datahub/docker/kafka-setup/Dockerfile

# Defining custom repo urls for use in enterprise environments
ARG ALPINE_REPO_URL=http://dl-cdn.alpinelinux.org/alpine
ARG GITHUB_REPO_URL=https://github.com
ARG MAVEN_CENTRAL_REPO_URL=https://repo1.maven.org/maven2
ARG APACHE_DOWNLOAD_URL=null

# Base stage with common dependencies
FROM alpine:3.22 AS base

# Re-declaring args from above
ARG ALPINE_REPO_URL
ARG GITHUB_REPO_URL
ARG MAVEN_CENTRAL_REPO_URL
ARG APACHE_DOWNLOAD_URL

# Kafka specific args
ARG KAFKA_VERSION=4.0.0
ARG SCALA_VERSION=2.13
ARG CONFLUENT_VERSION=8.0.0

# Environment variables
ENV KAFKA_VERSION=${KAFKA_VERSION}
ENV SCALA_VERSION=${SCALA_VERSION}
ENV KAFKA_WORKDIR=/opt/kafka

LABEL name="kafka" version=${KAFKA_VERSION}

# Optionally set corporate mirror for apk
RUN if [ "${ALPINE_REPO_URL}" != "http://dl-cdn.alpinelinux.org/alpine" ] ; then \
    sed -i "s#http.*://dl-cdn.alpinelinux.org/alpine#${ALPINE_REPO_URL}#g" /etc/apk/repositories ; fi

# Upgrade Alpine and install base packages
RUN apk --no-cache --update-cache --available upgrade \
    && apk --no-cache add 'c-ares>1.34.5' --repository=${ALPINE_REPO_URL}/edge/main \
    && apk --no-cache add \
        bash \
        coreutils \
        curl \
        ca-certificates \
        jq \
        python3 \
        py3-pip \
        wget \
        zip \
        gcompat \
        sqlite \
        libc6-compat \
        snappy=~1.2 --repository=${ALPINE_REPO_URL}/edge/main \
    && apk --no-cache add openjdk17-jre-headless --repository=${ALPINE_REPO_URL}/edge/community

# Create directories
RUN mkdir -p /opt/kafka /usr/share/java/cp-base-new \
    && cp /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts /tmp/kafka.client.truststore.jks

# Download and install Kafka
RUN if [ "${APACHE_DOWNLOAD_URL}" != "null" ] ; then \
        mirror="${APACHE_DOWNLOAD_URL}/" ; \
    else \
        mirror=$(curl --stderr /dev/null https://www.apache.org/dyn/closer.cgi\?as_json\=1 | jq -r '.preferred'); \
    fi && \
    curl -sSL "${mirror}kafka/${KAFKA_VERSION}/kafka_${SCALA_VERSION}-${KAFKA_VERSION}.tgz" \
    | tar -xzf - -C /opt && \
    # Check if extraction created the expected directory
    if [ -d "/opt/kafka_${SCALA_VERSION}-${KAFKA_VERSION}" ]; then \
        # Move contents properly, not the directory itself
        cp -r /opt/kafka_${SCALA_VERSION}-${KAFKA_VERSION}/* ${KAFKA_WORKDIR}/ && \
        rm -rf /opt/kafka_${SCALA_VERSION}-${KAFKA_VERSION}; \
    fi

# Download Confluent dependencies
ARG CONFLUENT_REPO_URL=https://packages.confluent.io/maven
RUN wget -P /usr/share/java/cp-base-new \
        ${CONFLUENT_REPO_URL}/io/confluent/common-utils/${CONFLUENT_VERSION}/common-utils-${CONFLUENT_VERSION}.jar \
    && wget -P /usr/share/java/cp-base-new \
        ${CONFLUENT_REPO_URL}/io/confluent/common-config/${CONFLUENT_VERSION}/common-config-${CONFLUENT_VERSION}.jar

