Docker
This page describes installing Lenses with Docker Image.
On start-up, Lenses will be in bootstrap mode unless it has an existing Kafka Connection. See provisioning for automating.
The Lenses docker image can be configured via environment variables or via volume mounts for the configuration files (lenses.conf
, security.conf
).
Running the Docker
Open Lenses in your browser, log in with admin/admin
and configure your brokers and add your license.
Environment Variables
Environment variables prefixed with LENSES_
are transformed into corresponding configuration options. The environment variable name is converted to lowercase and underscores (_
) are replaced with dots (.
). As an example set the option lenses.port
use the environment variable LENSES_PORT
.
Alternatively, the lenses.conf and security.conf can be mounted directly as
/mnt/settings/lenses.conf
/mnt/secrets/security.conf
Docker volumes
The Docker image exposes four volumes in total, where cache, logs, plugins, and persistent data are stored:
/data/storage
/data/plugins
/data/logs
/data/kafka-streams-state
Storage volume
Resides under /data/storage
and is used to store persistent data, such as Data Policies. For this data to survive between Docker runs and/or Lenses upgrades, the volume must be managed externally (persistent volume).
Plugins volume
Resides under /data/plugins
it’s where classes that extend Lenses may be added —such as custom Serdes, LDAP filters, UDFs for the Lenses SQL table engine, and custom_http implementations.
Logs volume
Resides under /data/logs
, logs are stored here. The application also logs to stdout, so the log files aren’t needed for most cases.
KStreams state volume
Resides under /data/kafka-streams-state
, used when Lenses SQL is in IN_PROC configuration. In such a case, Lenses uses this scratch directory to cache Lenses SQL internal state. Whilst this directory can safely be removed, it can be beneficial to keep it around, so the Processors won’t have to rebuild their state during a restart.
Lenses TLS and Global JVM Trust Store
By default, the Lenses serves connections over plaintext (HTTP). It is possible to use TLS instead. The Docker image offers the ability to provide the content for extra files via secrets mounted as files or as environment variables. Especially for SSL, Docker supports SSL/TLS keys and certificates in Java Keystore (JKS) formats.
This capability is optional, and users can mount such files under custom paths and configure lenses.conf
manually via environment variables, or lenses.append.conf
.
There are two ways to use the File/Variable names of the table below.
Create a file with the appropriate filename as listed below and mount it under
/mnt/settings
,/mnt/secrets
, or/run/secrets
Set them as environment variables.
All settings except for passwords, can be optionally encoded in base64. The docker will detect such encoding automatically.
FILECONTENT_JVM_SSL_TRUSTSTORE
The SSL/TLS trust store to use as the global JVM trust store. Add to LENSES_OPTS the property javax.net.ssl.trustStore
FILECONTENT_JVM_SSL_TRUSTSTORE_PASSWORD
Τhe trust store password. If set, the startup script will add automatically to LENSESOPTS the property javax.net.ssl.trustStorePassword (**_base64 not supported**)
FILECONTENT_LENSES_SSL_KEYSTORE
The SSL/TLS keystore to use for the TLS listener for Lenses
Process UID/GUI
The docker does not require running as root. The default user is set to root for convenience and to verify upon start-up that all the directories and files have the correct permissions. The user drops to nobody
and group nogroup
(65534:65534) before starting Lenses.
If the image is started without root privileges, the agent will start successfully using the effective uid:gid applied. Ensure any volumes mounted (i.e., for the license, settings, and data) have the correct permission set.
Last updated