Enable Plain Login Authentication for Redpanda Console
This Docker Compose file configures Redpanda Console with a plain login provider so that users of Redpanda Console must log in with a username and password.
This example uses features that require a license key for Redpanda Enterprise Edition. The license key is uploaded to the Redpanda broker through a separate container called redpandarpk. This container executes the rpk cluster license set command to load the license key from the given filepath. To request a trial license, to extend your trial period, or to purchase an Enterprise Edition license,
contact Redpanda Sales.
Prerequisites
You must have Docker and Docker Compose installed on your host machine.
Run the lab
-
Download the following Docker Compose file on your local file system.
If you are running on an ARM-based device such as the Apple M1 chip, uncomment the platform: 'linux/amd64'lines.Reveal the Docker Compose file
docker-compose.yml--- version: "3.7" name: redpanda-enterprise networks: redpanda_network: driver: bridge volumes: redpanda: null services: redpanda: image: docker.redpanda.com/redpandadata/redpanda:v23.3.13 command: - redpanda start # Mode dev-container uses well-known configuration properties for development in containers. - --mode dev-container # Tells Seastar (the framework Redpanda uses under the hood) to use 1 core on the system. - --smp 1 - --kafka-addr internal://0.0.0.0:9092,external://0.0.0.0:19092 # Address the broker advertises to clients that connect to the Kafka API. # Use the internal addresses to connect to the Redpanda brokers # from inside the same Docker network. # Use the external addresses to connect to the Redpanda brokers # from outside the Docker network. - --advertise-kafka-addr internal://redpanda:9092,external://localhost:19092 - --pandaproxy-addr internal://0.0.0.0:8082,external://0.0.0.0:18082 # Address the broker advertises to clients that connect to the HTTP Proxy. - --advertise-pandaproxy-addr internal://redpanda:8082,external://localhost:18082 - --schema-registry-addr internal://0.0.0.0:8081,external://0.0.0.0:18081 # Redpanda brokers use the RPC API to communicate with each other internally. - --rpc-addr redpanda:33145 - --advertise-rpc-addr redpanda:33145 ports: - 18081:18081 - 18082:18082 - 19092:19092 - 19644:9644 volumes: - redpanda:/var/lib/redpanda/data networks: - redpanda_network redpandarpk: command: - cluster - license - set - --path # this is the default location in which rpk searches for the redpanda.license file. # if you mount the license key file to a different location, update this path. - /etc/redpanda/redpanda.license # rpk connects to the admin API of one broker to set the license key for the whole cluster. - --api-urls redpanda:9644 image: docker.redpanda.com/redpandadata/redpanda:v23.3.13 # mount the local directory that contains your license key to the container. # give Redpanda read and write access to the license. volumes: - ./license:/etc/redpanda:rw networks: - redpanda_network depends_on: - redpanda console: container_name: redpanda-console image: docker.redpanda.com/redpandadata/console:v2.5.1 # mount the local directory that contains your license key to the container. # give Redpanda Console read access to the license. volumes: - ./license:/etc/redpanda:ro networks: - redpanda_network entrypoint: /bin/sh command: -c 'echo "$$CONSOLE_CONFIG_FILE" > /tmp/config.yml && echo "$$CONSOLE_ROLEBINDINGS_CONFIG_FILE" > /tmp/role-bindings.yml && /app/console' environment: REDPANDA_LICENSE_FILEPATH: /etc/redpanda/redpanda.license CONFIG_FILEPATH: /tmp/config.yml CONSOLE_CONFIG_FILE: | kafka: brokers: ["redpanda:9092"] schemaRegistry: enabled: true urls: ["http://redpanda:8081"] redpanda: adminApi: enabled: true urls: ["http://redpanda:9644"] login: enabled: true jwtSecret: change-this-to-something-secret useSecureCookies: false plain: enabled: true credentials: - username: "jane" password: "some-other-secret-password" - username: "john" password: "some-secret-password" enterprise: rbac: enabled: true roleBindingsFilepath: /tmp/role-bindings.yml CONSOLE_ROLEBINDINGS_CONFIG_FILE: | roleBindings: - metadata: name: Platform Ops subjects: - kind: user provider: Plain name: jane roleName: admin - metadata: name: Software Engineers subjects: - kind: user provider: Plain name: john roleName: editor ports: - 8080:8080 depends_on: - redpanda -
Set the
REDPANDA_VERSIONenvironment variable to the version of Redpanda that you want to run. For all available versions, see the GitHub releases.For example:
export REDPANDA_VERSION=23.3.13 -
Set the
REDPANDA_CONSOLE_VERSIONenvironment variable to the version of Redpanda Console that you want to run. For all available versions, see the GitHub releases.For example:
export REDPANDA_CONSOLE_VERSION=2.5.1 -
Save your license key to
license/redpanda.licensein the same location as your Docker Compose file. Or, to use another location, update the license paths in the Docker Compose file to another directory that contains your license key. -
Run the following in the directory where you saved the Docker Compose file:
docker compose up -d -
Open Redpanda Console at localhost:8080 and log in with the credentials for
johnorjane, which are defined in the Docker Compose file in theCONSOLE_CONFIG_FILEenvironment variable.
Clean up
To shut down and delete the containers along with all your cluster data:
docker compose down -v