-
Notifications
You must be signed in to change notification settings - Fork 499
edu-8: tweak self-managed installs for resource delays + security men… #35216
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| --- | ||
| headless: true | ||
| --- | ||
| {{< warning >}} | ||
| Once enabled, ensure that the `authenticatorKind` field is set for any future version upgrades or rollouts of the Materialize CR. Having it undefined will reset `authenticationKind` to `None`. | ||
| {{< /warning >}} |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -120,6 +120,17 @@ An active AWS account with appropriate permissions to create: | |
|
|
||
| {{< /warning >}} | ||
|
|
||
| {{< tip >}} | ||
|
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Just added this little blurb so as to plant seed about auth/security.
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should we just point to the authentication page rather than suggesting SASL/SCRAM? seems more future proof.
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can do so. |
||
|
|
||
| The simple example used in this tutorial enables [Password | ||
| authentication](https://github.com/MaterializeInc/materialize-terraform-self-managed/blob/main/aws/examples/simple/main.tf#L380) | ||
| for the Materialize instance. To use a different authentication method, update | ||
| [`authenticator_kind`](https://github.com/MaterializeInc/materialize-terraform-self-managed/blob/main/kubernetes/modules/materialize-instance/README.md#input_authenticator_kind). | ||
| See [Authentication](/security/self-managed/authentication/) for the supported | ||
| authentication mechanisms. | ||
|
|
||
| {{< /tip >}} | ||
|
|
||
| ### Step 1: Set Up the Environment | ||
|
|
||
| 1. Open a terminal window. | ||
|
|
@@ -331,18 +342,19 @@ guide](/self-managed-deployments/deployment-guidelines/aws-deployment-guidelines | |
|
|
||
| See also: | ||
|
|
||
| - [Configuring System | ||
| Parameters](/self-managed-deployments/configuration-system-parameters/) | ||
| - [Materialize Operator | ||
| Configuration](/self-managed-deployments/operator-configuration/) | ||
| - [Materialize CRD Field | ||
| Descriptions](/self-managed-deployments/materialize-crd-field-descriptions/) | ||
|
|
||
|
|
||
| ## Cleanup | ||
|
|
||
| {{% self-managed/cleanup-cloud %}} | ||
|
|
||
|
|
||
| ## See Also | ||
|
|
||
|
|
||
| - [Troubleshooting](/self-managed-deployments/troubleshooting/) | ||
| - [Security](/security/self-managed/) | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -130,12 +130,13 @@ Starting in v26.0, Self-Managed Materialize requires a license key. | |
| name: materialize-backend | ||
| namespace: materialize-environment | ||
| stringData: | ||
| metadata_backend_url: "postgres://materialize_user:materialize_pass@postgres.materialize.svc.cluster.local:5432/materialize_db?sslmode=disable" | ||
| persist_backend_url: "s3://minio:minio123@bucket/12345678-1234-1234-1234-123456789012?endpoint=http%3A%2F%2Fminio.materialize.svc.cluster.local%3A9000®ion=minio" | ||
| license_key: "<enter your license key here>" | ||
| metadata_backend_url: "postgres://materialize_user:materialize_pass@postgres.materialize.svc.cluster.local:5432/materialize_db?sslmode=disable" | ||
| persist_backend_url: "s3://minio:minio123@bucket/12345678-1234-1234-1234-123456789012?endpoint=http%3A%2F%2Fminio.materialize.svc.cluster.local%3A9000®ion=minio" | ||
| license_key: "<enter your license key here>" | ||
| --- | ||
| ``` | ||
|
|
||
|
|
||
| 1. Install the Materialize Helm chart. | ||
|
|
||
| 1. Add the Materialize Helm chart repository. | ||
|
|
@@ -272,6 +273,12 @@ Starting in v26.0, Self-Managed Materialize requires a license key. | |
|
|
||
| 1. Verify the installation and check the status: | ||
|
|
||
| {{< note >}} | ||
| It may take approximately 1-2 minutes for all resources to appear in the | ||
| namespace. Allow up to 90 seconds before verifying resource creation with | ||
| `kubectl get` commands. | ||
| {{< /note >}} | ||
|
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Added the little note here
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Did we ever determine if this was just a resource constraint issue, we should have this warning, but honestly we should fix this so it deploys faster.
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Agree. I believe we opened a github issue https://github.com/MaterializeInc/database-issues/issues/10099 ... although, I wonder if it should be opened now in linear. |
||
|
|
||
| ```shell | ||
| kubectl get all -n materialize-environment | ||
| ``` | ||
|
|
@@ -323,10 +330,14 @@ Starting in v26.0, Self-Managed Materialize requires a license key. | |
|
|
||
| {{< /tip >}} | ||
|
|
||
|
|
||
| ## Next steps | ||
|
|
||
| {{% self-managed/next-steps %}} | ||
|
|
||
| - To enable authentication and authorization, see | ||
| [Security](/security/self-managed/). | ||
|
|
||
| ## Clean up | ||
|
|
||
| To delete the whole local deployment (including Materialize instances and data): | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://preview.materialize.com/materialize/35216/security/self-managed/authentication/