【软件部署】用docker部署Apache Kafka 集群架构isolated模式带SSL

张

张建站

2026/4/10 7:45:04

10分钟阅读

【软件部署】用docker部署Apache Kafka 集群架构isolated模式带SSL

说明带SSL增强安全配置创建文件compose.yaml# 有SSLservices: init-kafka-perms: image: busybox:latest command:sh-cchown -R 1000:1000 /controller-1 /controller-2 /controller-3 /kafka1 /kafka2 /kafka3volumes: - controller-1:/controller-1 - controller-2:/controller-2 - controller-3:/controller-3 - kafka1-logs:/kafka1 - kafka2-logs:/kafka2 - kafka3-logs:/kafka3 restart:nocontainer_name: kafka-perms-fix networks: - kafka controller-1: image: apache/kafka:4.2.0 hostname: controller-1 container_name: kafka-controller-1 restart: unless-stopped environment: KAFKA_NODE_ID:1KAFKA_PROCESS_ROLES:controllerKAFKA_CONTROLLER_QUORUM_VOTERS:1controller-1:29092,2controller-2:29092,3controller-3:29092KAFKA_CONTROLLER_LISTENER_NAMES:CONTROLLERKAFKA_LISTENERS:CONTROLLER://:29092CLUSTER_ID:4L6g3nShT-eMCtK--X86swKAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR:3KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS:0KAFKA_TRANSACTION_STATE_LOG_MIN_ISR:2KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR:3KAFKA_SHARE_COORDINATOR_STATE_TOPIC_REPLICATION_FACTOR:3KAFKA_SHARE_COORDINATOR_STATE_TOPIC_MIN_ISR:2KAFKA_LOG_DIRS:/tmp/kraft-combined-logsdepends_on: init-kafka-perms: condition: service_completed_successfully networks: - kafka volumes: - controller-1:/tmp/kraft-combined-logs healthcheck: test:nc-zlocalhost29092||exit1interval: 30s timeout: 5s retries:3start_period: 10s controller-2: image: apache/kafka:4.2.0 hostname: controller-2 container_name: kafka-controller-2 restart: unless-stopped environment: KAFKA_NODE_ID:2KAFKA_PROCESS_ROLES:controllerKAFKA_CONTROLLER_QUORUM_VOTERS:1controller-1:29092,2controller-2:29092,3controller-3:29092KAFKA_CONTROLLER_LISTENER_NAMES:CONTROLLERKAFKA_LISTENERS:CONTROLLER://:29092CLUSTER_ID:4L6g3nShT-eMCtK--X86swKAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR:3KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS:0KAFKA_TRANSACTION_STATE_LOG_MIN_ISR:2KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR:3KAFKA_SHARE_COORDINATOR_STATE_TOPIC_REPLICATION_FACTOR:3KAFKA_SHARE_COORDINATOR_STATE_TOPIC_MIN_ISR:2KAFKA_LOG_DIRS:/tmp/kraft-combined-logsdepends_on: init-kafka-perms: condition: service_completed_successfully networks: - kafka volumes: - controller-2:/tmp/kraft-combined-logs healthcheck: test:nc-zlocalhost29092||exit1interval: 30s timeout: 5s retries:3start_period: 10s controller-3: image: apache/kafka:4.2.0 hostname: controller-3 container_name: kafka-controller-3 restart: unless-stopped environment: KAFKA_NODE_ID:3KAFKA_PROCESS_ROLES:controllerKAFKA_CONTROLLER_QUORUM_VOTERS:1controller-1:29092,2controller-2:29092,3controller-3:29092KAFKA_CONTROLLER_LISTENER_NAMES:CONTROLLERKAFKA_LISTENERS:CONTROLLER://:29092CLUSTER_ID:4L6g3nShT-eMCtK--X86swKAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR:3KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS:0KAFKA_TRANSACTION_STATE_LOG_MIN_ISR:2KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR:3KAFKA_SHARE_COORDINATOR_STATE_TOPIC_REPLICATION_FACTOR:3KAFKA_SHARE_COORDINATOR_STATE_TOPIC_MIN_ISR:2KAFKA_LOG_DIRS:/tmp/kraft-combined-logsdepends_on: init-kafka-perms: condition: service_completed_successfully networks: - kafka volumes: - controller-3:/tmp/kraft-combined-logs healthcheck: test:nc-zlocalhost29092||exit1interval: 30s timeout: 5s retries:3start_period: 10s kafka-1: image: apache/kafka:4.2.0 hostname: kafka-1 container_name: kafka-1 ports: -29093:9093 volumes: - ./secrets:/etc/kafka/secrets - kafka1-logs:/tmp/kraft-combined-logs environment: KAFKA_NODE_ID:4KAFKA_PROCESS_ROLES:brokerKAFKA_LISTENER_SECURITY_PROTOCOL_MAP:SSL:SSL,CONTROLLER:PLAINTEXT,SSL-INTERNAL:SSLKAFKA_LISTENERS:SSL-INTERNAL://:19093,SSL://:9093KAFKA_CONTROLLER_QUORUM_VOTERS:1controller-1:29092,2controller-2:29092,3controller-3:29092KAFKA_INTER_BROKER_LISTENER_NAME:SSL-INTERNALKAFKA_SECURITY_PROTOCOL: SSL KAFKA_ADVERTISED_LISTENERS: SSL-INTERNAL://kafka-1:19093,SSL://localhost:29093 