Influxdata
/
docs-v2
mirror of https://github.com/influxdata/docs-v2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into fix-test-product-environments

pull/5556/head
Jason Stirnaman 2024-08-07 14:03:27 -05:00 committed by GitHub
parent 67e4084cf0 bd48f82dee
commit 0df14666cc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 519 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
assets/styles/layouts/_syntax-highlighting.scss
View File

@ -114,6 +114,9 @@ pre[class*="language-"] {
.nl, /* Name.Label */ .nl, /* Name.Label */
.si /* Literal.String.Interpol */ .si /* Literal.String.Interpol */
{ color: $article-code-accent4 } { color: $article-code-accent4 }
.gd /* Generic.Deleted strike-through*/
{ text-decoration: line-through; }
.m, /* Literal.Number */ .m, /* Literal.Number */
.ni, /* Name.Entity */ .ni, /* Name.Entity */

2
content/influxdb/clustered/admin/custom-partitions/_index.md
View File

@ -7,7 +7,7 @@ description: >
menu: menu:
influxdb_clustered: influxdb_clustered:
parent: Administer InfluxDB Clustered parent: Administer InfluxDB Clustered
weight: 103 weight: 104
influxdb/clustered/tags: [storage] influxdb/clustered/tags: [storage]
related: related:
- /influxdb/clustered/reference/internals/storage-engine/ - /influxdb/clustered/reference/internals/storage-engine/

2
content/influxdb/clustered/admin/databases/_index.md
View File

@ -9,7 +9,7 @@ description: >
menu: menu:
influxdb_clustered: influxdb_clustered:
parent: Administer InfluxDB Clustered parent: Administer InfluxDB Clustered
weight: 102 weight: 103
influxdb/clustered/tags: [databases] influxdb/clustered/tags: [databases]
--- ---

2
content/influxdb/clustered/admin/tables/_index.md
View File

@ -8,7 +8,7 @@ description: >
menu: menu:
influxdb_clustered: influxdb_clustered:
parent: Administer InfluxDB Clustered parent: Administer InfluxDB Clustered
weight: 102 weight: 103
influxdb/clustered/tags: [tables] influxdb/clustered/tags: [tables]
--- ---

4
content/influxdb/clustered/admin/tokens/_index.md
View File

@ -8,13 +8,13 @@ description: >
menu: menu:
influxdb_clustered: influxdb_clustered:
parent: Administer InfluxDB Clustered parent: Administer InfluxDB Clustered
weight: 102 weight: 103
influxdb/clustered/tags: [tokens] influxdb/clustered/tags: [tokens]
--- ---
InfluxDB uses token authentication to authorize access to data in your InfluxDB uses token authentication to authorize access to data in your
{{< product-name omit=" Clustered" >}} cluster. {{< product-name omit=" Clustered" >}} cluster.
There are two types of tokens: With {{< product-name >}}, there are two types of tokens:
- [Database tokens](#database-tokens) - [Database tokens](#database-tokens)
- [Management tokens](#management-tokens) - [Management tokens](#management-tokens)

34
content/influxdb/clustered/admin/users/_index.md
View File

@ -1,18 +1,32 @@
--- ---
title: Manage InfluxDB Clustered users title: Manage users in your InfluxDB cluster
description: > description: >
Add or remove users by updating your `myinfluxdb.yml` file and re-applying the configuration. Manage users with administrative access to your InfluxDB cluster through your
identity provider and your InfluxDB `AppInstance` resource.
menu: menu:
influxdb_clustered: influxdb_clustered:
name: Manage users name: Manage users
parent: Administer InfluxDB Clustered parent: Administer InfluxDB Clustered
weight: 101 weight: 102
draft: true cascade:
related:
- /influxdb/clustered/install/auth/
- /influxdb/clustered/install/configure-cluster/
--- ---
To add or remove users, update the users list in the `myinfluxdb.yml` file. Manage users with administrative access to your InfluxDB cluster through your
The users list is found at `spec.package.spec.admin.users`. [identity provider](/influxdb/clustered/install/auth/) and your InfluxDB
After updating the list, re-apply `myinfluxdb.yml`. `AppInstance` resource. Administrative access lets users perform actions like
To learn how to apply `myinfluxdb.yml`, see [Deploy an InfluxDB cluster](/influxdb/clustered/install/deploy). creating databases and tokens.
After `myinfluxdb.yml` has been applied, updates take a couple of minutes to complete.
When the updates are finished, new users will have been added, and removed users will have been deleted. {{% note %}}
#### Users versus database tokens
All _users_ have administrative access to your cluster and can perform
administrative actions in your InfluxDB cluster.
_Database tokens_ authorize read and write access to databases in your InfluxDB
cluster. A person or client doesn't need to be a user to read and write data in your cluster,
but they must have a database token.
{{% /note %}}
{{< children >}}

