KubeMQ Docs
KubeMQ.ioLogin / Register
  • Introduction
  • What's New
  • Getting Started
    • Quick Start
    • Build & Deploy
    • Create Cluster
      • Build & Deploy
      • Helm
      • Openshift
    • Create Connector
      • Build & Deploy
      • Helm
      • Openshift
    • Message Patterns
      • Queues
      • Pub/Sub
      • RPC
  • Learn
    • The Basics
      • Channels
      • Smart Routing
      • Grouping
    • Message Patterns
      • Queues
      • Pub/Sub
      • RPC
    • Access Control
      • Authentication
      • Authorization
      • Notifications
    • Clustering and HA
    • Connectors
      • KubeMQ Targets
      • KubeMQ Sources
      • KubeMQ Bridges
  • Configuration
    • Cluster
      • Set Cluster Name
      • Set Cluster Namespace
      • Set Persistent Volume
      • Set Cluster Replicas
      • Set Cluster Image
      • Set Cluster Security
      • Set Authentication
      • Set Authorization
      • Set Notification
      • Set License
      • Set gRPC Interface
      • Set Rest Interface
      • Set Api Interface
      • Set Store Settings
      • Set Queues Settings
      • Set Routing
      • Set Health Probe
      • Set Resources Limits
      • Set Logs
      • Set Node Selectors
    • Connectors
      • KubeMQ Targets
        • Standalone
          • Redis
          • Memcached
          • Postgres
          • Mysql
          • MSSql
          • Percona
          • Aerospike
          • ReThinkDB
          • MongoDB
          • Elastic Search
          • Cassandra
          • Couchbase
          • CockroachDB
          • Kafka
          • Nats
          • MQTT
          • ActiveMQ
          • IBM-MQ
          • Minio/S3
          • OpenFaas
          • HTTP
        • AWS
          • Athena
          • DynamoDB
          • Elastic Search
          • KeySpaces
          • MariaDB
          • MSSql
          • MySQL
          • Postgres
          • RedShift
          • RedShift Service
          • AmazonMQ
          • MSK
          • Kinesis
          • SQS
          • SNS
          • S3
          • Lambda
          • CloudWatch Logs
          • CloudWatch Events
          • CloudWatch Metrics
        • GCP
          • Redis
          • Memcached
          • Postgres
          • Mysql
          • BigQuery
          • BigTable
          • Firestore
          • Spanner
          • Firebase
          • Pub/Sub
          • Storage
          • Functions
        • Azure
          • Azure SQL
          • Mysql
          • Postgres
          • Blob
          • Files
          • Queue
          • Events Hub
          • Service Bus
        • Sources
          • Queue
          • Events
          • Events Store
          • Command
          • Query
      • KubeMQ Sources
        • HTTP
        • Messaging
          • Kafka
          • RabbitMQ
          • MQTT
          • ActiveMQ
          • IBM-MQ
          • Nats
        • AWS
          • AmazonMQ
          • MSK
          • SQS
        • GCP
          • Pub/Sub
        • Azure
          • EventHubs
          • ServiceBus
        • Targets
          • Queue
          • Events
          • Events Store
          • Command
          • Query
      • KubeMQ Bridges
        • Targets
          • Queue
          • Events
          • Events Store
          • Command
          • Query
        • Sources
          • Queue
          • Events
          • Events Store
          • Command
          • Query
    • Docker
  • HOW TO
    • Connect Your Cluster
    • Show Dashboard
    • Get Cluster Status
    • Get Cluster Logs
  • SDK
    • Java
    • Java (Springboot)
    • C# (.NET)
    • Go
    • Python
    • Node
    • Rest
  • Troubleshooting
    • Start Here
  • License
    • Open Source Software Notices
Powered by GitBook
On this page

Was this helpful?

  1. Configuration
  2. Cluster

Set Authorization

PreviousSet AuthenticationNextSet Notification

Last updated 5 years ago

Was this helpful?

Flags

Flag

Type/Options

Default

Description

--authorization-enabled

string

false

Enable authorization configuration

--authorization-policy-data

string

""

Set authorization policy data

--authorization-policy-file

string

""

set authorization policy filename

--authorization-url

string url

""

Set authorization policy loading url

--authorization-auto-reload

int

0

Set auto reload policy data from url

Examples

Set predefined authorization rules policy where policy.json is json array of access control rules:

kubemqctl create cluster --authorization-enabled --authorization-policy-file ./policy.json

Set authorization web service rules source:

kubemqctl create cluster --authorization-enabled --authorization-url "http://your.url.rules/" --authorization-auto-reload 120

KubeMQ will call "" every 120 seconds and pulls the Authorization policy json array

Values

Value

Type/Options

Default

Description

authorization.PolicyData

string

""

Set Authorization policy data

authorization.url

string url

""

Set Optional authorization server url for policy data

authorization.autoReload

int

0

Set auto reload policy data from url

Examples

Set predefined authorization rules policy where policy.json is json array of access control rules:

helm install kubemq-cluster --set-file authorization.policyData=./policy.json kubemq-charts/kubemq

Set authorization web service rules source:

helm install kubemq-cluster --set authorization.url="http://your.url.rules/",authorization.autoReload=120 kubemq-charts/kubemq

Fields

Field

Type/Options

Default

Description

policyData

string

""

Set Authorization policy data

url

string url

""

Set Optional authorization server url for policy data

autoReload

int

0

Set auto reload policy data from url

Examples

Set predefined authorization rules policy where policy.json is json array of access control rules:

Run:

kubectl apply -f {below-yaml-file}
apiVersion: core.k8s.kubemq.io/v1alpha1
kind: KubemqCluster
metadata:
  name: kubemq-cluster
  namesapce: kubemq
  labels:
    app: kubemq-cluster
spec:
  replicas: 3
  authorization:
    policy: |-
      [
         {
            "ClientID":"client-1",
            "Events":true,
            "EventsStore": false,
            "Queues": false,
            "Commands": false,
            "Queries": false,
            "Channel":"foo.bar.1",
            "Read":false,
            "Write": true
         },
         {
            "ClientID":"client-2",
            "Events":true,
            "EventsStore": false,
            "Queues": false,
            "Commands": false,
            "Queries": false,
            "Channel":"foo.bar.2",
            "Read":false,
            "Write": true
         },
      ]

Set authorization web service rules source:

Run:

kubectl apply -f {below-yaml-file}
apiVersion: core.k8s.kubemq.io/v1alpha1
kind: KubemqCluster
metadata:
  name: kubemq-cluster
  namesapce: kubemq
  labels:
    app: kubemq-cluster
spec:
  replicas: 3
  authorization:
    url: "http://your.url.rules/"
    autoReload: 120

http://your.url.rules
Learn Access Control - Authorization Feature