Enable Plain Login Authentication for Redpanda Console

This Docker Compose file configures Redpanda Console with a plain login provider so that users of Redpanda Console must log in with a username and password.

This example uses features that require a license key for Redpanda Enterprise Edition. The license key is uploaded to the Redpanda broker through a separate container called redpandarpk. This container executes the rpk cluster license set command to load the license key from the given filepath. To request a trial license, to extend your trial period, or to purchase an Enterprise Edition license, contact Redpanda Sales.

Prerequisites

You must have Docker and Docker Compose installed on your host machine.

Run the lab

  1. Download the following Docker Compose file on your local file system.

    If you are running on an ARM-based device such as the Apple M1 chip, uncomment the platform: 'linux/amd64' lines.
    Reveal the Docker Compose file
    docker-compose.yml
    ---
    version: "3.7"
    name: redpanda-enterprise
    networks:
      redpanda_network:
        driver: bridge
    volumes:
      redpanda: null
    services:
      redpanda:
        image: docker.redpanda.com/redpandadata/redpanda:v23.3.12
        command:
          - redpanda start
          # Mode dev-container uses well-known configuration properties for development in containers.
          - --mode dev-container
          # Tells Seastar (the framework Redpanda uses under the hood) to use 1 core on the system.
          - --smp 1
          - --kafka-addr internal://0.0.0.0:9092,external://0.0.0.0:19092
          # Address the broker advertises to clients that connect to the Kafka API.
          # Use the internal addresses to connect to the Redpanda brokers
          # from inside the same Docker network.
          # Use the external addresses to connect to the Redpanda brokers
          # from outside the Docker network.
          - --advertise-kafka-addr internal://redpanda:9092,external://localhost:19092
          - --pandaproxy-addr internal://0.0.0.0:8082,external://0.0.0.0:18082
          # Address the broker advertises to clients that connect to the HTTP Proxy.
          - --advertise-pandaproxy-addr internal://redpanda:8082,external://localhost:18082
          - --schema-registry-addr internal://0.0.0.0:8081,external://0.0.0.0:18081
          # Redpanda brokers use the RPC API to communicate with each other internally.
          - --rpc-addr redpanda:33145
          - --advertise-rpc-addr redpanda:33145
        ports:
          - 18081:18081
          - 18082:18082
          - 19092:19092
          - 19644:9644
        volumes:
          - redpanda:/var/lib/redpanda/data
        networks:
          - redpanda_network
      redpandarpk:
        command:
          - cluster
          - license
          - set
          - --path
          # this is the default location in which rpk searches for the redpanda.license file.
          # if you mount the license key file to a different location, update this path.
          - /etc/redpanda/redpanda.license
          # rpk connects to the admin API of one broker to set the license key for the whole cluster.
          - --api-urls redpanda:9644
        image: docker.redpanda.com/redpandadata/redpanda:v23.3.12
        # mount the local directory that contains your license key to the container.
        # give Redpanda read and write access to the license.
        volumes:
          - ./license:/etc/redpanda:rw
        networks:
          - redpanda_network
        depends_on:
          - redpanda
      console:
        container_name: redpanda-console
        image: docker.redpanda.com/redpandadata/console:v2.4.6
        # mount the local directory that contains your license key to the container.
        # give Redpanda Console read access to the license.
        volumes:
          - ./license:/etc/redpanda:ro
        networks:
          - redpanda_network
        entrypoint: /bin/sh
        command: -c 'echo "$$CONSOLE_CONFIG_FILE" > /tmp/config.yml && echo "$$CONSOLE_ROLEBINDINGS_CONFIG_FILE" > /tmp/role-bindings.yml && /app/console'
        environment:
          REDPANDA_LICENSE_FILEPATH: /etc/redpanda/redpanda.license
          CONFIG_FILEPATH: /tmp/config.yml
          CONSOLE_CONFIG_FILE: |
            kafka:
              brokers: ["redpanda:9092"]
              schemaRegistry:
                enabled: true
                urls: ["http://redpanda:8081"]
            redpanda:
              adminApi:
                enabled: true
                urls: ["http://redpanda:9644"]
            login:
              enabled: true
              jwtSecret: change-this-to-something-secret
              useSecureCookies: false
              plain:
                enabled: true
                credentials:
                - username: "jane"
                  password: "some-other-secret-password"
                - username: "john"
                  password: "some-secret-password"
            enterprise:
              rbac:
                enabled: true
                roleBindingsFilepath: /tmp/role-bindings.yml
          CONSOLE_ROLEBINDINGS_CONFIG_FILE: |
            roleBindings:
            - metadata:
                name: Platform Ops
              subjects:
                - kind: user
                  provider: Plain
                  name: jane
              roleName: admin
            - metadata:
                name: Software Engineers
              subjects:
                - kind: user
                  provider: Plain
                  name: john
              roleName: editor
        ports:
          - 8080:8080
        depends_on:
          - redpanda
  2. Set the REDPANDA_VERSION environment variable to the version of Redpanda that you want to run. For all available versions, see the GitHub releases.

    For example:

    export REDPANDA_VERSION=23.3.12
  3. Set the REDPANDA_CONSOLE_VERSION environment variable to the version of Redpanda Console that you want to run. For all available versions, see the GitHub releases.

    For example:

    export REDPANDA_CONSOLE_VERSION=2.4.6
  4. Save your license key to license/redpanda.license in the same location as your Docker Compose file. Or, to use another location, update the license paths in the Docker Compose file to another directory that contains your license key.

  5. Run the following in the directory where you saved the Docker Compose file:

    docker compose up -d
  6. Open Redpanda Console at localhost:8080 and log in with the credentials for john or jane, which are defined in the Docker Compose file in the CONSOLE_CONFIG_FILE environment variable.

Clean up

To shut down and delete the containers along with all your cluster data:

docker compose down -v