Ranger K8s Operator

  • Commercial Systems
Channel Revision Published Runs on
latest/stable 33 12 Nov 2024
Ubuntu 22.04
latest/beta 23 06 Mar 2024
Ubuntu 22.04
latest/edge 33 12 Nov 2024
Ubuntu 22.04
juju deploy ranger-k8s
Show information

Platform:

Ranger K8s Operator

The Charmed Ranger K8s Operator delivers automated management on Apache Ranger authorization software on top of a Kubernetes cluster. Apache Ranger™ is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform.

Note: This operator requires the use of juju>=3.1.

Deploying Ranger and PostgreSQL database

Ranger requires PostgreSQL to store its state. Therefore, its deployment requires a relation with the postgresql-k8s charm:

# deploy ranger
juju deploy ranger-k8s

# deploy postgresql
juju deploy postgresql-k8s --channel 14/stable --trust

# relate the applications
juju relate ranger-k8s:database postgresql-k8s:database

Note: details on the custom image used for Ranger deployment can be found here.

Authentication

Username/password authentication is enabled by default using the admin user and the password set via the Ranger configuration value admin-password. Additional users can be added in the Ranger UI.

Relations

Policy

The Ranger Operator provides a policy interface for relation with applications requiring Ranger’s authorization services. Note: the related application image must be configured with the Ranger-plugin (ie. Atlas, Kafka, Presto, Trino … ) a full list can be found in directories here.

# deploy application
juju deploy trino-k8s

# relate via policy interface
juju relate trino-k8s:policy ranger-k8s:policy

Ingress

The Ranger operator exposes its ports using the Nginx Ingress Integrator operator. You must first make sure to have an Nginx Ingress Controller deployed. To enable TLS connections, you must have a TLS certificate stored as a k8s secret (default name is “ranger-tls”). A self-signed certificate for development purposes can be created as follows:

# Generate private key
openssl genrsa -out server.key 2048

# Generate a certificate signing request
openssl req -new -key server.key -out server.csr -subj "/CN=ranger-k8s"

# Create self-signed certificate
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt -extfile <(printf "subjectAltName=DNS:ranger-k8s")

# Create a k8s secret
kubectl create secret tls ranger-tls --cert=server.crt --key=server.key

This operator can then be deployed and connected to the Ranger operator using the Juju command line as follows:

# Deploy ingress controller.
microk8s enable ingress:default-ssl-certificate=ranger-k8s/ranger-tls

juju deploy nginx-ingress-integrator --channel edge --revision 71
juju relate ranger-k8s nginx-ingress-integrator

Once deployed, the hostname will default to the name of the application (ranger-k8s), and can be configured using the external-hostname configuration on the Ranger operator.

Contributing

Please see the Juju SDK documentation for more information about developing and improving charms and Contributing for developer guidance.

License

The Charmed Ranger K8s Operator is free software, distributed under the Apache Software License, version 2.0. See License for more details.


Help improve this document in the forum (guidelines). Last updated 1 year, 2 months ago.