简要记录如何基于docker
搭建Kafka
服务器以及添加集成了LDAP
的kafka-ui
实现图形化界面的授权访问。
kafka安装
基于docker-compose
的方式安装,脚本如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
version: "3"
services:
zookeeper:
restart: always
image: docker.io/bitnami/zookeeper:3.8
#network_mode: "bridge"
container_name: zookeeper_test
ports:
- "2181:2181"
volumes:
- $PWD/zk_data:/bitnami/zookeeper #持久化数据
environment:
- TZ=Asia/Shanghai
- ALLOW_ANONYMOUS_LOGIN=yes
kafka:
restart: always
image: docker.io/bitnami/kafka:3.4.1
#network_mode: "bridge"
container_name: kafka_test
ports:
- "9004:9004"
volumes:
- $PWD/kafka_data:/bitnami/kafka #持久化数据
environment:
- TZ=Asia/Shanghai - KAFKA_BROKER_ID=1
- KAFKA_CFG_LISTENERS=PLAINTEXT://:9004
- KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://10.10.2.98:9004 #替换成你自己的IP
- KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181
- ALLOW_PLAINTEXT_LISTENER=yes
depends_on:
- zookeeper
|
kafka-ui的安装
参考kafka-ui的说明,基于docker-compose
的方式安装,脚本如下
1
2
3
4
5
6
7
8
9
10
11
12
13
|
version: "3"
services:
kafka-ui:
restart: always
image: provectuslabs/kafka-ui:latest
container_name: kafka-ui
restart: always
ports:
- 9001:8080
environment:
- KAFKA_CLUSTERS_0_NAME=kafka-test
- KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS=10.10.2.98:9004
- KAFKA_CLUSTERS_0_ZOOKEEPER=10.10.2.98:2181
|
之后可通过http://SERVER_IP:9001
访问,界面类似如下,
此时同网络下的任何人都能访问,也能通过UI界面对其进行相关修改操作,缺乏权限控制。
添加登录
普通登录
普通登录方式的配置脚本如下,此时其账户信息以硬编码的形式存在
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
version: "3"
services:
kafka-ui:
restart: always
image: provectuslabs/kafka-ui:latest
container_name: kafka-ui
restart: always
ports:
- 9001:8080
environment:
- KAFKA_CLUSTERS_0_NAME=kafka-test
- KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS=10.10.2.98:9004
- KAFKA_CLUSTERS_0_ZOOKEEPER=10.10.2.98:2181
- AUTH_TYPE="LOGIN_FORM"
- SPRING_SECURITY_USER_NAME=admin
- SPRING_SECURITY_USER_sPASSWORD=123456
|
对应的登录界面如下:
LDAP登录
LDAP
登录方式的配置脚本如下,其登录界面与前述一样
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
version: "3"
services:
kafka-ui:
restart: always
image: provectuslabs/kafka-ui:latest
container_name: kafka-ui
restart: always
ports:
- 9001:8080
environment:
- KAFKA_CLUSTERS_0_NAME=kafka-test
- KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS=10.10.2.98:9004
- KAFKA_CLUSTERS_0_ZOOKEEPER=10.10.2.98:2181
- AUTH_TYPE="LDAP"
- SPRING_LDAP_URLS="ldap://xxx.xxx.xxx.xxx:389"
- SPRING_LDAP_BASE="cn={0},ou=xxx,dc=xxx,dc=com"
- SPRING_LDAP_ADMIN_USER="cn=xxx,dc=xxx,dc=com"
- SPRING_LDAP_ADMIN_PASSWORD="xxx"
- SPRING_LDAP_USER_FILTER_SEARCH_BASE="dc=xxx,dc=com"
- SPRING_LDAP_USER_FILTER_SEARCH_FILTER="(&(uid={0})(objectClass=inetOrgPerson))"
|
问题
- 缺少退出登录功能
- 缺少中文汉化界面
参考文档:
- https://www.cnblogs.com/tonglin0325/p/5528560.html
- https://github.com/provectus/kafka-ui/issues/1466