2024-06-18 15:53:06 +02:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								---
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								title: Google SSO for Kubernetes
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								slug: /deployment/security/google/kubernetes
							 
						 
					
						
							
								
									
										
										
										
											2024-09-05 10:30:31 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								collate: false
							 
						 
					
						
							
								
									
										
										
										
											2024-06-18 15:53:06 +02:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								---
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# Google SSO for Kubernetes
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Check the Helm information [here ](https://artifacthub.io/packages/search?repo=open-metadata ).
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Once the `Client Id`  is generated, see the snippet below for an example of where to
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								place the client id value and update the authorizer configurations in the `values.yaml` .
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								```yaml
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								openmetadata:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  config:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    authorizer:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								      className: "org.openmetadata.service.security.DefaultAuthorizer"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								      initialAdmins:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        -  "user1"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        -  "user2"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								      principalDomain: "open-metadata.org"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    authentication:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								      provider: "google"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								      publicKeys:
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        -  "https://www.googleapis.com/oauth2/v3/certs"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								        -  "{your domain}/api/v1/system/config/jwks" # Update with your Domain and Make sure this "/api/v1/system/config/jwks" is always configured to enable JWT tokens
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								      authority: "https://accounts.google.com"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								      clientId: "{client id}"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								      callbackUrl: "http://localhost:8585/callback"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								```
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2025-06-25 13:12:09 +05:30 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								{% partial file="/v1.9deployment/configure-ingestion.md" /%}