# Fix security vulnerabilities (after Kafka is installed so libs directory exists)
ARG COMMONS_BEAN_UTILS_VERSION="1.11.0"
ARG COMMONS_LANG3_VERSION="3.18.0"
RUN wget -P /usr/share/java/cp-base-new \
        ${MAVEN_CENTRAL_REPO_URL}/commons-beanutils/commons-beanutils/${COMMONS_BEAN_UTILS_VERSION}/commons-beanutils-${COMMONS_BEAN_UTILS_VERSION}.jar \
    && rm -f ${KAFKA_WORKDIR}/libs/commons-beanutils-*.jar \
    && cp /usr/share/java/cp-base-new/commons-beanutils-${COMMONS_BEAN_UTILS_VERSION}.jar ${KAFKA_WORKDIR}/libs/ \
    && wget -P /usr/share/java/cp-base-new \
        ${MAVEN_CENTRAL_REPO_URL}/org/apache/commons/commons-lang3/${COMMONS_LANG3_VERSION}/commons-lang3-${COMMONS_LANG3_VERSION}.jar \
    && rm -f ${KAFKA_WORKDIR}/libs/commons-lang3-*.jar \
    && cp /usr/share/java/cp-base-new/commons-lang3-${COMMONS_LANG3_VERSION}.jar ${KAFKA_WORKDIR}/libs/

# Download AWS MSK IAM Auth
ADD ${GITHUB_REPO_URL}/aws/aws-msk-iam-auth/releases/download/v2.3.2/aws-msk-iam-auth-2.3.2-all.jar /usr/share/java/cp-base-new/
ADD ${GITHUB_REPO_URL}/aws/aws-msk-iam-auth/releases/download/v2.3.2/aws-msk-iam-auth-2.3.2-all.jar ${KAFKA_WORKDIR}/libs/

# Set LD_LIBRARY_PATH for compatibility
ENV LD_LIBRARY_PATH="/lib:/lib64"

# Copy setup scripts
COPY docker/kafka-setup/kafka-setup.sh ${KAFKA_WORKDIR}/kafka-setup.sh
COPY docker/kafka-setup/kafka-config.sh ${KAFKA_WORKDIR}/kafka-config.sh
COPY docker/kafka-setup/kafka-topic-workers.sh ${KAFKA_WORKDIR}/kafka-topic-workers.sh
COPY docker/kafka-setup/kafka-ready.sh ${KAFKA_WORKDIR}/kafka-ready.sh
COPY docker/kafka-setup/env_to_properties.py ${KAFKA_WORKDIR}/env_to_properties.py

# Make scripts executable
RUN chmod +x ${KAFKA_WORKDIR}/kafka-setup.sh \
    ${KAFKA_WORKDIR}/kafka-topic-workers.sh \
    ${KAFKA_WORKDIR}/kafka-ready.sh

# Create kafka user and group
RUN addgroup -S kafka && adduser -S kafka -G kafka && chmod g-s /home/kafka

# Set ownership
RUN chown -R kafka:kafka ${KAFKA_WORKDIR} \
    && chown -R kafka:kafka /usr/share/java/cp-base-new

# Switch to kafka user
USER kafka

# Set environment variables for DataHub
ENV METADATA_AUDIT_EVENT_NAME="MetadataAuditEvent_v4"
ENV METADATA_CHANGE_EVENT_NAME="MetadataChangeEvent_v4"
ENV FAILED_METADATA_CHANGE_EVENT_NAME="FailedMetadataChangeEvent_v4"
ENV DATAHUB_USAGE_EVENT_NAME="DataHubUsageEvent_v1"
ENV METADATA_CHANGE_LOG_VERSIONED_TOPIC_NAME="MetadataChangeLog_Versioned_v1"
ENV METADATA_CHANGE_LOG_TIMESERIES_TOPIC_NAME="MetadataChangeLog_Timeseries_v1"
ENV METADATA_CHANGE_PROPOSAL_TOPIC_NAME="MetadataChangeProposal_v1"
ENV FAILED_METADATA_CHANGE_PROPOSAL_TOPIC_NAME="FailedMetadataChangeProposal_v1"
ENV PLATFORM_EVENT_TOPIC_NAME="PlatformEvent_v1"
ENV DATAHUB_UPGRADE_HISTORY_TOPIC_NAME="DataHubUpgradeHistory_v1"
ENV USE_CONFLUENT_SCHEMA_REGISTRY="TRUE"

# Set PATH
ENV PATH=/sbin:${KAFKA_WORKDIR}/bin:$PATH

# Set working directory
WORKDIR ${KAFKA_WORKDIR}

CMD ["./kafka-setup.sh"]
chore(kafka-setup): migrate from confluent image to alpine (#14317) 2025-08-04 17:27:01 -05:00			`# Defining custom repo urls for use in enterprise environments`
feat(dev): Make repositories configurable for enterprise developers (#9230) Co-authored-by: Hendrik Richert <hendrik.richert@swisscom.com> Co-authored-by: david-leifker <114954101+david-leifker@users.noreply.github.com> 2023-11-28 21:52:11 +01:00			`ARG ALPINE_REPO_URL=http://dl-cdn.alpinelinux.org/alpine`
			`ARG GITHUB_REPO_URL=https://github.com`
			`ARG MAVEN_CENTRAL_REPO_URL=https://repo1.maven.org/maven2`
			`ARG APACHE_DOWNLOAD_URL=null`

