Use Provectus® UI for Apache Kafka® with Aiven for Apache Kafka®
Provectus® UI for Apache Kafka® is a popular Open-Source web GUI for Apache Kafka® management that allows you to monitor and manage Apache Kafka® clusters.
Prerequisites
To connect Provectus® UI for Apache Kafka® to Aiven for Apache Kafka®, create a Java keystore and truststore containing the service SSL certificates.
Also collect the following information:
APACHE_KAFKA_HOST
: The Aiven for Apache Kafka hostnameAPACHE_KAFKA_PORT
: The Aiven for Apache Kafka portSSL_KEYSTORE_FILE_NAME
: The name of the Java keystore containing the Aiven for Apache Kafka SSL certificatesSSL_TRUSTSTORE_FILE_NAME
: The name of the Java truststore containing the Aiven for Apache Kafka SSL certificatesSSL_KEYSTORE_PASSWORD
: The password used to secure the Java keystoreSSL_TRUSTSTORE_PASSWORD
: The password used to secure the Java truststoreSSL_STORE_FOLDER
: The absolute path of the folder containing both the truststore and keystore
Run Provectus® UI for Apache Kafka® on Docker or Podman
Share keystores with non-root user
Since container for Provectus® UI for Apache Kafka® uses non-root user, to avoid permission problems, while keeping the secrets safe:
-
Create separate directory for secrets:
mkdir SSL_STORE_FOLDER
-
Restrict the directory to current user:
chmod 700 SSL_STORE_FOLDER
-
Copy secrets there (replace the
SSL_KEYSTORE_FILE_NAME
andSSL_TRUSTSTORE_FILE_NAME
with the keystores and truststores file names):cp SSL_KEYSTORE_FILE_NAME SSL_TRUSTSTORE_FILE_NAME SSL_STORE_FOLDER
-
Give read permissions for secret files for everyone:
chmod +r SSL_STORE_FOLDER/*
Execute Provectus® UI for Apache Kafka® on Docker or Podman
You can run Provectus® UI for Apache Kafka® in a Docker/Podman container with the following command, by replacing the placeholders for:
APACHE_KAFKA_HOST
APACHE_KAFKA_PORT
SSL_STORE_FOLDER
SSL_KEYSTORE_FILE_NAME
SSL_KEYSTORE_PASSWORD
SSL_TRUSTSTORE_FILE_NAME
SSL_TRUSTSTORE_PASSWORD
docker run -p 8080:8080 \
-v SSL_STORE_FOLDER/SSL_TRUSTSTORE_FILE_NAME:/client.truststore.jks:ro \
-v SSL_STORE_FOLDER/SSL_KEYSTORE_FILE_NAME:/client.keystore.p12:ro \
-e KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS=APACHE_KAFKA_HOST:APACHE_KAFKA_PORT \
-e KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL=SSL \
-e KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION=/client.truststore.jks \
-e KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_PASSWORD=SSL_TRUSTSTORE_PASSWORD \
-e KAFKA_CLUSTERS_0_PROPERTIES_SSL_KEYSTORE_LOCATION=/client.keystore.p12 \
-e KAFKA_CLUSTERS_0_PROPERTIES_SSL_KEYSTORE_PASSWORD=SSL_KEYSTORE_PASSWORD \
-e KAFKA_CLUSTERS_0_PROPERTIES_SSL_KEYSTORE_TYPE=PKCS12 \
-d provectuslabs/kafka-ui:latest
Use Provectus® UI for Apache Kafka®
Once Provectus® UI for Apache Kafka® starts, you should be able to
access it at localhost:8080
.