Is it possible to enable Basic auth on the kafka-ui and enable UI access #4014
-
I am using this docker-compose.yml file to bring up these services. The UI is working fine, but as you can see I have to disable the lines in the schema-registry service to enable Basic Auth on the API. Is it possible to have both Basic Auth for the API and schema registry management via the API? // notable env vars CONFLUENT_CONTAINER_KAFKA_VERSION=7.2.1
CONFLUENT_CONTAINER_SCHEMA_REGISTRY_VERSION=7.2.1
KAFKA_UI_CONTAINER_VERSION=v0.7.1 // docker-compose.yml version: "2"
services:
kafka1:
image: confluentinc/cp-kafka:${CONFLUENT_CONTAINER_KAFKA_VERSION}
hostname: kafka1
container_name: kafka1
ports:
- "${KAFKA_PORT}:${KAFKA_PORT}"
- "${KAFKA_JMX_PORT}:${KAFKA_JMX_PORT}"
dns:
- ${ENVIRONMENT_DNS}
environment:
KAFKA_BROKER_ID: ${KAFKA_BROKER_ID}
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: "CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT"
KAFKA_ADVERTISED_LISTENERS: "PLAINTEXT://kafka1:29092,PLAINTEXT_HOST://${VM_AGENT_NAME:-localhost}:${KAFKA_PORT}"
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: ${KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR}
KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: ${KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS}
KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: ${KAFKA_TRANSACTION_STATE_LOG_MIN_ISR}
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: ${KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR}
KAFKA_JMX_PORT: ${KAFKA_JMX_PORT}
KAFKA_JMX_HOSTNAME: ${VM_AGENT_NAME:-localhost}
KAFKA_PROCESS_ROLES: "broker,controller"
KAFKA_NODE_ID: 1
KAFKA_CONTROLLER_QUORUM_VOTERS: "1@kafka1:29093"
KAFKA_LISTENERS: "PLAINTEXT://kafka1:29092,CONTROLLER://kafka1:29093,PLAINTEXT_HOST://0.0.0.0:${KAFKA_PORT}"
KAFKA_INTER_BROKER_LISTENER_NAME: "PLAINTEXT"
KAFKA_CONTROLLER_LISTENER_NAMES: "CONTROLLER"
KAFKA_LOG_DIRS: "/tmp/kraft-combined-logs"
VM_AGENT_NAME: ${VM_AGENT_NAME:-kafka1}
volumes:
- ./scripts/update_run.sh:/tmp/update_run.sh
- ./scripts/start_services.sh:/tmp/start_services.sh
- ./scripts/setup:/tmp/setup/
- ./utils/utils.py:/tmp/setup/utils.py
command: ["/tmp/start_services.sh"]
schemaregistry1:
image: confluentinc/cp-schema-registry:${CONFLUENT_CONTAINER_SCHEMA_REGISTRY_VERSION}
ports:
- "${SCHEMA_REGISTRY_EXT_PORT}:${SCHEMA_REGISTRY_INT_PORT}"
depends_on:
- kafka1
volumes:
- ./jaas:/conf
dns:
- ${ENVIRONMENT_DNS}
environment:
SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: PLAINTEXT://kafka1:29092
SCHEMA_REGISTRY_KAFKASTORE_SECURITY_PROTOCOL: PLAINTEXT
SCHEMA_REGISTRY_HOST_NAME: schemaregistry1
SCHEMA_REGISTRY_LISTENERS: http://schemaregistry1:${SCHEMA_REGISTRY_INT_PORT}
# SCHEMA_REGISTRY_AUTHENTICATION_METHOD: BASIC
# SCHEMA_REGISTRY_AUTHENTICATION_REALM: SchemaRegistryProps
# SCHEMA_REGISTRY_AUTHENTICATION_ROLES: admin
SCHEMA_REGISTRY_OPTS: -Djava.security.auth.login.config=/conf/schema_registry.jaas
SCHEMA_REGISTRY_SCHEMA_REGISTRY_INTER_INSTANCE_PROTOCOL: "http"
SCHEMA_REGISTRY_LOG4J_ROOT_LOGLEVEL: INFO
SCHEMA_REGISTRY_KAFKASTORE_TOPIC: _schemas
kafka-ui:
container_name: kafka-ui
image: provectuslabs/kafka-ui:${KAFKA_UI_CONTAINER_VERSION}
ports:
- "${KAFKA_UI_PORT}:${KAFKA_UI_PORT}"
depends_on:
- kafka1
- schemaregistry1
dns:
- ${ENVIRONMENT_DNS}
environment:
KAFKA_CLUSTERS_0_NAME: local
KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: kafka1:29092
KAFKA_CLUSTERS_0_METRICS_PORT: ${KAFKA_JMX_PORT}
KAFKA_CLUSTERS_0_SCHEMAREGISTRY: http://schemaregistry1:${SCHEMA_REGISTRY_INT_PORT}
KAFKA_CLUSTERS_0_SCHEMAREGISTRYAUTH_USERNAME: ${SCHEMA_REGISTRY_BASIC_AUTH_USER:-truadmin-dev}
KAFKA_CLUSTERS_0_SCHEMAREGISTRYAUTH_PASSWORD: ${SCHEMA_REGISTRY_BASIC_AUTH_PASSWORD}
SPRING_SECURITY_USER_NAME: ${KAFKA_UI_BASIC_AUTH_USER:-truadmin-dev}
SPRING_SECURITY_USER_PASSWORD: ${KAFKA_UI_BASIC_AUTH_PASSWORD}
AUTH_TYPE: LOGIN_FORM |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
Hi, I don't quite understand the problem. We do support basic auth for SR. What do you mean by that you have "to disable the lines"? |
Beta Was this translation helpful? Give feedback.
-
Resolved based on discussion above |
Beta Was this translation helpful? Give feedback.
Just launched the aforementioned compose, and it works perfectly fine:
Please share the error you receive with the application logs.