docker-proj/config/kafka/strimzi.properties

   1 #  ============LICENSE_START===============================================
   2 #  Copyright (C) 2023 Nordix Foundation. All rights reserved.
   3 #  ========================================================================
   4 #  Licensed under the Apache License, Version 2.0 (the "License");
   5 #  you may not use this file except in compliance with the License.
   6 #  You may obtain a copy of the License at
   7 #
   8 #       http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 #  Unless required by applicable law or agreed to in writing, software
  11 #  distributed under the License is distributed on an "AS IS" BASIS,
  12 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 #  See the License for the specific language governing permissions and
  14 #  limitations under the License.
  15 #  ============LICENSE_END=================================================
  16 #
  17
  18 ##########
  19 # Broker ID
  20 ##########
  21 broker.id=0
  22 node.id=0
  23
  24 ##########
  25 # Zookeeper
  26 ##########
  27 zookeeper.connect=zookeeper-1:2181
  28 zookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
  29
  30 ##########
  31 # Kafka message logs configuration
  32 ##########
  33 log.dirs=/tmp/logs
  34
  35 ##########
  36 # Listener configuration: SASL-9097
  37 ##########
  38 listener.name.sasl-9097.oauthbearer.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler
  39 listener.name.sasl-9097.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredLoginStringClaim_sub="thePrincipalName" oauth.valid.issuer.uri="https://keycloak:8443/realms/nonrtric-realm" oauth.jwks.endpoint.uri="http://keycloak:8080/realms/nonrtric-realm/protocol/openid-connect/certs" oauth.username.claim="preferred_username" oauth.config.id="SASL-9097";
  40 listener.name.sasl-9097.plain.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.plain.JaasServerOauthOverPlainValidatorCallbackHandler
  41 listener.name.sasl-9097.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required oauth.valid.issuer.uri="https://keycloak:8443/realms/nonrtric-realm" oauth.jwks.endpoint.uri="http://keycloak:8080/realms/nonrtric-realm/protocol/openid-connect/certs" oauth.username.claim="preferred_username" oauth.config.id="SASL-9097";
  42 listener.name.sasl-9097.sasl.enabled.mechanisms=OAUTHBEARER,PLAIN
  43 listener.name.sasl-9097.connections.max.reauth.ms=300000
  44
  45
  46 principal.builder.class=io.strimzi.kafka.oauth.server.OAuthKafkaPrincipalBuilder
  47
  48 ##########
  49 # Common listener configuration
  50 ##########
  51 listener.security.protocol.map=PLAIN-9092:PLAINTEXT,SASL-9097:SASL_PLAINTEXT
  52 listeners=PLAIN-9092://:9092,SASL-9097://:9097
  53 advertised.listeners=PLAIN-9092://kafka-1:9092,SASL-9097://kafka-1:9097
  54 inter.broker.listener.name=PLAIN-9092
  55 sasl.enabled.mechanisms=
  56
  57 ##########
  58 # Authorization
  59 ##########
  60 authorizer.class.name=org.openpolicyagent.kafka.OpaAuthorizer
  61 opa.authorizer.url=http://opa-kafka:8181/v1/data/kafka/authz/allow
  62 opa.authorizer.allow.on.error=false
  63 opa.authorizer.metrics.enabled=false
  64 opa.authorizer.cache.initial.capacity=5000
  65 opa.authorizer.cache.maximum.size=50000
  66 opa.authorizer.cache.expire.after.seconds=3600
  67
  68 ##########
  69 # User provided configuration
  70 ##########
  71 default.replication.factor=1
  72 inter.broker.protocol.version=3.3
  73 min.insync.replicas=1
  74 offsets.topic.replication.factor=1
  75 transaction.state.log.min.isr=1
  76 transaction.state.log.replication.factor=1
  77 log.message.format.version=3.3