ACL Helm chart

kunal76 · May 12, 2023, 10:23am

Hello,
We have deployed the latest version of Dgraph cluster using Helm chart.
We are able to open the ratel UI. But the ACL function is not available for us.

We also tried the ACL helm method mention in this blog
https://dgraph.io/docs/enterprise-features/access-control-lists/

Here are the screenshots for your reference

Let me know if you want any further information or Is there something that we are missing.

MichelDiz · May 13, 2023, 2:05pm

You should follow the first link in this conversation. The helm chart may have some way to enable ACL.

ping - @joaquin

kunal76 · May 15, 2023, 5:48am

We tried the first link solution. But still we are facing with the same error. We are not sure how to proceed further.

MichelDiz · May 15, 2023, 6:06am

Can you explain what exactly the problem is? The post had several situations.

The helm has examples like

github.com

dgraph-io/charts/blob/master/charts/dgraph/example_values/v20.11/alpha-acl-secrets.yaml

## alpha-acl-secret.yaml
## * https://dgraph.io/docs/v20.11/enterprise-features/access-control-lists/
alpha:
  acl:
    file:
      ## Demonstration Purposes Only: 12345678901234567890123456789012
      ## Note that Kubernetes secrets must be base64-encoded
      ##  Example:
      ##   printf '12345678901234567890123456789012' | base64
      hmac_secret_file: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=

kunal76 · May 15, 2023, 6:34am

Yes, we have mentioned the hmac secret file in the same manner.
We are deploying latest helm chart. We are mentioning the hmac secret in values.yaml.
After deployment, we cannot take a backup, log in using the default username and password.
The data is also not getting stored in the database. We see 0 Bytes in the cluster option of the ratel UI.
Here is an image for your reference.

MichelDiz · May 15, 2023, 6:21pm

Sure, let me try on my end with my local k8s and see if I fail to do the same.
Maybe @joaquin could help faster than me. Cuz it will take some time to create the scenario and I’m working in other stuff and helping others too. So it will take time.

Cheers.

MichelDiz · May 16, 2023, 1:53am

Hey Kunal.

I was able to set up a local cluster with helm and ACL as the mentioned steps.

I did

vim dgraph_values.yaml

alpha:
  acl:
    enabled: true
    file:
      hmac_secret_file: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMQo=
  configFile:
    config.yaml: |
      acl:
        secret_file: /dgraph/acl/hmac_secret_file
      security:
        whitelist: 10.0.0.0/8,172.0.0.0/8,192.168.0.0/16

then I did

helm install “michel-dgraph-acl” --values ./dgraph_values.yaml dgraph/dgraph

And I got from the Alpha logs

I0516 01:45:35.103446      20 run.go:811] ACL secret key loaded successfully.

And from Ratel I got

Logged in as **groot**

Namespace: 0

All good.

Are you running k8s where? cloud? locally? some custom stuff?

kunal76 · May 16, 2023, 11:33am

I’m running it on k8s.
I have also mentioned the exact thing as you are doing

MichelDiz · May 16, 2023, 4:11pm

We reached a dead end. Try to redo all the steps from scratch. it worked for me on a clean instance.