347
content/influxdb/clustered/admin/users/add.md Normal file
View File

@ -0,0 +1,347 @@
---
title: Add a user to your InfluxDB cluster
list_title: Add a user
description: >
Add a user with administrative access to your InfluxDB cluster through your
identity provider and your InfluxDB `AppInstance` resource.
menu:
influxdb_clustered:
name: Add a user
parent: Manage users
weight: 201
---
Add a user with administrative access to your InfluxDB cluster through your
[identity provider](/influxdb/clustered/install/auth/) and your InfluxDB
`AppInstance` resource:
1. Use your identity provider to create an OAuth2 account for the user that
needs administrative access to your InfluxDB cluster.
**Refer to your identity provider's documentation for information about
adding users:**
- [Keycloak: Creating users {{% icon "export" %}}](https://www.keycloak.org/docs/latest/server_admin/#proc-creating-user_server_administration_guide)
- [Microsoft Entra ID: How to create, invite, and delete users {{% icon "export" %}}](https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/add-users)
- [Auth0: Team member management {{% icon "export" %}}](https://auth0.com/docs/get-started/auth0-teams/team-member-management)
2. Add the user to your InfluxDB `AppInstance` resource.
You can edit your `AppInstance` resource directly in your `myinfluxdb.yml`,
or, if you're using the
[InfluxDB Clustered Helm chart](https://github.com/influxdata/helm-charts/tree/master/charts/influxdb3-clustered),
you can add users to your `values.yaml` to modify your `AppInstance`
resource. Required credentials depend on your identity provider.
{{< tabs-wrapper >}}
{{% tabs %}}
[AppInstance](#)
[Helm](#)
{{% /tabs %}}
{{% tab-content %}}
<!----------------------------- BEGIN AppInstance ----------------------------->
If editing your `AppInstance` resource directly, provide values for the
following fields in your `myinfluxdb.yml` configuration file:
- `spec.package.spec.admin`
- `identityProvider`: Identity provider name.
_If using Microsoft Entra ID (formerly Azure Active Directory), set the name
to `azure`_.
- `jwksEndpoint`: JWKS endpoint provide by your identity provider.
- `users`: List of OAuth2 users to grant administrative access to your
InfluxDB cluster. IDs are provided by your identity provider.
Below are examples for **Keycloak**, **Auth0**, and **Microsoft Entra ID**, but
other OAuth2 providers should work as well:
{{< code-tabs-wrapper >}}
{{% code-tabs %}}
[Keycloak](#)
[Auth0](#)
[Microsoft Entra ID](#)
{{% /code-tabs %}}
{{% code-tab-content %}}
{{% code-callout "keycloak" "green" %}}
{{% code-placeholders "KEYCLOAK_(HOST|REALM|USER_ID)" %}}
```yaml
apiVersion: kubecfg.dev/v1alpha1
kind: AppInstance
# ...
spec:
package:
spec:
admin:
identityProvider: keycloak
jwksEndpoint: |-
https://KEYCLOAK_HOST/auth/realms/KEYCLOAK_REALM/protocol/openid-connect/certs
users:
# All fields are required but `firstName`, `lastName`, and `email` can be
# arbitrary values. However, `id` must match the user ID provided by Keycloak.
- id: KEYCLOAK_USER_ID
firstName: Marty
lastName: McFly
email: mcfly@influxdata.com
```
{{% /code-placeholders %}}
{{% /code-callout %}}
Replace the following:
- {{% code-placeholder-key %}}`KEYCLOAK_HOST`{{% /code-placeholder-key %}}:
Host and port of your Keycloak server
- {{% code-placeholder-key %}}`KEYCLOAK_REALM`{{% /code-placeholder-key %}}:
Keycloak realm
- {{% code-placeholder-key %}}`KEYCLOAK_USER_ID`{{% /code-placeholder-key %}}:
