docker-compose.yml

version: "3.8"
services:
  # The awaiter service uses a tiny image (~3MB) to await the health status 
  # of apps in other service containers.
  awaiter:
    image: alpine:latest
    container_name: 'awaiter'
    depends_on:
      rabbitmq:
        condition: service_healthy
      broker:
        condition: service_healthy

  rabbitmq:
    image: rabbitmq:3.11-management-alpine
    container_name: 'rabbitmq'
    ports:
        - 5672:5672
        - 15672:15672
    healthcheck:
        test: rabbitmqctl await_startup || exit 1
        interval: 5s
        timeout: 5s
        retries: 12
        start_period: 15s
    networks:
      - rabbitmq_network
  
  generate-kafka-secrets:
    image: mcr.microsoft.com/openjdk/jdk:11-ubuntu
    container_name: 'generate-kafka-secrets'
    working_dir: /root/.local/share/kafka-secrets
    entrypoint: bash -c
    command: 
    - |
      /bin/bash
      chmod +x /root/.local/share/kafka-secrets/generate-kafka-secrets.sh
      /root/.local/share/kafka-secrets/generate-kafka-secrets.sh
    volumes:
      - ./src/CoreWCF.Kafka/tests/kafka-secrets:/root/.local/share/kafka-secrets:rw
    networks:
      - kafka_network

  zookeeper:
    image: confluentinc/cp-zookeeper
    container_name: 'zookeeper'
    environment:
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000
      ZOOKEEPER_ADMIN_ENABLE_SERVER: 'false'
    healthcheck:
      test: echo ruok | nc 127.0.0.1 2181 || exit -1
      interval: 5s
      timeout: 5s
      retries: 12
      start_period: 15s
    networks:
      - kafka_network      
  
  broker:
    image: confluentinc/cp-kafka
    container_name: 'broker'
    depends_on:
      generate-kafka-secrets:
        condition: service_completed_successfully
      zookeeper:
        condition: service_healthy
    ports:
      - "9092:9092"
      - "9093:9093"
      - "9094:9094"
      - "9095:9095"
      - "9096:9096"
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_ZOOKEEPER_CONNECT: 'zookeeper:2181'
      ZOOKEEPER_SASL_ENABLED: 'false'
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL:PLAINTEXT,HOSTPLAINTEXT:PLAINTEXT,HOSTSSL:SSL,HOSTSASLPLAINTEXT:SASL_PLAINTEXT,HOSTSASLSSL:SASL_SSL,HOSTMTLS:SSL
      KAFKA_ADVERTISED_LISTENERS: INTERNAL://broker:29092,HOSTPLAINTEXT://localhost:9092,HOSTSSL://localhost:9093,HOSTSASLPLAINTEXT://localhost:9094,HOSTSASLSSL://localhost:9095,HOSTMTLS://localhost:9096
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
      KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
      KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: 'false'
      KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL
      # KAFKA_JMX_PORT: '9091'
      KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true'
      # KAFKA_AUTHORIZER_CLASS_NAME: 'kafka.security.authorizer.AclAuthorizer'
      # KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: 'true'
      KAFKA_SECURITY_PROTOCOL: PLAINTEXT,SSL,SASL_PLAINTEXT,SASL_SSL
      KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
      # configure SSL for HOSTSSL
      KAFKA_SSL_TRUSTSTORE_FILENAME: broker.truststore.jks
      KAFKA_SSL_TRUSTSTORE_CREDENTIALS: broker.truststore.jks.cred
      KAFKA_SSL_KEYSTORE_FILENAME: broker.keystore.jks
      KAFKA_SSL_KEYSTORE_CREDENTIALS: broker.keystore.jks.cred
      KAFKA_SSL_KEY_CREDENTIALS: broker.keystore.jks.cred
      # configure MTLS
      # default to required at broker level
      KAFKA_SSL_CLIENT_AUTH: 'required'
      # allow HOSTSASLSSL and HOSTSSL to provide only encryption security without authentication
      KAFKA_LISTENER_NAME_HOSTSASLSSL_SSL_CLIENT_AUTH: 'none'
      KAFKA_LISTENER_NAME_HOSTSSL_SSL_CLIENT_AUTH: 'none'
      KAFKA_LISTENER_NAME_HOSTMTLS_SSL_CLIENT_AUTH: 'required'
      # configure SASL for HOSTSASLPLAINTEXT
      # KAFKA_LISTENER_NAME_HOSTSASLPLAINTEXT_SASL_ENABLED_MECHANISMS: PLAIN
      # KAFKA_LISTENER_NAME_HOSTSASLPLAINTEXT_PLAIN_SASL_JAAS_CONFIG: |
      #         org.apache.kafka.common.security.plain.PlainLoginModule required \
      #         user_user="user-secret";
      KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/broker_jaas.conf              
    healthcheck:
      test: nc -z localhost 9092 || exit 1
      interval: 5s
      timeout: 5s
      retries: 12
      start_period: 15s
    links:
      - zookeeper
    volumes:
      - ./src/CoreWCF.Kafka/tests/kafka-secrets:/etc/kafka/secrets:ro
    networks:
      - kafka_network      

  akhq:
    image: tchiotludo/akhq
    container_name: 'akhq'
    environment:
      AKHQ_CONFIGURATION: |
        akhq:
          connections:
            docker-kafka-server:
              properties:
                bootstrap.servers: "broker:29092"
    ports:
      - 9001:8080
    links:
      - broker
    networks:
      - kafka_network

networks:
  rabbitmq_network:
    driver: bridge
  kafka_network:
    driver: bridge