Running Ranger

The following file and directories are relevant to running Ranger using Helm.

# resources for executing Helm
└── kubernetes
    └── helm
        └── ranger
            └── values.yaml

# resources for running Ranger
└── kubernetes
    ├── ranger-conf
    └── ranger-key

The file kubernetes/helm/ranger/values.yaml defines the default values for the Helm chart. Typically the user creates another file (e.g., values-ranger.yaml) in order to override some of these default values. The user can update configuration files in the directory kubernetes/ranger-conf and kubernetes/ranger-key/ to control the behavior of Ranger. The user should copy keytab files to the directory kubernetes/ranger-key.

Assuming that a new YAML file values-ranger.yaml overrides the default values in kubernetes/helm/ranger/values.yaml, the user can run Ranger with namespace hivemr3 as follows:

$ ln -s $(pwd)/kubernetes/ranger-conf/ kubernetes/helm/ranger/conf
$ ln -s $(pwd)/kubernetes/ranger-key/ kubernetes/helm/ranger/key
$ helm install --namespace hivemr3 kubernetes/helm/ranger -f values-ranger.yaml

Here the first two commands create symbolic links so that Helm can access the directories kubernetes/ranger-conf and kubernetes/ranger-key directly.

Enabling SSL

In order to enable SSL, the user should have a TrustStore file. Follow the instruction in Enabling SSL to perform the following:

  • Create a self-signed certificate for SSL by executing the script kubernetes/, and set the environment variable MR3_SSL_KEYSTORE_PASSWORD in kubernetes/
  • Configure Ranger to use SSL.

Then execute the script kubernetes/ with an argument --generate-truststore (which is mandatory) in order to create a KeyStore file kubernetes/ranger-key/hivemr3-ssl-certificate.jks.

$ pwd
$ ./ --generate-truststore

Updating kubernetes/helm/ranger/values.yaml

After updating the YAML file values-ranger.yaml and the configuration files, the user can use Helm in the same way to run Ranger. Below we describe each part of kubernetes/helm/ranger/values.yaml.


This part specifies the names of various Kubernetes objects. It is unnecessary to override the default values.

    configMap: hivemr3-ranger-configmap
    secret: hivemr3-ranger-secret
  persistentVolume: workdir-ranger-pv
  persistentVolumeClaim: workdir-ranger-pvc

docker for the Docker image

  user: ranger
  imagePullPolicy: Always
  • docker/image specifies the full name of the Docker image including a tag.
  • docker/user should match the user specified in kubernetes/ranger/Dockerfile when creating the Docker image.
  • docker/imagePullPolicy specifies the pull policy for the Docker image.
  • docker/imagePullSecrets specifies the pull secret for the Docker image. It is set to empty if no pull secret is necessary.

ranger for Ranger

  httpPort: 6080
  httpsPort: 6182
  solrPort: 6083

  createSecret: true

      cpu: 1
      memory: 4Gi
      cpu: 1
      memory: 4Gi
      cpu: 1
      memory: 4Gi
      cpu: 1
      memory: 4Gi
  • ranger/httpPort, ranger/httpsPort, and ranger/solrPort specify the port numbers for exposing Ranger to the outside of the Kubernetes cluster.
  • ranger/externalIp specifies the host for the Service for exposing Ranger to the outside of the Kubernetes cluster.
  • ranger/createSecret specifies whether or not to crate a Secret from those files in the directory kubernetes/ranger-key.
  • ranger/rangerResources specifies the resources to be allocated to the Ranger container inside the Ranger Pod.
  • ranger/solrResources specifies the resources to be allocated to the Solr container inside the Ranger Pod.

workDir for PersistentVolume

  isNfs: true
    server: ""
    path: "/work/nfs/mr3-run-work-dir"
  volumeSize: 10Gi
  volumeClaimSize: 10Gi
  storageClassName: ""
  • workDir/isNfs specifies whether the PersistentVolume uses NFS or not.
  • workDir/nfs/server and workDir/nfs/path specify the address of the NFS server and the path exported by the NFS server (when workDir/isNfs is set to true).
  • workDir/volumeSize and workDir/volumeClaimSize specify the size of the PersistentVolume and the PersistentVolumeClaim.
  • workDir/storageClassName specifies the StorageClass of the PersistentVolume.
  • workDir/volumeStr specifies the PersistentVolume to use when workDir/isNfs is set to false. For example, volumeStr: "hostPath:\n path: /work/nfs/mr3-run-work-dir" creates a hostPath PersistentVolume.

logLevel and hostAliases

logLevel: INFO

- ip: ""
  - "red0"
- ip: ""
  - "indigo0"
- ip: ""
  - "indigo20"
  • logLevel specifies the logging level.
  • hostAliases lists host aliases.