Keycloak user ID to grant InfluxDB administrative access to
_(See [Find user IDs with Keycloak](/influxdb/clustered/install/auth/#find-user-ids-with-keycloak))_
---
{{% /code-tab-content %}}
{{% code-tab-content %}}
{{% code-callout "auth0" "green" %}}
{{% code-placeholders "AUTH0_(HOST|USER_ID)" %}}
```yaml
apiVersion: kubecfg.dev/v1alpha1
kind: AppInstance
# ...
spec:
package:
spec:
admin:
identityProvider: auth0
jwksEndpoint: |-
https://AUTH0_HOST/.well-known/openid-configuration
users:
- AUTH0_USER_ID
```
{{% /code-placeholders %}}
{{% /code-callout %}}
Replace the following:
- {{% code-placeholder-key %}}`AUTH0_HOST`{{% /code-placeholder-key %}}:
Host and port of your Auth0 server
- {{% code-placeholder-key %}}`AUTH0_USER_ID`{{% /code-placeholder-key %}}:
Auth0 user ID to grant InfluxDB administrative access to
---
{{% /code-tab-content %}}
{{% code-tab-content %}}
{{% code-callout "azure" "green" %}}
{{% code-placeholders "AZURE_(USER|TENANT)_ID" %}}
```yaml
apiVersion: kubecfg.dev/v1alpha1
kind: AppInstance
# ...
spec:
package:
spec:
admin:
identityProvider: azure
jwksEndpoint: |-
https://login.microsoftonline.com/AZURE_TENANT_ID/discovery/v2.0/keys
users:
- AZURE_USER_ID
```
{{% /code-placeholders %}}
{{% /code-callout %}}
Replace the following:
- {{% code-placeholder-key %}}`AZURE_TENANT_ID`{{% /code-placeholder-key %}}:
Microsoft Entra tenant ID
- {{% code-placeholder-key %}}`AZURE_USER_ID`{{% /code-placeholder-key %}}:
Microsoft Entra user ID to grant InfluxDB administrative access to
_(See [Find user IDs with Microsoft Entra ID](/influxdb/clustered/install/auth/?t=Microsoft+Entra+ID#find-user-ids-with-microsoft-entra-id))_
---
{{% /code-tab-content %}}
{{< /code-tabs-wrapper >}}
<!------------------------------ END AppInstance ------------------------------>
{{% /tab-content %}}
{{% tab-content %}}
<!--------------------------------- BEGIN Helm -------------------------------->
If using the InfluxDB Clustered Helm chart, provide values for the following
fields in your `values.yaml`:
- `admin`
- `identityProvider`: Identity provider name.
_If using Microsoft Entra ID (formerly Azure Active Directory), set the name
to `azure`_.
- `jwksEndpoint`: JWKS endpoint provide by your identity provider.
- `users`: List of OAuth2 users to grant administrative access to your
InfluxDB cluster. IDs are provided by your identity provider.
Below are examples for **Keycloak**, **Auth0**, and **Microsoft Entra ID**, but
other OAuth2 providers should work as well:
{{< code-tabs-wrapper >}}
{{% code-tabs %}}
[Keycloak](#)
[Auth0](#)
[Microsoft Entra ID](#)
{{% /code-tabs %}}
{{% code-tab-content %}}
{{% code-callout "keycloak" "green" %}}
{{% code-placeholders "KEYCLOAK_(HOST|REALM|USER_ID)" %}}
```yaml
admin:
# The identity provider to be used (such as "keycloak", "auth0", or "azure")
# Note, use "azure" for Azure Active Directory
identityProvider: keycloak
# The JWKS endpoint provided by the Identity Provider
jwksEndpoint: |-
https://KEYCLOAK_HOST/auth/realms/KEYCLOAK_REALM/protocol/openid-connect/certs
# The list of users to grant access to Clustered via influxctl
users:
# All fields are required but `firstName`, `lastName`, and `email` can be
# arbitrary values. However, `id` must match the user ID provided by Keycloak.
- id: KEYCLOAK_USER_ID
firstName: Marty
lastName: McFly
email: mcfly@influxdata.com
```
{{% /code-placeholders %}}
{{% /code-callout %}}
