Ratel UI Setup with Docker Swarm

@MichelDiz @joaquin

Small Update

I was able to get Dgraph up and loaded w/ Ratel into the Console.

I actually didn’t have to do anything with Endpoints / Proxies although we do have them up? I didn’t configure anything additionally on my end. We use Nginx

I just removed the AWS deploy constraints from yalls YML file and added in the Ratel YAML you sent

connected via :8000

I couldn’t get in with that Groot /Password login… and then once I changed the alpha url to port 8080 inside the client, it connected me through

Sound right or??

Now onto setting up users, I think?

Pic for attention, Potato Gang!!

You don’t need this. You may have the ACL enabled in your cluster, but it is not effectively enabled. So you don’t need to use it.

Users? you mean you wanna use ACL? Pay attention that it is free for 30 days. As it is an Enterprise feature.

honestly idkk, I just assumed I could add like users and stuff like the airbyte login

Nope, Dgraph is very straightforward.

@MichelDiz like I said, I’m kinda getting throw into the fire, idk much about this product. I was just asked to figure out the deployment and get it running

@MichelDiz thanks for your help though, I still need to look into that Networking/Security doc that you sent

Score 1 for the No Degree Fam

There should be caution regarding uses such features after the trial license expires: https://dgraph.io/docs/enterprise-features/

If you need login w/o the enterprise features, then you’ll need to use a reverse proxy in front on the Dgraph Alpha service endpoint or apart of that endpoint.

Another complimentary solution would be to use mutual TLS where the client submits a client certificate that allows access. If you do this directly to the Dgraph Alpha nodes, the docs are at: https://dgraph.io/docs/deploy/tls-configuration/. This will be a high level of complexity if you never set this up before.

In Kubernetes space, there’s a few service meshes that can do the Mutual TLS automatically, but for Docker Swarm, I am not sure, maybe Hashicorp’s Consul (https://www.consul.io/).

Adding some more, another reverse proxy that is popular w/ with Fabio (https://fabiolb.net/) and of course nginx. For oauth2 proxy there’s Oauth2 Proxy.

I mention the reverse-proxy - load balancer part is because this: if you have 3 dgraph alpha nodes for example, you’ll need a reverse proxy + load balancer to send traffic to one of three nodes, so that the traffic is distributed and you have high availability.

1 Like

@joaquin I haven’t really seen much about licensing and features with Trial vs Enterprise

I got sent a **dgraph.io/docs page, and was told to figure it out with multiple clusters

So for now, its all Internal, there won’t be any “clients” for a bit

Could you elaborate on “caution regarding such features” I’m not really sure what that is in reference to

The caution is that if you use Enterprise features like ACLs for user accounts, or binary backups, those features will expire at the end of the trial period. You won’t be able to such features.

Side question, is your organization open to using Kubernetes? As you can see, distributed systems (clusters) are complex in general, more so especially stateful (data) distributed systems. Though Kubernetes also adds a layer or complexity in and of itself, but has a lot of features to make this process smoother, and has a the rich set of open source third party addons (reverse proxies called ingresses, cloud integrations, certificates, service meshes, dns, etc.). Also, Dgraph has a paid service dgraph cloud that can manage this if it becomes too complex (and the enterprise features don’t expire)

1 Like

Ok, Noted – Thank You

I believe we are going to eventually be moving from Docker to K8s, I have deployed OpenStack and installed a Mikro8ks Cluster for testing and breaking, have ingress and dashboard set up and then it will move to Devs to build apps/break things for me to look into?

We are looking at something official from Ubuntu/Canonical potentially, just depends if we will be moving to that private cloud hosting for some “political” clients we have

Will be on-prem, not using any AWS/GCP/Azure

That makes sense. I tried microk8s, but personally was not comfortable with it as they try to handle all the automation for you, but then when things go wrong, I find myself googling snap package issues and or docker containerd vs k8s ocntianerd issues… Some ones I have considered or tinkered with in this case are listed below with my opinion on them, and disclaimer – only experienced hands-on with RKE.

  • Platform9 - looked good, but only support old versions of Ubuntu; Ubuntu 20.04 not yet supported.
  • KubeSpray - built around kubadm with Ansible.
  • RKE - doesn’t use kubeadm, but it’s own set of automation; very easy to set up, once requirements are met

The advantage for any automation the leverages off of kubeadm is that any tools that test compliance of your K8S implementation or security typically work with kubeadm setups. For other platforms, there needs to be customization, for example using a tool like Sonobuoy test harness to run Aqua CIS benchmark tests or K8S E2E tests.

1 Like

I am familiar with Platform9 & Kubesprayl/ kubeadm, not familiar with RKE

I have never really used Ansible, probably over my potato-head capacity

I will look at Sonouoy /Aqua and send your little snippit to CTO so he can poke around


@MichelDiz So I had to reproduce my setup, and I haven’t been able to connect correctly the second time

It has me “Connected” but its giving me that groot login instead of just connecting

@:/$ sudo docker service ls
ID             NAME            MODE         REPLICAS   IMAGE                  PORTS
32ng9mr07ai4   dgraph_alpha1   replicated   1/1        dgraph/dgraph:latest   *:8080->8080/tcp, *:9080->9080/tcp
0ub5rdxhi5j6   dgraph_alpha2   replicated   1/1        dgraph/dgraph:latest   *:8081->8081/tcp, *:9081->9081/tcp
viuw999r2ywu   dgraph_alpha3   replicated   1/1        dgraph/dgraph:latest   *:8082->8082/tcp, *:9082->9082/tcp
hzq62nm261nu   dgraph_ratel    replicated   1/1        dgraph/ratel:latest    *:8000->8000/tcp
l3p46a7qhizi   dgraph_zero     replicated   1/1        dgraph/dgraph:latest   *:5080->5080/tcp, *:6080->6080/tcp

is that because alpha1 is on :8080?

do I need to add *:8080 → 8080/tcp to that ratel service?

ok @MichelDiz – I got it connected, I had to remove https:// for http://

1 Like