Ranger K8s Operator
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/stable | 33 | 12 Nov 2024 | |
| latest/beta | 23 | 06 Mar 2024 | |
| latest/edge | 36 | 13 Jun 2025 |
juju deploy ranger-k8s
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
-
charm-function | string
Default: admin
The function the charm should provide, either
adminorusersync. -
external-hostname | string
Default: ranger-k8s
The DNS listing used for external connections. Will default to the name of the deployed application.
-
lookup-timeout | int
Default: 3000
The default timeout for the resource auto-complete functionality for Ranger service in ms.
-
policy-mgr-url | string
Default: http://ranger-k8s:6080
-
ranger-admin-password | string
Default: rangerR0cks!
The password for Ranger Admin user. Password can not be changed using this property after initial deployment. It can be changed in the UI. Password should be minimum 8 characters with min one alphabet and one numeric.
-
ranger-usersync-password | string
Default: rangerR0cks!
The password for the user that synchronizes users and groups from LDAP to Ranger admin. Password can not be changed using this property after initial deployment. It can be changed in the UI. Password should be minimum 8 characters with min one alphabet and one numeric.
-
sync-group-member-attribute-name | string
Default: memberUid
The attribute in the Group which specifies members.
-
sync-group-object-class | string
Default: posixGroup
The object class corresponding to groups for ldapsearch.
-
sync-group-search-base | string
Search base for ldap groups. If not specified this takes the value of
sync-ldap-search-base. -
sync-group-search-enabled | boolean
Default: True
Set to true to sync groups without users.
-
sync-group-user-map-sync-enabled | boolean
Default: True
Set to true to sync groups without users.
-
sync-interval | int
Default: 3600000
The interval in ms to synchronize the users/groups from ldap. Note: this can not be less than hourly (3600000) for LDAP.
-
sync-ldap-bind-dn | string
The bind domain name for ldap synchronization.
-
sync-ldap-bind-password | string
Default: admin
The bind password for ldap synchronization.
-
sync-ldap-deltasync | boolean
Default: True
Enable to incrementally sync as opposed to full sync after initial run.
-
sync-ldap-group-search-scope | string
Default: sub
Search scope for the groups. Allowed values:
base,oneandsub. -
sync-ldap-search-base | string
Search base for ldap users and groups.
-
sync-ldap-url | string
The url of the ldap to synchronize users from. In format
ldap://<host>:<port>. -
sync-ldap-user-group-name-attribute | string
Default: memberOf
Attribute from user entry whose values would be treated as group values to be pushed into Policy Manager database.
-
sync-ldap-user-name-attribute | string
Default: uid
Attribute from user entry that would be treated as user name.
-
sync-ldap-user-object-class | string
Default: person
The object class corresponding to users for ldapsearch.
-
sync-ldap-user-search-base | string
Search base for ldap users.
-
sync-ldap-user-search-filter | string
Optional additional filter constraining the users selected for syncing.
-
sync-ldap-user-search-scope | string
Default: sub
Search scope for the users. Allowed values:
base,oneandsub. -
tls-secret-name | string
Default: ranger-tls
Name of the k8s secret which contains the TLS certificate to be used by ingress.