# ============LICENSE_START=============================================== # Copyright (C) 2023 Nordix Foundation. All rights reserved. # ======================================================================== # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END================================================= # ########## # Broker ID ########## broker.id=0 node.id=0 ########## # Zookeeper ########## zookeeper.connect=zookeeper-1:2181 zookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty ########## # Kafka message logs configuration ########## log.dirs=/tmp/logs ########## # Listener configuration: SASL-9097 ########## listener.name.sasl-9097.oauthbearer.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler listener.name.sasl-9097.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredLoginStringClaim_sub="thePrincipalName" oauth.valid.issuer.uri="https://keycloak:8443/realms/nonrtric-realm" oauth.jwks.endpoint.uri="http://keycloak:8080/realms/nonrtric-realm/protocol/openid-connect/certs" oauth.username.claim="preferred_username" oauth.config.id="SASL-9097"; listener.name.sasl-9097.plain.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.plain.JaasServerOauthOverPlainValidatorCallbackHandler listener.name.sasl-9097.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required oauth.valid.issuer.uri="https://keycloak:8443/realms/nonrtric-realm" oauth.jwks.endpoint.uri="http://keycloak:8080/realms/nonrtric-realm/protocol/openid-connect/certs" oauth.username.claim="preferred_username" oauth.config.id="SASL-9097"; listener.name.sasl-9097.sasl.enabled.mechanisms=OAUTHBEARER,PLAIN listener.name.sasl-9097.connections.max.reauth.ms=300000 principal.builder.class=io.strimzi.kafka.oauth.server.OAuthKafkaPrincipalBuilder ########## # Common listener configuration ########## listener.security.protocol.map=PLAIN-9092:PLAINTEXT,SASL-9097:SASL_PLAINTEXT listeners=PLAIN-9092://:9092,SASL-9097://:9097 advertised.listeners=PLAIN-9092://kafka-1:9092,SASL-9097://kafka-1:9097 inter.broker.listener.name=PLAIN-9092 sasl.enabled.mechanisms= ########## # Authorization ########## authorizer.class.name=org.openpolicyagent.kafka.OpaAuthorizer opa.authorizer.url=http://opa-kafka:8181/v1/data/kafka/authz/allow opa.authorizer.allow.on.error=false opa.authorizer.metrics.enabled=false opa.authorizer.cache.initial.capacity=5000 opa.authorizer.cache.maximum.size=50000 opa.authorizer.cache.expire.after.seconds=3600 ########## # User provided configuration ########## default.replication.factor=1 inter.broker.protocol.version=3.3 min.insync.replicas=1 offsets.topic.replication.factor=1 transaction.state.log.min.isr=1 transaction.state.log.replication.factor=1 log.message.format.version=3.3