Wang's Tech Blog

Updates from November, 2018 Toggle Comment Threads | Keyboard Shortcuts

• 

  Wang 21:44 on 2018-11-20 Permalink | Reply
  Tags: API ( 18 ), Cloud ( 29 ), Cluster ( 30 ), Docker ( 29 ), Kubernetes ( 40 ), Nginx ( 4 ), Spring Boot ( 10 )   

  Sticky session in Kubernetes 

  As we know RESTful API is stateless, every request will be forward to backend server by round robin mechanism.

  But in some scenario we need sticky session which means request from one client should be forward to one backend server.

  After checking kubernetes documentation we added some annotations under ingress configuration, and it works well.

  annotations:
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/session-cookie-name: "router"
    nginx.ingress.kubernetes.io/session-cookie-hash: "sha1"
  

  If you open Developer Tools in Chrome, you will find the cookie.

  

  Like Loading...
   

  Reply Cancel reply

  Name

  Email

  Website

  Notify me of new comments via email.

  Notify me of new posts via email.

  Δ

• 

  Wang 22:21 on 2018-11-05 Permalink | Reply
  Tags: BigData ( 37 ), Cloud ( 29 ), Cluster ( 30 ), Docker ( 29 ), Hadoop ( 14 ), Hive ( 15 ), Kubernetes ( 40 ), Presto ( 7 ), Security ( 22 )   

  [Presto] Secure with LDAP 

  For security issue we decided to enable LDAP in presto, to deploy presto into kubernetes cluster we build presto image ourselves which include kerberos authentication and LDAP configurations.

  As you see the image structure, configurations under catalog/etc/hive are very important, please pay attention.

  

  krb5.conf and xxx.keytab are used to connect to kerberos

  password-authenticator.properties and ldap_server.pem under etc, hive.properties and hive-security.json under catalog are used to connect to LDAP.

  password-authenticator.properties

  password-authenticator.name=ldap
  ldap.url=ldaps://<IP>:<PORT>
  ldap.user-bind-pattern=xxxxxx
  ldap.user-base-dn=xxxxxx
  

  hive.properties

  connector.name=hive-hadoop2
  hive.security=file
  security.config-file=<hive-security.json>
  hive.metastore.authentication.type=KERBEROS
  hive.metastore.uri=thrift://<IP>:<PORT>
  hive.metastore.service.principal=<SERVER-PRINCIPAL>
  hive.metastore.client.principal=<CLIENT-PRINCIPAL>
  hive.metastore.client.keytab=<KEYTAB>
  hive.config.resources=core-site.xml, hdfs-site.xml
  

  hive-security.json

  {
    "schemas": [{
      "user": "user_1",
      "schema": "db_1",
      "owner": false
    }, {
      "user": " ",
      "schema": "db_1",
      "owner": false
    }, {
      "user": "user_2",
      "schema": "db_2",
      "owner": false
    }],
    "tables": [{
      "user": "user_1",
      "schema": "db_1",
      "table": "table_1",
      "privileges": ["SELECT"]
    }, {
      "user": "user_1",
      "schema": "db_1",
      "table": "table_2",
      "privileges": ["SELECT"]
    }, {
      "user": "user_2",
      "schema": "db_1",
      "table": ".*",
      "privileges": ["SELECT"]
    }, {
      "user": "user_2",
      "schema": "db_2",
      "table": "table_1",
      "privileges": ["SELECT"]
    }, {
      "user": "user_2",
      "schema": "db_2",
      "table": "table_2",
      "privileges": ["SELECT"]
    }],
    "sessionProperties": [{
      "allow": false
    }]
  }
  

  Like Loading...