chore(kafka-setup): migrate from confluent image to alpine (#14317) 2025-08-04 17:27:01 -05:00			`# Base stage with common dependencies`
			`FROM alpine:3.22 AS base`
fix(docker): alpine based multi-platform docker build for kafka-setup (#3991) 2022-01-29 01:25:57 +01:00
chore(kafka-setup): migrate from confluent image to alpine (#14317) 2025-08-04 17:27:01 -05:00			`# Re-declaring args from above`
feat(dev): Make repositories configurable for enterprise developers (#9230) Co-authored-by: Hendrik Richert <hendrik.richert@swisscom.com> Co-authored-by: david-leifker <114954101+david-leifker@users.noreply.github.com> 2023-11-28 21:52:11 +01:00			`ARG ALPINE_REPO_URL`
			`ARG GITHUB_REPO_URL`
chore(kafka-setup): migrate from confluent image to alpine (#14317) 2025-08-04 17:27:01 -05:00			`ARG MAVEN_CENTRAL_REPO_URL`
			`ARG APACHE_DOWNLOAD_URL`
feat(dev): Make repositories configurable for enterprise developers (#9230) Co-authored-by: Hendrik Richert <hendrik.richert@swisscom.com> Co-authored-by: david-leifker <114954101+david-leifker@users.noreply.github.com> 2023-11-28 21:52:11 +01:00
chore(kafka-setup): migrate from confluent image to alpine (#14317) 2025-08-04 17:27:01 -05:00			`# Kafka specific args`
			`ARG KAFKA_VERSION=4.0.0`
			`ARG SCALA_VERSION=2.13`
			`ARG CONFLUENT_VERSION=8.0.0`

			`# Environment variables`
			`ENV KAFKA_VERSION=${KAFKA_VERSION}`
			`ENV SCALA_VERSION=${SCALA_VERSION}`
			`ENV KAFKA_WORKDIR=/opt/kafka`
fix(docker): alpine based multi-platform docker build for kafka-setup (#3991) 2022-01-29 01:25:57 +01:00
			`LABEL name="kafka" version=${KAFKA_VERSION}`

feat(dev): Make repositories configurable for enterprise developers (#9230) Co-authored-by: Hendrik Richert <hendrik.richert@swisscom.com> Co-authored-by: david-leifker <114954101+david-leifker@users.noreply.github.com> 2023-11-28 21:52:11 +01:00			`# Optionally set corporate mirror for apk`
chore(kafka-setup): migrate from confluent image to alpine (#14317) 2025-08-04 17:27:01 -05:00			`RUN if [ "${ALPINE_REPO_URL}" != "http://dl-cdn.alpinelinux.org/alpine" ] ; then \`
			`sed -i "s#http.*://dl-cdn.alpinelinux.org/alpine#${ALPINE_REPO_URL}#g" /etc/apk/repositories ; fi`
fix(docker): Bumps JRE 11 to latest (#5875) 2022-09-08 18:44:28 +01:00
chore(kafka-setup): migrate from confluent image to alpine (#14317) 2025-08-04 17:27:01 -05:00			`# Upgrade Alpine and install base packages`
fix(): Fixes multiple minor security vulnerabilities (#13222) bug(snappy): Make sure right snappy version is installed fix(docker): update Dockerize to version v0.9.3 fix(gms): fixes dgraph4j netty deps fix(docker): remove SGID on /home/datahub and /home/datahub-integration fix(datahub-actions): bump setuptools and wheel version fix(docker): update c-ares version fix(docker): datahub-actions addendum 2025-04-21 16:39:26 -05:00			`RUN apk --no-cache --update-cache --available upgrade \`
chore(kafka-setup): migrate from confluent image to alpine (#14317) 2025-08-04 17:27:01 -05:00			`&& apk --no-cache add 'c-ares>1.34.5' --repository=${ALPINE_REPO_URL}/edge/main \`
			`&& apk --no-cache add \`
			`bash \`
			`coreutils \`
			`curl \`
			`ca-certificates \`
			`jq \`
			`python3 \`
			`py3-pip \`
			`wget \`
			`zip \`
			`gcompat \`
			`sqlite \`
			`libc6-compat \`
			`snappy=~1.2 --repository=${ALPINE_REPO_URL}/edge/main \`
			`&& apk --no-cache add openjdk17-jre-headless --repository=${ALPINE_REPO_URL}/edge/community`

