Skip to main content
Version Next

Integrations — Ranger

Integration overview

The tdp-ranger chart supports integrations via rangerIntegrations (Kafka, NiFi, Trino), with a configJob to apply configuration after Ranger is available.

Prerequisites

  • Ranger deployed and accessible at the URL/port exposed by your values/subchart
  • Target services deployed and reachable when the respective integration is enabled: true

Enabling integrations

The same values schema is exposed under rangerIntegrations.*, tdp-ranger.rangerIntegrations.*, and global.rangerIntegrations.*; adjust according to your package (helm show values).

Installation with flags (Kafka example):

Terminal input
helm upgrade --install <release> oci://registry.tecnisys.com.br/tdp/charts/tdp-ranger \
  -n <namespace> \
  --set rangerIntegrations.kafka.enabled=true \
  --set rangerIntegrations.kafka.connection.bootstrapServers=<kafka-bootstrap-servers> \
  --set rangerIntegrations.kafka.connection.zookeeperConnect=<zookeeper-connect>

To combine multiple values files (names depend on your package):

Terminal input
helm upgrade --install <release> oci://registry.tecnisys.com.br/tdp/charts/tdp-ranger \
  -n <namespace> \
  -f <base-file>.yaml \
  -f <integrations-file>.yaml

YAML examples (placeholders)

Replace hosts, users, and secrets with the actual resources in your cluster.

Kafka

rangerIntegrations:
  kafka:
    enabled: true
    serviceName: "<kafka-service-name>"
    serviceDisplayName: "<kafka-display-name>"
    connection:
      bootstrapServers: "<kafka-bootstrap>.<namespace>.svc.cluster.local:9092"
      zookeeperConnect: "<zookeeper>.<namespace>.svc.cluster.local:2181"
      securityProtocol: "PLAINTEXT"
    credentials:
      username: "<username>"
      password: "<password>"

NiFi

rangerIntegrations:
  nifi:
    enabled: true
    serviceName: "<nifi-service-name>"
    serviceDisplayName: "<nifi-display-name>"
    connection:
      nifiUrl: "http://<nifi-service>.<namespace>.svc.cluster.local:8080"
      authenticationType: "none"
    credentials:
      username: "<username>"
      password: "<password>"

Trino

rangerIntegrations:
  trino:
    enabled: true
    serviceName: "<trino-service-name>"
    serviceDisplayName: "<trino-display-name>"
    connection:
      jdbcUrl: "jdbc:trino://<trino-service>.<namespace>.svc.cluster.local:8080"
      jdbcDriverClassName: "io.trino.jdbc.TrinoDriver"
    credentials:
      username: "<username>"
      password: "<password>"

Default policies

Each integration can include defaultPolicies as a list of objects; the exact content depends on your values file and chart version. There is no fixed list of guaranteed policies — validate in the Ranger UI after the job completes.

Verification

Terminal input
kubectl -n <namespace> get jobs
kubectl -n <namespace> logs job/<job-name>

The job name follows the Helm release pattern; identify it with kubectl get jobs -n <namespace>.