简要记录如何基于docker搭建Kafka服务器以及添加集成了LDAPkafka-ui实现图形化界面的授权访问。

kafka安装

基于docker-compose的方式安装,脚本如下

version: "3"
services:
  zookeeper:
    restart: always
    image: docker.io/bitnami/zookeeper:3.8
    #network_mode: "bridge"
    container_name: zookeeper_test
    ports:
      - "2181:2181"
    volumes:
      - $PWD/zk_data:/bitnami/zookeeper #持久化数据
    environment:
      - TZ=Asia/Shanghai
      - ALLOW_ANONYMOUS_LOGIN=yes
  kafka:
    restart: always
    image: docker.io/bitnami/kafka:3.4.1
    #network_mode: "bridge"
    container_name: kafka_test
    ports:
      - "9004:9004"
    volumes:
      - $PWD/kafka_data:/bitnami/kafka #持久化数据
    environment: 
      - TZ=Asia/Shanghai - KAFKA_BROKER_ID=1 
      - KAFKA_CFG_LISTENERS=PLAINTEXT://:9004
      - KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://10.10.2.98:9004 #替换成你自己的IP
      - KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181 
      - ALLOW_PLAINTEXT_LISTENER=yes 
    depends_on: 
      - zookeeper

kafka-ui的安装

参考kafka-ui的说明,基于docker-compose的方式安装,脚本如下

version: "3"
services:
  kafka-ui:
    restart: always
    image: provectuslabs/kafka-ui:latest
    container_name: kafka-ui
    restart: always
    ports:
      - 9001:8080
    environment:
      - KAFKA_CLUSTERS_0_NAME=kafka-test
      - KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS=10.10.2.98:9004
      - KAFKA_CLUSTERS_0_ZOOKEEPER=10.10.2.98:2181

之后可通过http://SERVER_IP:9001访问,界面类似如下,

Kafka UI没有添加认证

此时同网络下的任何人都能访问,也能通过UI界面对其进行相关修改操作,缺乏权限控制。

添加登录

普通登录

普通登录方式的配置脚本如下,此时其账户信息以硬编码的形式存在

version: "3"
services:
  kafka-ui:
    restart: always
    image: provectuslabs/kafka-ui:latest
    container_name: kafka-ui
    restart: always
    ports:
      - 9001:8080
    environment:
      - KAFKA_CLUSTERS_0_NAME=kafka-test
      - KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS=10.10.2.98:9004
      - KAFKA_CLUSTERS_0_ZOOKEEPER=10.10.2.98:2181
      - AUTH_TYPE="LOGIN_FORM"
      - SPRING_SECURITY_USER_NAME=admin
      - SPRING_SECURITY_USER_sPASSWORD=123456

对应的登录界面如下:

Kafka UI登录认证

LDAP登录

LDAP登录方式的配置脚本如下,其登录界面与前述一样

version: "3"
services:
  kafka-ui:
    restart: always
    image: provectuslabs/kafka-ui:latest
    container_name: kafka-ui
    restart: always
    ports:
      - 9001:8080
    environment:
      - KAFKA_CLUSTERS_0_NAME=kafka-test
      - KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS=10.10.2.98:9004
      - KAFKA_CLUSTERS_0_ZOOKEEPER=10.10.2.98:2181
      - AUTH_TYPE="LDAP"
      - SPRING_LDAP_URLS="ldap://xxx.xxx.xxx.xxx:389"
      - SPRING_LDAP_BASE="cn={0},ou=xxx,dc=xxx,dc=com"
      - SPRING_LDAP_ADMIN_USER="cn=xxx,dc=xxx,dc=com"
      - SPRING_LDAP_ADMIN_PASSWORD="xxx"
      - SPRING_LDAP_USER_FILTER_SEARCH_BASE="dc=xxx,dc=com"
      - SPRING_LDAP_USER_FILTER_SEARCH_FILTER="(&(uid={0})(objectClass=inetOrgPerson))"

问题

  1. 缺少退出登录功能
  2. 缺少中文汉化界面

参考文档:

  1. https://www.cnblogs.com/tonglin0325/p/5528560.html
  2. https://github.com/provectus/kafka-ui/issues/1466