			`# Create directories`
			`RUN mkdir -p /opt/kafka /usr/share/java/cp-base-new \`
			`&& cp /usr/lib/jvm/java-17-openjdk/jre/lib/security/cacerts /tmp/kafka.client.truststore.jks`

			`# Download and install Kafka`
			`RUN if [ "${APACHE_DOWNLOAD_URL}" != "null" ] ; then \`
			`mirror="${APACHE_DOWNLOAD_URL}/" ; \`
			`else \`
			`mirror=$(curl --stderr /dev/null https://www.apache.org/dyn/closer.cgi\?as_json\=1 \| jq -r '.preferred'); \`
			`fi && \`
			`curl -sSL "${mirror}kafka/${KAFKA_VERSION}/kafka_${SCALA_VERSION}-${KAFKA_VERSION}.tgz" \`
			`\| tar -xzf - -C /opt && \`
			`# Check if extraction created the expected directory`
			`if [ -d "/opt/kafka_${SCALA_VERSION}-${KAFKA_VERSION}" ]; then \`
			`# Move contents properly, not the directory itself`
			`cp -r /opt/kafka_${SCALA_VERSION}-${KAFKA_VERSION}/* ${KAFKA_WORKDIR}/ && \`
			`rm -rf /opt/kafka_${SCALA_VERSION}-${KAFKA_VERSION}; \`
			`fi`

			`# Download Confluent dependencies`
			`ARG CONFLUENT_REPO_URL=https://packages.confluent.io/maven`
			`RUN wget -P /usr/share/java/cp-base-new \`
			`${CONFLUENT_REPO_URL}/io/confluent/common-utils/${CONFLUENT_VERSION}/common-utils-${CONFLUENT_VERSION}.jar \`
			`&& wget -P /usr/share/java/cp-base-new \`
			`${CONFLUENT_REPO_URL}/io/confluent/common-config/${CONFLUENT_VERSION}/common-config-${CONFLUENT_VERSION}.jar`

			`# Fix security vulnerabilities (after Kafka is installed so libs directory exists)`
chore(deps): bump commons-beanutils (#14110) 2025-07-17 00:47:54 +05:30			`ARG COMMONS_BEAN_UTILS_VERSION="1.11.0"`
chore(kafka-setup): migrate from confluent image to alpine (#14317) 2025-08-04 17:27:01 -05:00			`ARG COMMONS_LANG3_VERSION="3.18.0"`
			`RUN wget -P /usr/share/java/cp-base-new \`
			`${MAVEN_CENTRAL_REPO_URL}/commons-beanutils/commons-beanutils/${COMMONS_BEAN_UTILS_VERSION}/commons-beanutils-${COMMONS_BEAN_UTILS_VERSION}.jar \`
			`&& rm -f ${KAFKA_WORKDIR}/libs/commons-beanutils-*.jar \`
			`&& cp /usr/share/java/cp-base-new/commons-beanutils-${COMMONS_BEAN_UTILS_VERSION}.jar ${KAFKA_WORKDIR}/libs/ \`
			`&& wget -P /usr/share/java/cp-base-new \`
			`${MAVEN_CENTRAL_REPO_URL}/org/apache/commons/commons-lang3/${COMMONS_LANG3_VERSION}/commons-lang3-${COMMONS_LANG3_VERSION}.jar \`
			`&& rm -f ${KAFKA_WORKDIR}/libs/commons-lang3-*.jar \`
			`&& cp /usr/share/java/cp-base-new/commons-lang3-${COMMONS_LANG3_VERSION}.jar ${KAFKA_WORKDIR}/libs/`

			`# Download AWS MSK IAM Auth`
			`ADD ${GITHUB_REPO_URL}/aws/aws-msk-iam-auth/releases/download/v2.3.2/aws-msk-iam-auth-2.3.2-all.jar /usr/share/java/cp-base-new/`
			`ADD ${GITHUB_REPO_URL}/aws/aws-msk-iam-auth/releases/download/v2.3.2/aws-msk-iam-auth-2.3.2-all.jar ${KAFKA_WORKDIR}/libs/`

