Skip to main content
RisingWave Console is a self-hosted service. It stores its own metadata, such as users, cluster connections, database connections, tasks, and settings, in PostgreSQL. It does not store RisingWave user data in this metadata database. Production builds require the signed RisingWave license key at startup. This is the same license key used by the RisingWave database. Provide it with either RW_LICENSE_KEY or RW_LICENSE_KEY_PATH. If you only want to try Console without configuring a license key, use v0.5.1; it is an older evaluation version and does not include all current capabilities. For details, see Manage license keys.

Choose a deployment target

For persistent deployments, use a strong RCONSOLE_ROOT_PASSWORD, protect the Console endpoint with your network controls, and prefer external PostgreSQL for durable Console metadata.

Key configuration

Docker quick start

Use the bundled PostgreSQL image for the fastest setup:
Open http://localhost:8020 and sign in as root with the password you set in RCONSOLE_ROOT_PASSWORD. If you prefer mounted files for secrets:
For a throwaway local test, remove the volume and add --rm. Console metadata is deleted when the container is removed.

Docker with external PostgreSQL

Use the standard image when PostgreSQL is managed outside the Console container:
Start it with:
The PostgreSQL user in RCONSOLE_SERVER_PG_DSN must be able to create and migrate Console metadata tables.

Kubernetes deployment

Console provides two starter manifests:
  • deploy/kubernetes/pgbundle/console.yaml: runs the -pgbundle image. This is convenient for testing, but the bundled PostgreSQL metadata is not durable across pod rescheduling.
  • deploy/kubernetes/external-pg/console.yaml: runs the standard image with external PostgreSQL. This is the production path and also works with OpenShift restricted security settings.
Both manifests create:
  • the risingwave-console namespace,
  • a ServiceAccount,
  • RBAC for Console operations and environment-managed resources,
  • a StatefulSet,
  • a Service that exposes Console on NodePort 30020 and Console metrics on NodePort 30090.

Kubernetes startup license

Store the RisingWave license key in a Kubernetes Secret:
Reference it from the console container:
The external PostgreSQL manifest already includes a risingwave-console-config Secret for pg-dsn, root-password, and license.jwt. Replace the placeholder values before applying it.

Apply a starter manifest

For a Kubernetes test deployment:
For production or OpenShift:
Access the UI at http://<any-node>:30020, or replace the Service with your preferred ClusterIP, LoadBalancer, or Ingress setup.
The starter manifests include RBAC that lets Console install cert-manager, the RisingWave Operator, and environment-scoped resources. If those components are managed by another platform team, remove the cluster-installer RBAC and use imported resources instead.

Binary deployment

Use the binary when you want to run Console directly on a host and manage PostgreSQL separately:
Make sure the process can read the license file and reach the PostgreSQL host.

Verify the installation

  1. Check the process or container logs.
  2. Open the UI:
    • Docker or binary: http://localhost:8020, unless you changed the port.
    • Kubernetes NodePort starter manifest: http://<any-node>:30020.
  3. Sign in as root.
  4. Confirm that the home page loads and the sidebar shows Overview, Clusters, SQL Console, Environments, Metrics Store, SSO Connectors, Users, and Settings.

Troubleshooting startup

After installation, either connect an existing RisingWave cluster or create a Kubernetes environment. To let users sign in through your SAML, LDAP / Active Directory, or OIDC identity provider, see Single sign-on (SSO).