|
5 | 5 | This is a demo to showcase what can be done with Open Policy Agent around authorization in the Stackable Data Platform. |
6 | 6 | It covers the following aspects of security: |
7 | 7 |
|
8 | | -* Column- and row-level filtering |
9 | | -* OIDC support across the board |
10 | | -* Kerberos on Kubernetes |
11 | | -* Keycloak and flexible group lookup |
12 | | -* Open Policy Agent for the utmost flexibility in building access rules |
13 | 8 |
|
14 | | -across this tech stack: |
15 | 9 |
|
16 | | -* Trino |
17 | | -* Superset |
18 | | -* HDFS |
19 | | -
|
20 | | -
|
21 | | -Install this demo on an existing Kubernetes cluster: |
| 10 | +This demo will: |
| 11 | + |
| 12 | +* Install the Stackable operators |
| 13 | +* Spin up the following data products |
| 14 | +** *Trino*: A fast distributed SQL query engine for big data analytics that helps you explore your data universe. This demo uses it to enable SQL access to the data. |
| 15 | +** *Spark*: A multi-language engine for executing data engineering, data science, and machine learning. This demo uses it to batch-process data from S3 by training and scoring an unsupervised anomaly detection model and writing the results into a Trino table. Spark uses an isolation forest algorithm from the scikit-learn machine learning library in this demo. |
| 16 | +** *HDFS*: A distributed file system that is designed to scale up from single servers to thousands of machines, each offering local computation and storage. |
| 17 | +** *Hive metastore*: A service that stores metadata related to Apache Hive and other services. This demo uses it as metadata storage for Trino and Spark. |
| 18 | +** *Open policy agent (OPA)*: An open-source, general-purpose policy engine unifies policy enforcement across the stack. This demo uses it as the authorizer for Trino, which decides which user can query which data. |
| 19 | +** *Superset*: A modern data exploration and visualization platform. This demo utilizes Superset to retrieve data from Trino via SQL queries and build dashboards on top of that data. |
| 20 | +* Configure security to showcase the following features |
| 21 | +** Column- and row-level filtering |
| 22 | +** OIDC support across the board |
| 23 | +** Kerberos on Kubernetes |
| 24 | +** Keycloak and flexible group lookup |
| 25 | +** Open Policy Agent for the utmost flexibility in building access rules |
| 26 | +
|
| 27 | +The following figure gives an overview of how the components interact with each other: |
22 | 28 |
|
23 | 29 | [source,console] |
24 | 30 | ---- |
|
0 commit comments