			`# Set LD_LIBRARY_PATH for compatibility`
			`ENV LD_LIBRARY_PATH="/lib:/lib64"`

			`# Copy setup scripts`
			`COPY docker/kafka-setup/kafka-setup.sh ${KAFKA_WORKDIR}/kafka-setup.sh`
			`COPY docker/kafka-setup/kafka-config.sh ${KAFKA_WORKDIR}/kafka-config.sh`
			`COPY docker/kafka-setup/kafka-topic-workers.sh ${KAFKA_WORKDIR}/kafka-topic-workers.sh`
			`COPY docker/kafka-setup/kafka-ready.sh ${KAFKA_WORKDIR}/kafka-ready.sh`
			`COPY docker/kafka-setup/env_to_properties.py ${KAFKA_WORKDIR}/env_to_properties.py`

			`# Make scripts executable`
			`RUN chmod +x ${KAFKA_WORKDIR}/kafka-setup.sh \`
			`${KAFKA_WORKDIR}/kafka-topic-workers.sh \`
			`${KAFKA_WORKDIR}/kafka-ready.sh`

			`# Create kafka user and group`
			`RUN addgroup -S kafka && adduser -S kafka -G kafka && chmod g-s /home/kafka`

			`# Set ownership`
			`RUN chown -R kafka:kafka ${KAFKA_WORKDIR} \`
			`&& chown -R kafka:kafka /usr/share/java/cp-base-new`

			`# Switch to kafka user`
			`USER kafka`

			`# Set environment variables for DataHub`
fix: Fix env variable setup for kafka, mysql-setup docker containers (#2402) 2021-04-14 19:07:50 -07:00			`ENV METADATA_AUDIT_EVENT_NAME="MetadataAuditEvent_v4"`
			`ENV METADATA_CHANGE_EVENT_NAME="MetadataChangeEvent_v4"`
			`ENV FAILED_METADATA_CHANGE_EVENT_NAME="FailedMetadataChangeEvent_v4"`
feat(Product Analytics): Introducing In-App Analytics Beta (#2499) Co-authored-by: Harshal Sheth <harshal@acryl.io> Co-authored-by: Dexter Lee <dexter@acryl.io> Co-authored-by: Gabe Lyons <itsgabelyons@gmail.com> 2021-05-11 15:41:42 -07:00			`ENV DATAHUB_USAGE_EVENT_NAME="DataHubUsageEvent_v1"`
fix(kafka-setup): Make topic name consistent with other images (#7103) 2023-01-24 18:48:23 +00:00			`ENV METADATA_CHANGE_LOG_VERSIONED_TOPIC_NAME="MetadataChangeLog_Versioned_v1"`
			`ENV METADATA_CHANGE_LOG_TIMESERIES_TOPIC_NAME="MetadataChangeLog_Timeseries_v1"`
			`ENV METADATA_CHANGE_PROPOSAL_TOPIC_NAME="MetadataChangeProposal_v1"`
			`ENV FAILED_METADATA_CHANGE_PROPOSAL_TOPIC_NAME="FailedMetadataChangeProposal_v1"`
Fix iss #4683 (#4697) 2022-04-19 15:22:49 -07:00			`ENV PLATFORM_EVENT_TOPIC_NAME="PlatformEvent_v1"`
fix(elasticsearch): fix orphan index clean up pattern, consistent top… (#7242) 2023-02-03 07:09:19 -06:00			`ENV DATAHUB_UPGRADE_HISTORY_TOPIC_NAME="DataHubUpgradeHistory_v1"`
feat(schema-registry): replace confluent schema registry (#7930) Co-authored-by: Pedro Silva <pedro@acryl.io> Co-authored-by: Shirshanka Das <shirshanka@apache.org> Co-authored-by: Ryan Holstien <ryan@acryl.io> 2023-05-01 13:18:41 -05:00			`ENV USE_CONFLUENT_SCHEMA_REGISTRY="TRUE"`
fix(kafka-topic-convention): Fix DAOs that do not refer to TopicConvention (#2387) 2021-04-13 07:58:31 -07:00
chore(kafka-setup): migrate from confluent image to alpine (#14317) 2025-08-04 17:27:01 -05:00			`# Set PATH`
			`ENV PATH=/sbin:${KAFKA_WORKDIR}/bin:$PATH`
fix(kafka-setup): Make kafka-setup run with multiple threads (#6970) 2023-01-09 12:27:00 +00:00
chore(kafka-setup): migrate from confluent image to alpine (#14317) 2025-08-04 17:27:01 -05:00			`# Set working directory`
			`WORKDIR ${KAFKA_WORKDIR}`
feat(kafka-setup): add option for SSL and topic partition config via environment (#2398) 2021-04-16 18:40:39 +02:00
chore(kafka-setup): migrate from confluent image to alpine (#14317) 2025-08-04 17:27:01 -05:00			`CMD ["./kafka-setup.sh"]`