[
https://issues.apache.org/jira/browse/KAFKA-16708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17847767#comment-17847767
]
Chris Bono commented on KAFKA-16708:
------------------------------------
Hi [~vedarth]
{quote}Thanks a lot for raising the ticket and sharing WIP commit as well. I am
really happy to see your interest in improving the apache kafka docker image.
{quote}
You are more than welcome.
{quote}I am interested in understanding the benefit of having dynamic port.
One clear benefit is that static mapping isn't needed. But are there other
benefits?
{quote}
We have a large set of smoke tests that each use docker-compose and when using
static port mappings we get port collisions from time to time. Using dynamic
port mappings alleviates this issue.
{quote}
Given that docker in docker has security concerns, I think it's important to
make this exclusive for testing purposes. Since apache/kafka docker image is
meant for production usage, I think it might be better to consider adding this
to just KIP-974 apache/kafka-native image (to be released in 3.8.0) as it's
meant for testing purposes and local usage. This will also remove the risk of
users enabling this by accident in production.
{quote}
Nice! I was unaware of KIP-974; this "kafka-native" (non-production use) image
does sound like an excellent delivery vehicle w/o the risks of running this in
PROD.
> Allow dynamic port for advertised listeners in Docker image
> -----------------------------------------------------------
>
> Key: KAFKA-16708
> URL: https://issues.apache.org/jira/browse/KAFKA-16708
> Project: Kafka
> Issue Type: Improvement
> Reporter: Chris Bono
> Priority: Major
>
> First of all, thank you all for adding the official Kafka Docker image (I
> know it is a big responsibility and adds to the team workload).
> I am migrating from {{wurstmeister/kafka}} to the official {{apache/kafka}}
> image.
> My advertised port is not static and was relying on [the PORT_COMMAND
> feature|https://github.com/wurstmeister/kafka-docker/commit/c66375fc3b94e98dbecd603c5d2b44c06e927e88]
> in the {{wurstmeister/kafka}} image to determine the port programatically.
> This would let me define a docker-compose as follows:
> {code:java}
> services:
> kafka:
> image: apache/kafka:latest
> hostname: kafka
> ports:
> - "9092"
> volumes:
> - '/var/run/docker.sock.raw:/var/run/docker.sock'
> environment:
> KAFKA_NODE_ID: 1
> KAFKA_LISTENER_SECURITY_PROTOCOL_MAP:
> 'CONTROLLER:PLAINTEXT,PLAINTEXT_DOCKER:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT'
> KAFKA_LISTENERS:
> 'CONTROLLER://kafka:29093,PLAINTEXT_DOCKER://kafka:29092,PLAINTEXT_HOST://0.0.0.0:9092'
> KAFKA_ADVERTISED_LISTENERS:
> 'PLAINTEXT_DOCKER://kafka:29092,PLAINTEXT_HOST://localhost:_{PORT_COMMAND}'
> KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
> KAFKA_PROCESS_ROLES: 'broker,controller'
> KAFKA_CONTROLLER_QUORUM_VOTERS: '1@kafka:29093'
> KAFKA_INTER_BROKER_LISTENER_NAME: 'PLAINTEXT_DOCKER'
> KAFKA_CONTROLLER_LISTENER_NAMES: 'CONTROLLER'
> PORT_COMMAND: "docker ps | egrep 'kafka' | cut -d: -f 3 | cut -d- -f
> 1"{code}
> Notice how the "ports" are dynamically mapped (i.e. not *"port:port"* syntax)
> - the actual port will *not* be "9092".
> Do you have a suggestion for an alternative approach on how to obtain a
> non-static port for advertised listeners? If not, would adding conditional
> support for this feature be welcomed?
> I am aware of the complication/concern of this request as it is Docker in
> Docker for non-root users (described
> [here|https://jonfriesen.ca/articles/docker-in-docker-non-root-user/]) and as
> such we could make it inactive by default and users would have to opt-in
> explicitly.
> I have created a [rough
> WIP|https://github.com/onobc/kafka/commit/6556c4adbf08155b89c9804c2c5d1a988f8371f2]
> that illustrates the concept (there is no conditionality in it currently).
> Note that the container is not run as {*}root{*}, but rather the *appuser* is
> added to whatever group that own the docker.sock (which on my machine is
> root).
>
> P.S.
> * This is my first time filing an issue w/ Kafka so if I missed anything
> please let me know and I am glad to add whatever other info, etc..
> * I am not sure what "Component" this should be under (the other Kafka
> Docker related issues had differing values here)
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
