Info |
---|
CDAPCDAP CDAP installation on Kubernetes was introduced in CDAP 6.2.3. |
...
To enable the Authentication Service in K8s environment to provide Perimeter Security, extra configurations are needed in the CDAP YAML file.
Set the following configurations in the CDAP YAML file "config:" section.
Code Block language bash # Enable perimeter security security.enabled: "true" # A key file generated by the AuthenticationTool that is mapped into the pod via k8s secret (see below for instructions) security.data.keyfile.path: "/etc/cdap/auth/auth.key" # Disable kerberos (it is defaulted to true when security.enabled is true) kerberos.auth.enabled: "false"
Add configurations for the the authentication handler based on Configuring Managed Authentication under the "config:" section.
Use the CDAP docker image to generate an "auth.key" file.
Code Block docker run -it --rm \ --mount type=bind,source=$(pwd),target=/auth \ gcr.io/cdapio/cdap:latest \ io.cdap.cdap.security.tools.AuthenticationTool -g /auth/auth.key
Create a k8s secret from the "auth.key" file.
Code Block kubectl create secret generic cdap-auth --from-file=auth.key
Add the secret to the CDAP YAML file to map the secret into CDAP pods by adding a "secretVolumes" (same level as other options, like "config").
Code Block config: .... secretVolumes: cdap-auth: "/etc/cdap/auth"
Now, you can start CDAP with security enabled, without needing Zookeeper.
...