# Автор: Сергей Антропов, сайт: https://devops.org.ru # Назначение: Инфраструктура для SensusAgent и SensusWorker # Включает: Kafka, KafkaUI, PostgreSQL, ClickHouse (2 реплики) version: "3.9" services: # Zookeeper для Kafka zookeeper: image: confluentinc/cp-zookeeper:7.6.0 container_name: sensus-zookeeper environment: ZOOKEEPER_CLIENT_PORT: ${ZOOKEEPER_CLIENT_PORT:-2181} ZOOKEEPER_TICK_TIME: ${ZOOKEEPER_TICK_TIME:-2000} volumes: - zookeeper-data:/var/lib/zookeeper/data - zookeeper-logs:/var/lib/zookeeper/log networks: - sensus-network restart: unless-stopped healthcheck: test: ["CMD", "bash", "-c", "echo 'ruok' | nc localhost 2181"] interval: 30s timeout: 10s retries: 3 # Kafka брокер kafka: image: confluentinc/cp-kafka:7.6.0 container_name: sensus-kafka depends_on: zookeeper: condition: service_healthy environment: KAFKA_BROKER_ID: 1 KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT,SSL:SSL KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:29092,PLAINTEXT_HOST://0.0.0.0:9092,SSL://0.0.0.0:9093 KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:29092,PLAINTEXT_HOST://10.99.0.90:9092,SSL://10.99.0.90:9093 KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1 KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1 KAFKA_AUTO_CREATE_TOPICS_ENABLE: ${KAFKA_AUTO_CREATE_TOPICS_ENABLE:-true} KAFKA_NUM_PARTITIONS: ${KAFKA_NUM_PARTITIONS:-3} KAFKA_DEFAULT_REPLICATION_FACTOR: ${KAFKA_DEFAULT_REPLICATION_FACTOR:-1} KAFKA_LOG_RETENTION_HOURS: ${KAFKA_LOG_RETENTION_HOURS:-168} KAFKA_LOG_SEGMENT_BYTES: ${KAFKA_LOG_SEGMENT_BYTES:-1073741824} KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: ${KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS:-300000} # SSL настройки KAFKA_SSL_KEYSTORE_LOCATION: /var/ssl/private/kafka.server.keystore.jks KAFKA_SSL_KEYSTORE_PASSWORD: ${KAFKA_SSL_KEYSTORE_PASSWORD:-kafka123} KAFKA_SSL_KEY_PASSWORD: ${KAFKA_SSL_KEY_PASSWORD:-kafka123} KAFKA_SSL_TRUSTSTORE_LOCATION: /var/ssl/private/kafka.server.truststore.jks KAFKA_SSL_TRUSTSTORE_PASSWORD: ${KAFKA_SSL_TRUSTSTORE_PASSWORD:-kafka123} KAFKA_SSL_CLIENT_AUTH: ${KAFKA_SSL_CLIENT_AUTH:-none} KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: ${KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM:-https} volumes: - kafka-data:/var/lib/kafka/data - ./kafka-ssl:/var/ssl/private:ro ports: - "${KAFKA_EXTERNAL_PORT:-9092}:9092" - "${KAFKA_SSL_PORT:-9093}:9093" networks: - sensus-network restart: unless-stopped healthcheck: test: ["CMD", "kafka-broker-api-versions", "--bootstrap-server", "localhost:9092"] interval: 30s timeout: 10s retries: 3 # Kafka UI для мониторинга kafka-ui: image: provectuslabs/kafka-ui:latest container_name: sensus-kafka-ui depends_on: kafka: condition: service_healthy environment: KAFKA_CLUSTERS_0_NAME: ${KAFKA_CLUSTERS_0_NAME:-sensus-cluster} KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: ${KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS:-kafka:29092} KAFKA_CLUSTERS_0_ZOOKEEPER: ${KAFKA_CLUSTERS_0_ZOOKEEPER:-zookeeper:2181} KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL: ${KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL:-PLAINTEXT} KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION: ${KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION:-/var/ssl/private/kafka.server.truststore.jks} KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_PASSWORD: ${KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_PASSWORD:-kafka123} DYNAMIC_CONFIG_ENABLED: ${DYNAMIC_CONFIG_ENABLED:-true} # Авторизация Kafka UI AUTH_TYPE: ${KAFKA_UI_AUTH_TYPE:-LOGIN_FORM} SPRING_SECURITY_USER_NAME: ${KAFKA_UI_USERNAME:-admin} SPRING_SECURITY_USER_PASSWORD: ${KAFKA_UI_PASSWORD:-admin} SPRING_SECURITY_USER_ROLES: ${KAFKA_UI_USER_ROLES:-ADMIN} volumes: - ./kafka-ssl:/var/ssl/private:ro ports: - "${KAFKA_UI_PORT:-8080}:8080" networks: - sensus-network restart: unless-stopped # PostgreSQL для хранения метаданных и конфигураций postgres: image: postgres:16-alpine container_name: sensus-postgres environment: POSTGRES_DB: ${POSTGRES_DB:-sensus} POSTGRES_USER: ${POSTGRES_USER:-sensus} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} POSTGRES_INITDB_ARGS: ${POSTGRES_INITDB_ARGS:---encoding=UTF-8 --lc-collate=C --lc-ctype=C} # SSL настройки PostgreSQL POSTGRES_SSL_MODE: ${POSTGRES_SSL_MODE:-require} POSTGRES_SSL_CERT_FILE: ${POSTGRES_SSL_CERT_FILE:-/var/lib/postgresql/ssl/server.crt} POSTGRES_SSL_KEY_FILE: ${POSTGRES_SSL_KEY_FILE:-/var/lib/postgresql/ssl/server.key} POSTGRES_SSL_CA_FILE: ${POSTGRES_SSL_CA_FILE:-/var/lib/postgresql/ssl/ca.crt} volumes: - postgres-data:/var/lib/postgresql/data - ./init-scripts:/docker-entrypoint-initdb.d:ro - ./postgres-ssl:/var/lib/postgresql/ssl:ro ports: - "${POSTGRES_PORT:-5432}:5432" networks: - sensus-network restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-sensus} -d ${POSTGRES_DB:-sensus}"] interval: 30s timeout: 10s retries: 3 # ClickHouse - первая реплика clickhouse-1: image: clickhouse/clickhouse-server:24.8-alpine container_name: sensus-clickhouse-1 environment: CLICKHOUSE_DB: ${CLICKHOUSE_DB:-sensus_metrics} CLICKHOUSE_USER: ${CLICKHOUSE_USER:-sensus} CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD} CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT: ${CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT:-1} CLICKHOUSE_SECURE: ${CLICKHOUSE_SECURE:-true} volumes: - clickhouse-1-data:/var/lib/clickhouse - ./clickhouse-config:/etc/clickhouse-server/config.d:ro - ./clickhouse-users:/etc/clickhouse-server/users.d:ro ports: - "${CLICKHOUSE_1_PORT:-8123}:8123" - "${CLICKHOUSE_1_HTTP_PORT:-9000}:9000" networks: - sensus-network restart: unless-stopped healthcheck: test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8123/ping"] interval: 30s timeout: 10s retries: 3 # ClickHouse - вторая реплика clickhouse-2: image: clickhouse/clickhouse-server:24.8-alpine container_name: sensus-clickhouse-2 environment: CLICKHOUSE_DB: ${CLICKHOUSE_DB:-sensus_metrics} CLICKHOUSE_USER: ${CLICKHOUSE_USER:-sensus} CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD} CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT: ${CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT:-1} CLICKHOUSE_SECURE: ${CLICKHOUSE_SECURE:-true} volumes: - clickhouse-2-data:/var/lib/clickhouse - ./clickhouse-config:/etc/clickhouse-server/config.d:ro - ./clickhouse-users:/etc/clickhouse-server/users.d:ro ports: - "${CLICKHOUSE_2_PORT:-8124}:8123" - "${CLICKHOUSE_2_HTTP_PORT:-9001}:9000" networks: - sensus-network restart: unless-stopped healthcheck: test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8123/ping"] interval: 30s timeout: 10s retries: 3 # Nginx балансировщик нагрузки для ClickHouse clickhouse-lb: image: nginx:1.25-alpine container_name: sensus-clickhouse-lb depends_on: clickhouse-1: condition: service_healthy clickhouse-2: condition: service_healthy volumes: - ./nginx/clickhouse-lb.conf:/etc/nginx/nginx.conf:ro ports: - "${CLICKHOUSE_LB_HTTP_PORT:-8125}:80" - "${CLICKHOUSE_LB_TCP_PORT:-9002}:9000" networks: - sensus-network restart: unless-stopped healthcheck: test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:80/health"] interval: 30s timeout: 10s retries: 3 # SensusAgent sensus-agent: build: context: ../SensusAgent dockerfile: Dockerfile image: sensus/agent:latest container_name: sensus-agent depends_on: kafka: condition: service_healthy environment: CONFIG_PATH: /bin/agent/config.yaml LOG_LEVEL: ${AGENT_LOG_LEVEL:-info} KAFKA_BROKERS: kafka:29092 KAFKA_TOPIC: ${KAFKA_TOPIC:-sensus.metrics} # SSL настройки для Kafka KAFKA_SSL_ENABLED: ${KAFKA_SSL_ENABLED:-false} KAFKA_SSL_KEYSTORE_PASSWORD: ${KAFKA_SSL_KEYSTORE_PASSWORD:-kafka123} KAFKA_SSL_KEY_PASSWORD: ${KAFKA_SSL_KEY_PASSWORD:-kafka123} KAFKA_SSL_TRUSTSTORE_PASSWORD: ${KAFKA_SSL_TRUSTSTORE_PASSWORD:-kafka123} KAFKA_SSL_CLIENT_AUTH: ${KAFKA_SSL_CLIENT_AUTH:-none} KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: ${KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM:-https} volumes: - ../SensusAgent/bin/agent:/bin/agent:ro - ./kafka-ssl:/var/ssl/private:ro networks: - sensus-network restart: unless-stopped profiles: - agent # SensusWorker sensus-worker: build: context: ../SensusWorker dockerfile: Dockerfile image: sensus/worker:latest container_name: sensus-worker depends_on: kafka: condition: service_healthy postgres: condition: service_healthy clickhouse-1: condition: service_healthy environment: LOG_LEVEL: ${WORKER_LOG_LEVEL:-info} KAFKA_BROKERS: kafka:29092 KAFKA_TOPIC: ${KAFKA_TOPIC:-sensus.metrics} KAFKA_GROUP_ID: ${KAFKA_GROUP_ID:-sensus-worker} KAFKA_CLIENT_ID: ${KAFKA_CLIENT_ID:-sensus-worker} POSTGRES_DSN: postgres://${POSTGRES_USER:-sensus}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB:-sensus}?sslmode=disable CLICKHOUSE_DSN: http://${CLICKHOUSE_USER:-sensus}:${CLICKHOUSE_PASSWORD}@clickhouse-1:8123/${CLICKHOUSE_DB:-sensus_metrics} networks: - sensus-network restart: unless-stopped profiles: - worker volumes: zookeeper-data: driver: local zookeeper-logs: driver: local kafka-data: driver: local postgres-data: driver: local clickhouse-1-data: driver: local clickhouse-2-data: driver: local networks: sensus-network: name: sensus-network driver: bridge ipam: config: - subnet: 172.20.0.0/16