/admin
HTTP and
gRPC endpoint that can be used for data and node administration tasks such as
backup, export, draining, and shutdown.--security
superflagβs whitelist
option on
Dgraph Alpha to whitelist IP addresses other than localhost).--security
superflagβs
token
option, then you should pass the token as an X-Dgraph-AuthToken
header while making the HTTP request.X-Dgraph-AccessToken
header while making the HTTP request./admin
path. The
current list of admin endpoints includes the following:
/admin
/admin/config/cache_mb
/admin/draining
/admin/shutdown
/admin/schema
/admin/schema/validate
/alter
/login
/login
: This endpoint logs-in an ACL user, and provides them with a JWT.
Only IP Whitelisting and Poor-manβs auth checks are performed for this
endpoint./admin
: This endpoint provides GraphQL queries/mutations corresponding to
the HTTP admin endpoints. All of the queries/mutations on /admin
have all
three layers of authentication, except for login (mutation)
, which has the
same behavior as the HTTP /login
endpoint.--security
superflagβs whitelist
option to specify a
comma-separated whitelist of IP addresses, IP ranges, CIDR ranges, or hostnames
for hosts from which admin operations can be initiated.
IP Address
localhost
only).
IP Range
172.17.0.0
and
172.20.0.0
along with the server which has IP address as 192.168.1.1
.
CIDR Range
172.17.0.0/16
, 172.18.0.0/15
, 172.20.0.0/32
, or 192.168.1.1/32
(the same
range as the IP Range example).
You can set whitelist IP to 0.0.0.0/0
to whitelist all IP addresses.
Hostname
admin-bastion
and
host.docker.internal
.
--limit "mutations=disallow"
to disable all mutations, which is
set to allow
by default.
--limit "mutations=strict
. This mode allows
mutations only on predicates already in the schema. Before performing a mutation
on a predicate that doesnβt exist in the schema, you need to perform an alter
operation with that predicate and its schema type.
--security
superflagβs token
option
for each Dgraph Alpha in the cluster. Clients must include the same auth token
to make alter requests.
Administrator
you might want to export data from Dgraph to:
--security
superflagβs
whitelist
option on dgraph alpha
.DropAll
request via /alter
endpoint.
Alternatively, you could:
p
and w
directories, then-p
and -w
for Alphas and -w
for Zeros)--mutations disallow
when you restart the Alpha nodes. This ensures the cluster is in read-only mode.
At this point your app can still read from the old cluster and you can perform
steps 4 and 5. When the new cluster (that uses the upgraded version of Dgraph)
is up and running, you can point your app to it, and shutdown the old cluster.