KAFKA_CONTROLLER_LISTENER_NAMES:CONTROLLERCLUSTER_ID:4L6g3nShT-eMCtK--X86swKAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR:3KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS:0KAFKA_TRANSACTION_STATE_LOG_MIN_ISR:2KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR:3KAFKA_SHARE_COORDINATOR_STATE_TOPIC_REPLICATION_FACTOR:3KAFKA_SHARE_COORDINATOR_STATE_TOPIC_MIN_ISR:2KAFKA_LOG_DIRS:/tmp/kraft-combined-logsKAFKA_SSL_KEYSTORE_FILENAME:kafka01.keystore.jksKAFKA_SSL_KEYSTORE_CREDENTIALS:kafka_keystore_credsKAFKA_SSL_KEY_CREDENTIALS:kafka_ssl_key_credsKAFKA_SSL_TRUSTSTORE_FILENAME:kafka.truststore.jksKAFKA_SSL_TRUSTSTORE_CREDENTIALS:kafka_truststore_credsKAFKA_SSL_CLIENT_AUTH:requiredKAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM:depends_on: controller-1:{condition: service_healthy}controller-2:{condition: service_healthy}controller-3:{condition: service_healthy}restart: unless-stopped networks: - kafka healthcheck: test:nc-zlocalhost9093||exit1interval: 60s timeout: 5s retries:2start_period: 30s kafka-2: image: apache/kafka:4.2.0 hostname: kafka-2 container_name: kafka-2 ports: -39093:9093 volumes: - ./secrets:/etc/kafka/secrets - kafka2-logs:/tmp/kraft-combined-logs environment: KAFKA_NODE_ID:5KAFKA_PROCESS_ROLES:brokerKAFKA_LISTENER_SECURITY_PROTOCOL_MAP:SSL:SSL,CONTROLLER:PLAINTEXT,SSL-INTERNAL:SSLKAFKA_CONTROLLER_QUORUM_VOTERS:1controller-1:29092,2controller-2:29092,3controller-3:29092KAFKA_LISTENERS:SSL-INTERNAL://:19093,SSL://:9093KAFKA_INTER_BROKER_LISTENER_NAME:SSL-INTERNALKAFKA_SECURITY_PROTOCOL: SSL KAFKA_ADVERTISED_LISTENERS: SSL-INTERNAL://kafka-2:19093,SSL://localhost:39093 KAFKA_CONTROLLER_LISTENER_NAMES:CONTROLLERCLUSTER_ID:4L6g3nShT-eMCtK--X86swKAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR:3KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS:0KAFKA_TRANSACTION_STATE_LOG_MIN_ISR:2KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR:3KAFKA_SHARE_COORDINATOR_STATE_TOPIC_REPLICATION_FACTOR:3KAFKA_SHARE_COORDINATOR_STATE_TOPIC_MIN_ISR:2KAFKA_LOG_DIRS:/tmp/kraft-combined-logsKAFKA_SSL_KEYSTORE_FILENAME:kafka01.keystore.jksKAFKA_SSL_KEYSTORE_CREDENTIALS:kafka_keystore_credsKAFKA_SSL_KEY_CREDENTIALS:kafka_ssl_key_credsKAFKA_SSL_TRUSTSTORE_FILENAME:kafka.truststore.jksKAFKA_SSL_TRUSTSTORE_CREDENTIALS:kafka_truststore_credsKAFKA_SSL_CLIENT_AUTH:requiredKAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM:depends_on: controller-1:{condition: service_healthy}controller-2:{condition: service_healthy}controller-3:{condition: service_healthy}restart: unless-stopped networks: - kafka healthcheck: test:nc-zlocalhost9093||exit1interval: 60s timeout: 5s retries:2start_period: 30s kafka-3: image: apache/kafka:4.2.0 hostname: kafka-3 container_name: kafka-3 ports: -49093:9093 volumes: - ./secrets:/etc/kafka/secrets - kafka3-logs:/tmp/kraft-combined-logs environment: KAFKA_NODE_ID:6KAFKA_PROCESS_ROLES:brokerKAFKA_LISTENER_SECURITY_PROTOCOL_MAP:SSL:SSL,CONTROLLER:PLAINTEXT,SSL-INTERNAL:SSLKAFKA_CONTROLLER_QUORUM_VOTERS:1controller-1:29092,2controller-2:29092,3controller-3:29092KAFKA_LISTENERS:SSL-INTERNAL://:19093,SSL://:9093KAFKA_INTER_BROKER_LISTENER_NAME:SSL-INTERNALKAFKA_SECURITY_PROTOCOL: SSL KAFKA_ADVERTISED_LISTENERS: SSL-INTERNAL://kafka-3:19093,SSL://localhost:49093 KAFKA_CONTROLLER_LISTENER_NAMES:CONTROLLERCLUSTER_ID:4L6g3nShT-eMCtK--X86swKAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR:3KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS:0KAFKA_TRANSACTION_STATE_LOG_MIN_ISR:2KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR:3KAFKA_SHARE_COORDINATOR_STATE_TOPIC_REPLICATION_FACTOR:3KAFKA_SHARE_COORDINATOR_STATE_TOPIC_MIN_ISR:2KAFKA_LOG_DIRS:/tmp/kraft-combined-logsKAFKA_SSL_KEYSTORE_FILENAME:kafka01.keystore.jksKAFKA_SSL_KEYSTORE_CREDENTIALS:kafka_keystore_credsKAFKA_SSL_KEY_CREDENTIALS:kafka_ssl_key_credsKAFKA_SSL_TRUSTSTORE_FILENAME:kafka.truststore.jksKAFKA_SSL_TRUSTSTORE_CREDENTIALS:kafka_truststore_credsKAFKA_SSL_CLIENT_AUTH:requiredKAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM:depends_on: controller-1:{condition: service_healthy}controller-2:{condition: service_healthy}controller-3:{condition: service_healthy}restart: unless-stopped networks: - kafka healthcheck: test:nc-zlocalhost9093||exit1interval: 60s timeout: 5s retries:2start_period: 30s volumes: controller-1: name: kafka-controller-1 controller-2: name: kafka-controller-2 controller-3: name: kafka-controller-3 kafka1-logs: name: kafka1-logs kafka2-logs: name: kafka2-logs kafka3-logs: name: kafka3-logs networks: kafka: name: kafka创建目录secrets自己生成文件或下载SSL模板文件https://github.com/apache/kafka/tree/trunk/docker/examples/fixtures/secrets部署dockercompose up-d测试确认容器健康功能测试待更新。

