Ranger K8s Operator
The Charmed Ranger K8s Operator delivers automated management on Apache Ranger authorization software on top of a Kubernetes cluster. Apache Ranger™ is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform.
Note: This operator requires the use of juju>=3.1.
Deploying Ranger and PostgreSQL database
Ranger requires PostgreSQL to store its state. Therefore, its deployment requires a relation with the postgresql-k8s charm:
# deploy ranger
juju deploy ranger-k8s
# deploy postgresql
juju deploy postgresql-k8s --channel 14/stable --trust
# relate the applications
juju relate ranger-k8s:database postgresql-k8s:database
Note: details on the custom image used for Ranger deployment can be found here.
Authentication
Username/password authentication is enabled by default using the admin
user and the password set via the Ranger configuration value admin-password
. Additional users can be added in the Ranger UI.
Relations
Policy
The Ranger Operator provides a policy interface for relation with applications requiring Ranger’s authorization services. Note: the related application image must be configured with the Ranger-plugin (ie. Atlas, Kafka, Presto, Trino … ) a full list can be found in directories here.
# deploy application
juju deploy trino-k8s
# relate via policy interface
juju relate trino-k8s:policy ranger-k8s:policy
Ingress
The Ranger operator exposes its ports using the Nginx Ingress Integrator operator. You must first make sure to have an Nginx Ingress Controller deployed. To enable TLS connections, you must have a TLS certificate stored as a k8s secret (default name is “ranger-tls”). A self-signed certificate for development purposes can be created as follows:
# Generate private key
openssl genrsa -out server.key 2048
# Generate a certificate signing request
openssl req -new -key server.key -out server.csr -subj "/CN=ranger-k8s"
# Create self-signed certificate
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt -extfile <(printf "subjectAltName=DNS:ranger-k8s")
# Create a k8s secret
kubectl create secret tls ranger-tls --cert=server.crt --key=server.key
This operator can then be deployed and connected to the Ranger operator using the Juju command line as follows:
# Deploy ingress controller.
microk8s enable ingress:default-ssl-certificate=ranger-k8s/ranger-tls
juju deploy nginx-ingress-integrator --channel edge --revision 71
juju relate ranger-k8s nginx-ingress-integrator
Once deployed, the hostname will default to the name of the application (ranger-k8s), and can be configured using the external-hostname configuration on the Ranger operator.
Contributing
Please see the Juju SDK documentation for more information about developing and improving charms and Contributing for developer guidance.
License
The Charmed Ranger K8s Operator is free software, distributed under the Apache Software License, version 2.0. See License for more details.