Configure a Connection to a Redpanda Cluster

This topic provides instructions on configuring Redpanda Console to connect to a Redpanda cluster. The configuration ensures that Redpanda Console can communicate with your Redpanda brokers.

Prerequisites

Ensure that you have:

  • Access to your Redpanda cluster’s broker URLs.

  • The necessary authentication credentials if your cluster requires SASL, TLS, or other security measures.

Configure a connection to Redpanda

You must set up a connection to the Kafka API on your Redpanda brokers. This includes specifying the brokers' URLs, client identifiers, and any security protocols such as SASL or TLS.

kafka:
  brokers:
    - <hostname>:<port>

  # Optional settings:
  # clientId: console  # The client ID you can use to identify Redpanda Console to the Redpanda cluster.

  # Specify a rack in multi-zone Redpanda clusters to reduce costs by consuming messages from local replicas:
  # rackId: "zone-a"

  # SASL configuration (optional) if your Redpanda cluster uses SASL for authentication:
  # sasl:
    # enabled: false
    # username: my-username
    # password: my-password
    # mechanism: PLAIN  # Options include PLAIN, SCRAM-SHA-256, SCRAM-SHA-512, GSSAPI, OAUTHBEARER, AWS_MSK_IAM

  # TLS configuration (optional) if your Redpanda cluster uses TLS for secure connections:
  # tls:
    # enabled: false
    # caFilepath: "/path/to/ca-cert.pem"
    # certFilepath: "/path/to/client-cert.pem"
    # keyFilepath: "/path/to/client-key.pem"
    # insecureSkipTlsVerify: false  # Set to true if you want to skip server certificate validation

If your Redpanda cluster uses advanced security features such as Kerberos (GSSAPI), OAuth, or AWS MSK IAM, you need to configure these settings in the sasl block.

For example, to configure Kerberos:

kafka:
  sasl:
    enabled: true
    mechanism: GSSAPI
    gssapi:
      authType: KEYTAB_AUTH
      keyTabPath: "/path/to/keytab"
      kerberosConfigPath: "/path/to/krb5.conf"
      serviceName: "kafka"
      username: "my-username"
      password: "my-password"
      realm: "MY.REALM"
      enableFast: true

Configure access to the Redpanda Admin API

Configuring a connection to the Redpanda Admin API enables additional Redpanda-specific features in Redpanda Console, such as viewing the Redpanda version, managing data transforms and SASL-SCRAM users, and generating debug bundles.

redpanda:
  adminApi:
    enabled: true
    urls: ["<hostname>:<port>"]
    # Optional settings for authentication and TLS:
    # username: admin
    # password: my-password
    # tls:
      # enabled: true
      # caFilepath: "/path/to/ca-cert.pem"
      # certFilepath: "/path/to/client-cert.pem"
      # keyFilepath: "/path/to/client-key.pem"
      # insecureSkipTlsVerify: false
Make sure to include the URLs of all brokers in the redpanda.adminApi.urls array.