不用装软件！这款MicroPython浏览器 IDE :让你在手机上也能调试树莓派 Pico脑

1、普通的insert into 如果（主键/唯一建）存在，则会报错新需求：就算冲突也不报错，用其他处理逻辑回到顶部 2、基本语法（INSERT INTO ... ON CONFLICT (...) DO (UPDATE SET ...)/(NOTHING)） 语…...

2026/4/10 7:40:21 阅读更多 →

Phi-4-Reasoning-Vision免配置环境：NVIDIA Container Toolkit一键集成

Phi-4-Reasoning-Vision免配置环境：NVIDIA Container Toolkit一键集成 1. 项目概述 Phi-4-Reasoning-Vision是基于微软Phi-4-reasoning-vision-15B多模态大模型开发的高性能推理工具，专为双卡NVIDIA RTX 4090环境优化。该工具通过NVIDIA Container Too…...

2026/4/10 7:40:12 阅读更多 →

Qwen3-VL-8B开源镜像实操手册：从零部署高性能AI对话系统（含vLLM优化）

Qwen3-VL-8B开源镜像实操手册：从零部署高性能AI对话系统（含vLLM优化） 1. 项目概述与核心价值 Qwen3-VL-8B是一个基于通义千问大语言模型的完整AI聊天系统，专为需要高性能视觉语言对话能力的开发者设计。这个开源镜像提供了从模型…...

2026/4/10 7:38:21 阅读更多 →

ESP32硬件PWM控制库PWMOutESP32实战指南

1. PWMOutESP32 库深度解析：面向嵌入式工程师的 ESP32 PWM 控制实践指南 1.1 库定位与工程价值 PWMOutESP32 是一个专为 ESP32 系列微控制器设计的轻量级 PWM 输出控制库，其核心目标是提供 Arduino 风格的 pwm.analogWrite(pin, value) 接口&#xff…...

2026/4/10 2:36:05 阅读更多 →

AVR长周期看门狗库：突破8秒限制实现毫秒级精准复位与睡眠唤醒

1. LongerWatchDog 库概述：突破AVR看门狗定时器的固有约束在嵌入式系统开发中，看门狗定时器（Watchdog Timer, WDT）是保障系统可靠性的关键机制。传统Arduino平台（尤其是基于ATmega328P、ATmega2560等AVR架构的板卡&…...

2026/4/9 14:50:52 阅读更多 →

LeetCode 92. Reverse Linked List II 题解

LeetCode 92. Reverse Linked List II 题解题目描述给你单链表的头指针 head 和两个整数 left 和 right ，其中 left < right 。请你反转从位置 left 到位置 right 的链表节点，返回反转后的链表。示例 1： 输入：head [1,2,…...

2026/4/9 8:37:26 阅读更多 →