IP range whitelist for /admin/export

Hi All,

In managing multiple dgraph instances, it is becoming cumbersome to go inside each docker container and do a backup via /admin/export. Resurrecting this post from @mrjn, Unable to run /admin/export on server via Putty - #5 by mrjn, would it make sense to implement a whitelist feature for /admin/backup?

My specific setup: I’m using docker with user-defined networks. So my app is running one container, and that app accesses the dgraph instance via docker DNS at “dgraph:8080”. When I try to trigger a backup from the app container, the IP recognized by dgraph is 172.19.0.4. I need graph to allow the app container to trigger backups.

In preparing to scale our app, we are planning on learning how to get dgraph up and running on Kubernetes, so we’ll need a solution that works with kubernetes as well - ideally without having to think about specific IP addresses. I’ve seen some activity on Kubernetes support in the dgraph repo…looking forward to trying this out.

Hey @tamethecomplex

Sure, we could allow whitelisting certain IP addresses. Could you create an issue for the same on Github?

I have added some docs for Kubernetes at Get started with Dgraph. Feel free to give it a try and give us feedback.

Thanks @pawan, just created a new issue at: IP range whitelist for admin/export · Issue #1924 · dgraph-io/dgraph · GitHub.

Also, not sure what you guys foresee for backup options in the future, but I added a note to the issue about maybe getting the export files as a file stream from the export endpoint.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.