Merge pull request cockroachdb#3195 from cockroachdb/admin-ui-user-auth-alpha

Admin UI user auth changes

Author: Amruta-Ranade

_includes/sidebar-data-v2.1.json

@@ -1544,6 +1544,12 @@
               "/${VERSION}/admin-ui-access-and-navigate.html"
             ]
           },
+          {
+            "title": "Secure the Admin UI",
+            "urls": [
+              "/${VERSION}/admin-ui-user-authentication.html"
+            ]
+          },
           {
             "title": "Overview Dashboard",
             "urls": [

v2.1/admin-ui-access-and-navigate.md

@@ -10,6 +10,8 @@ toc: false
 
 You can access the Admin UI from any node in the cluster.
 
+{{site.data.alerts.callout_info}}By default, CockroachDB allows all users to access and view the Admin UI. For secure clusters, you can choose to <a href="admin-ui-user-authentication.html">enable user authentication</a> to restrict access to the Admin UI to authorized users. {{site.data.alerts.end}}
+
 By default, you can access it via HTTP on port `8080` of the hostname or IP address you configured using the `--host` flag while [starting the node](https://www.cockroachlabs.com/docs/stable/start-a-node.html#general). For example, `http://<any node host>:8080`. If you are running a secure cluster, use `https://<any node host>:8080`.
 
 You can also set the CockroachDB Admin UI to a custom port using `--http-port` or a custom hostname using `--http-host` when [starting each node](start-a-node.html). For example, if you set both a custom port and hostname, `http://<http-host value>:<http-port value>`. For a secure cluster, `https://<http-host value>:<http-port value>`.

v2.1/admin-ui-user-authentication.md

@@ -0,0 +1,23 @@
+---
+title: Secure the Admin UI
+summary: Learn how to enable user authentication for secure clusters for the Admin UI.
+toc: false
+---
+
+By default, CockroachDB allows all users to access and view the Admin UI. However, for secure clusters, you can enable user authentication so that only authorized users can access and view the Admin UI.
+
+<div id="toc"></div>
+
+1. Start a secure cluster as described in our [deployment tutorials](manual-deployment.html).
+
+    However, when starting each node, be sure to set the `COCKROACH_EXPERIMENTAL_REQUIRE_WEB_LOGIN=TRUE` environment variable, for example:
+
+    {% include copy-clipboard.html %}
+    ~~~ shell
+    $ COCKROACH_EXPERIMENTAL_REQUIRE_WEB_LOGIN=TRUE \
+      ./cockroach start --host=<node1 hostname> --certs-dir=certs
+    ~~~
+
+2. For each user who should have access to the Admin UI, [create a user with a password](create-user.html).
+
+    On accessing the Admin UI, these users will see a Login screen, where they will need to enter their usernames and passwords.