This is an automated email from the ASF dual-hosted git repository.
nehapawar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git
The following commit(s) were added to refs/heads/master by this push:
new b028499439 Adding acl support for helm chart (#8816)
b028499439 is described below
commit b0284994393c09d79917e529592b8ac10258e9ea
Author: Xiang Fu <[email protected]>
AuthorDate: Thu Jun 2 10:20:05 2022 -0700
Adding acl support for helm chart (#8816)
---
kubernetes/helm/pinot/templates/broker/configmap.yaml | 6 ++++++
kubernetes/helm/pinot/templates/controller/configmap.yaml | 8 +++++++-
kubernetes/helm/pinot/values.yaml | 12 ++++++++++++
3 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/kubernetes/helm/pinot/templates/broker/configmap.yaml
b/kubernetes/helm/pinot/templates/broker/configmap.yaml
index 8f7d3a8bfc..37161272c2 100644
--- a/kubernetes/helm/pinot/templates/broker/configmap.yaml
+++ b/kubernetes/helm/pinot/templates/broker/configmap.yaml
@@ -26,3 +26,9 @@ data:
pinot.broker.client.queryPort={{ .Values.broker.service.port }}
pinot.broker.routing.table.builder.class={{
.Values.broker.routingTable.builderClass }}
{{ .Values.broker.extra.configs | indent 4 }}
+{{- if .Values.pinotAuth.enabled}}
+ pinot.broker.access.control.class={{ .Values.pinotAuth.brokerFactoryClass
}}
+{{- range $config := .Values.pinotAuth.configs}}
+{{ printf "pinot.broker.%s" $config | indent 4 -}}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/helm/pinot/templates/controller/configmap.yaml
b/kubernetes/helm/pinot/templates/controller/configmap.yaml
index bac1d8221d..2db39593bb 100644
--- a/kubernetes/helm/pinot/templates/controller/configmap.yaml
+++ b/kubernetes/helm/pinot/templates/controller/configmap.yaml
@@ -31,4 +31,10 @@ data:
{{- end }}
controller.data.dir={{ .Values.controller.data.dir }}
controller.zk.str={{ include "zookeeper.url" . }}
-{{ .Values.controller.extra.configs | indent 4 }}
\ No newline at end of file
+{{ .Values.controller.extra.configs | indent 4 }}
+{{- if .Values.pinotAuth.enabled}}
+ controller.admin.access.control.factory.class={{
.Values.pinotAuth.controllerFactoryClass }}
+{{- range $config := .Values.pinotAuth.configs}}
+{{ printf "controller.admin.%s" $config | indent 4 -}}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/helm/pinot/values.yaml
b/kubernetes/helm/pinot/values.yaml
index 31b362bad6..503aa21747 100644
--- a/kubernetes/helm/pinot/values.yaml
+++ b/kubernetes/helm/pinot/values.yaml
@@ -54,6 +54,18 @@ serviceAccount:
additionalMatchLabels: {}
+
+pinotAuth:
+ enabled: false
+ controllerFactoryClass:
org.apache.pinot.controller.api.access.BasicAuthAccessControlFactory
+ brokerFactoryClass:
org.apache.pinot.broker.broker.BasicAuthAccessControlFactory
+ configs:
+ # - access.control.principals=admin,user
+ # - access.control.principals.admin.password=verysecret
+ # - access.control.principals.user.password=secret
+ # - access.control.principals.user.tables=baseballStats,otherstuff
+ # - access.control.principals.user.permissions=READ
+
#
------------------------------------------------------------------------------
# Pinot Controller:
#
------------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
