_KEY_CREDENTIALS: broker_sslkey_creds
KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.broker.truststore.jks
KAFKA_SSL_TRUSTSTORE_CREDENTIALS: broker_truststore_creds