Replace the following:
- {{% code-placeholder-key %}}`KEYCLOAK_HOST`{{% /code-placeholder-key %}}:
Host and port of your Keycloak server
- {{% code-placeholder-key %}}`KEYCLOAK_REALM`{{% /code-placeholder-key %}}:
Keycloak realm
- {{% code-placeholder-key %}}`KEYCLOAK_USER_ID`{{% /code-placeholder-key %}}:
Keycloak user ID to grant InfluxDB administrative access to
---
{{% /code-tab-content %}}
{{% code-tab-content %}}
{{% code-callout "auth0" "green" %}}
{{% code-placeholders "AUTH0_(HOST|USER_ID)" %}}
```yaml
admin:
# The identity provider to be used e.g. "keycloak", "auth0", "azure", etc
# Note, use "azure" for Azure Active Directory.
identityProvider: auth0
# The JWKS endpoint provided by the Identity Provider
jwksEndpoint: |-
https://AUTH0_HOST/.well-known/openid-configuration
# The list of users to grant access to Clustered via influxctl
users:
- AUTH0_USER_ID
```
{{% /code-placeholders %}}
{{% /code-callout %}}
Replace the following:
- {{% code-placeholder-key %}}`AUTH0_HOST`{{% /code-placeholder-key %}}:
Host and port of your Auth0 server
- {{% code-placeholder-key %}}`AUTH0_USER_ID`{{% /code-placeholder-key %}}:
Auth0 user ID to grant InfluxDB administrative access to
---
{{% /code-tab-content %}}
{{% code-tab-content %}}
{{% code-callout "azure" "green" %}}
{{% code-placeholders "AZURE_(USER|TENANT)_ID" %}}
```yaml
admin:
# The identity provider to be used e.g. "keycloak", "auth0", "azure", etc
# Note, use "azure" for Azure Active Directory.
identityProvider: azure
# The JWKS endpoint provided by the Identity Provider
jwksEndpoint: |-
https://login.microsoftonline.com/AZURE_TENANT_ID/discovery/v2.0/keys
# The list of users to grant access to Clustered via influxctl
users:
- AZURE_USER_ID
```
{{% /code-placeholders %}}
{{% /code-callout %}}
Replace the following:
- {{% code-placeholder-key %}}`AZURE_TENANT_ID`{{% /code-placeholder-key %}}:
Microsoft Entra tenant ID
- {{% code-placeholder-key %}}`AZURE_USER_ID`{{% /code-placeholder-key %}}:
Microsoft Entra user ID to grant InfluxDB administrative access to
_(See [Find user IDs with Microsoft Entra ID](/influxdb/clustered/install/auth/?t=Microsoft+Entra+ID#find-user-ids-with-microsoft-entra-id))_
---
{{% /code-tab-content %}}
{{< /code-tabs-wrapper >}}
<!---------------------------------- END Helm --------------------------------->
{{% /tab-content %}}
{{< /tabs-wrapper >}}
3. Apply the change to your InfluxDB cluster.
- If updating the `AppInstance` resource directly, use `kubectl` to apply
the change.
- If using the InfluxDB Clustered Helm chart, use `helm` to apply the change.
{{< code-tabs-wrapper >}}
{{% code-tabs %}}
[kubectl](#)
[Helm](#)
{{% /code-tabs %}}
{{% code-tab-content %}}
<!--pytest.mark.skip-->
```bash
kubectl apply \
--filename myinfluxdb.yml \
--namespace influxdb
```
{{% /code-tab-content %}}
{{% code-tab-content %}}
<!--pytest.mark.skip-->
```bash
helm upgrade \
influxdb \
influxdata/influxdb3-clustered \
-f ./values.yaml \
--namespace influxdb
```
{{% /code-tab-content %}}
{{< /code-tabs-wrapper >}}
Once applied, the added user is granted administrative access to your InfluxDB
cluster and can use `influxctl` to perform administrative actions.
See [Set up Authorization--Configure influxctl](/influxdb/clustered/install/auth/#configure-influxctl)
for information about configuring the new user's `influxctl` client to communicate
and authenticate with your InfluxDB cluster's identity provider.

