Apache Ignite Documentation

GridGain Developer Hub - Apache Ignitetm

Welcome to the Apache Ignite developer hub run by GridGain. Here you'll find comprehensive guides and documentation to help you start working with Apache Ignite as quickly as possible, as well as support if you get stuck.

 

GridGain also provides Community Edition which is a distribution of Apache Ignite made available by GridGain. It is the fastest and easiest way to get started with Apache Ignite. The Community Edition is generally more stable than the Apache Ignite release available from the Apache Ignite website and may contain extra bug fixes and features that have not made it yet into the release on the Apache website.

 

Let's jump right in!

 

Documentation     Ask a Question     Download

 

Javadoc     Scaladoc     Examples

RBAC Authorization

Overview

Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise.

RBAC uses the rbac.authorization.k8s.io API group to drive authorization decisions, allowing admins to dynamically configure policies through the Kubernetes API.

It's recommended to set up RBAC for your Ignite deployments to have fine-grained control of your deployments and to avoid any security-related issues.

Prerequisites

It's assumed that you already have a Kubernetes cluster deployed. For instance, the following documentation explains how to spin it up on Microsoft Azure.

Namespace Creation

Create a unique namespace for your Ignite deployment. In our case the namespace name is ignite:

apiVersion: v1
kind: Namespace
metadata:
  name: ignite

Run the command below to configure the namespace:

kubectl create -f ignite-namespace.yaml

Service Account Creation

Use the following configuration for Ignite service account:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: ignite
  namespace: ignite

Run the command below to create the account:

kubectl create -f ignite-service-account.yaml

Role Creation

Use the following configuration for a role that will be used by Ignite Service that is used for Ignite nodes auto-discovery and as a LoadBalancer for remote applications:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: ignite
  namespace: ignite
rules:
- apiGroups:
  - ""
  resources: # Here are resources you can access
  - pods
  - endpoints
  verbs: # That is what you can do with them
  - get
  - list
  - watch

Note, if you are not going to use Ignite Service as a LoadBalancer for your external applications, then grant him fewer privileges​ as suggested here.

Run this command to create the role:

kubectl create -f ignite-account-role.yaml

Next, bind this role with your service account and the namespace using the following configuration:

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: ignite
roleRef:
  kind: ClusterRole
  name: ignite
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: ignite
  namespace: ignite

Run this command to create the binding:

kubectl create -f ignite-role-binding.yaml

Finally, switch the current namespace to ignite so that you can see all the resources belonging​ to it:

kubectl config set-context $(kubectl config current-context) --namespace=ignite

Updated 3 minutes ago

RBAC Authorization


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.