131
content/influxdb/clustered/admin/users/remove.md Normal file
View File

@ -0,0 +1,131 @@
---
title: Remove a user from your InfluxDB cluster
list_title: Remove a user
description: >
Remove a user with administrative access from your InfluxDB cluster.
menu:
influxdb_clustered:
name: Remove a user
parent: Manage users
weight: 201
---
Remove a user with administrative access from your InfluxDB cluster:
1. Remove or deactivate the user in your identity provider.
**Refer to your identity provider's documentation for information about
removing users:**
- [Keycloak: Deleting a user {{% icon "export" %}}](https://www.keycloak.org/docs/latest/server_admin/#proc-deleting-user_server_administration_guide)
- [Microsoft Entra ID: How to create, invite, and delete users {{% icon "export" %}}](https://learn.microsoft.com/en-us/entra/fundamentals/how-to-create-delete-users#delete-a-user)
- [Auth0: Team member management {{% icon "export" %}}](https://auth0.com/docs/get-started/auth0-teams/team-member-management#delete-an-existing-team-member)
2. Remove the user from your InfluxDB `AppInstance` resource.
You can edit your `AppInstance` resource directly in your `myinfluxdb.yml`,
or, if you're using the
[InfluxDB Clustered Helm chart](https://github.com/influxdata/helm-charts/tree/master/charts/influxdb3-clustered),
you can remove users from your `values.yaml` to modify your `AppInstance`
resource.
{{< tabs-wrapper >}}
{{% tabs %}}
[AppInstance](#)
[Helm](#)
{{% /tabs %}}
{{% tab-content %}}
<!----------------------------- BEGIN AppInstance ----------------------------->
If editing your `AppInstance` resource directly, remove the user from the list
of users in the `spec.package.spec.admin.users` field in your `myinfluxdb.yml`
configuration file--for example:
```diff
apiVersion: kubecfg.dev/v1alpha1
kind: AppInstance
# ...
spec:
package:
spec:
admin:
# ...
users:
- id: XXooXoXXooXXXoo1
firstName: Marty
lastName: McFly
email: mcfly@influxdata.com
- - id: XXooXoXXooXXXoo2
- firstName: John
- lastName: Doe
- email: j.doe@influxdata.com
```
<!------------------------------ END AppInstance ------------------------------>
{{% /tab-content %}}
{{% tab-content %}}
<!--------------------------------- BEGIN Helm -------------------------------->
If using the InfluxDB Clustered Helm chart, remove the user from the list of
users in the `admin.users` field in your in your `values.yaml`--for example:
```diff
admin:
# ...
users:
- id: XXooXoXXooXXXoo1
firstName: Marty
lastName: McFly
email: mcfly@influxdata.com
- - id: XXooXoXXooXXXoo2
- firstName: John
- lastName: Doe
- email: j.doe@influxdata.com
```
<!---------------------------------- END Helm --------------------------------->
{{% /tab-content %}}
{{< /tabs-wrapper >}}
3. Apply the change to your InfluxDB cluster.
- If updating the `AppInstance` resource directly, use `kubectl` to apply
the change.
- If using the InfluxDB Clustered Helm chart, use `helm` to apply the change.
{{< code-tabs-wrapper >}}
{{% code-tabs %}}
[kubectl](#)
[Helm](#)
{{% /code-tabs %}}
{{% code-tab-content %}}
<!--pytest.mark.skip-->
```bash
kubectl apply \
--filename myinfluxdb.yml \
--namespace influxdb
```
{{% /code-tab-content %}}
{{% code-tab-content %}}
<!--pytest.mark.skip-->
```bash
helm upgrade \
influxdb \
influxdata/influxdb3-clustered \
-f ./values.yaml \
--namespace influxdb
```
{{% /code-tab-content %}}
{{< /code-tabs-wrapper >}}
{{% note %}}
After you complete step 1 above, the removed user no longer has administrative
access to your InfluxDB cluster.
However, you should still remove them from your `AppInstance` resource.
{{% /note %}}

8
content/influxdb/clustered/install/configure-cluster/directly.md
View File

@ -751,11 +751,9 @@ Replace the following:
##### Add users ##### Add users
Finally, to give users access to use `influxctl`, add the list of users to the `spec.package.spec.admin.users` field. Finally, to give users access to use `influxctl`, add the list of users to the
`spec.package.spec.admin.users` field.
<!-- Pending /admin/users See [Manage users](/influxdb/clustered/admin/users/) for more details.
See [Adding or removing users](/influxdb/clustered/admin/users/) for more details.
-->
#### Configure the size of your cluster #### Configure the size of your cluster

10
content/influxdb/clustered/install/configure-cluster/use-helm.md
View File

@ -7,6 +7,8 @@ menu:
name: Use Helm name: Use Helm
parent: Configure your cluster parent: Configure your cluster
weight: 230 weight: 230
related:
- /influxdb/clustered/admin/users/
--- ---
Manage your InfluxDB Clustered deployments using Kubernetes and apply configuration settings using a YAML configuration file. Manage your InfluxDB Clustered deployments using Kubernetes and apply configuration settings using a YAML configuration file.
@ -816,11 +818,11 @@ Replace the following:
{{% /code-tab-content %}} {{% /code-tab-content %}}
{{< /code-tabs-wrapper >}} {{< /code-tabs-wrapper >}}
##### Adding users ##### Add users
Finally, add all the users you wish to have access to use `influxctl`. Finally, add the users you wish to have access to use `influxctl`.
Update the `admin.users` field with a list of these users. Update the `admin.users` field with a list of the users.
<!-- See [Adding or removing users](/influxdb/clustered/admin/users/) for more details. --> See [Manage users](/influxdb/clustered/admin/users/) for more details.
#### Configure the size of your cluster #### Configure the size of your cluster