yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-07-04 15:45:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Docs: Azure File Updation in 1.6 & 1.7 (#20046)

Browse Source 
Co-authored-by: Rounak Dhillon <rounakdhillon@Rounaks-MacBook-Air.local>
This commit is contained in:
Rounak Dhillon 2025-03-03 11:20:30 +05:30 committed by GitHub
parent 8277f7beda
commit 4dbbc294bf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 200 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
openmetadata-docs/content/v1.6.x/deployment/azure-passwordless-auth.md Normal file
View File

@ -0,0 +1,98 @@
---
title: Azure - Enable Passwordless Database Backend Connection
slug: /deployment/azure-passwordless-auth
collate: false
---
# Azure - Enable Passwordless Database Backend Connection
By Default, OpenMetadata supports basic authentication when connecting to MySQL/PostgreSQL as Database backend. With Azure, you can enhance the security for configuring Database configurations other the basic authentication mechanism.
This guide will help you setup the application to use passwordless approach for Azure PaaS Databases (preferrably [Azure Database for PostgreSQL - Flexible Server](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/service-overview) and [Azure Database for MySQL - Flexible Server](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/overview)).
# Prerequisites
This guide requires the following prerequisites -
- Azure Database Flexible Server enabled with Microsoft Entra authentication
- [Azure Managed Identities](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview)
- Azure Kubernetes Service (Enabled with Workload Identity) or Azure VM
- OpenMetadata Application Version `1.5.9` and higher
If you are looking to enable Passwordless Database Backend Configuration on Existing OpenMetadata Application hosted using Azure Cloud, you need to create perform the following prerequisites -
- Create Managed Identity from Azure Portal
- Create a SQL User for Managed Identity in Azure Databases
- PostgreSQL Reference link [here](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-manage-azure-ad-users#create-a-userrole-using-microsoft-entra-principal-name)
- MySQL Reference link [here](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-azure-ad#create-microsoft-entra-users-in-azure-database-for-mysql)
- Assign Existing OpenMetadata Database Tables Ownership to Managed Identities created in above step
# Enabling Passwordless connections with OpenMetadata
Configure your Helm Values for Kubernetes Deployment like below -
```yaml
# For PostgreSQL
commonLabels:
azure.workload.identity/use: "true"
serviceAccount:
create: true
annotations:
azure.workload.identity/client-id: <USER_MANAGED_IDENTITY_CLIENT_ID>
name: "openmetadata-sa"
automountServiceAccountToken: true
openmetadata:
config:
database:
host: <HOST_NAME>
driverClass: org.postgresql.Driver
dbParams: "azure=true&allowPublicKeyRetrieval=true&serverTimezone=UTC&sslmode=require&authenticationPluginClassName=com.azure.identity.extensions.jdbc.postgresql.AzurePostgresqlAuthenticationPlugin"
dbScheme: postgresql
port: 5432
auth:
username: <USER_MANAGED_IDENTITY_NAME>
password:
secretRef: database-secrets
secretKey: openmetadata-database-password
databaseName: <DATABASE_NAME>
# For MySQL
commonLabels:
azure.workload.identity/use: "true"
serviceAccount:
create: true
annotations:
azure.workload.identity/client-id: <USER_MANAGED_IDENTITY_CLIENT_ID>
name: "openmetadata-sa"
automountServiceAccountToken: true
openmetadata:
config:
database:
host: <HOST_NAME>
driverClass: com.mysql.cj.jdbc.Driver
dbParams: "azure=true&allowPublicKeyRetrieval=trueserverTimezone=UTC&sslMode=REQUIRED&defaultAuthenticationPlugin=com.azure.identity.extensions.jdbc.mysql.AzureMysqlAuthenticationPlugin"
dbScheme: mysql
port: 3306
auth:
username: <USER_MANAGED_IDENTITY_NAME>
password:
secretRef: database-secrets
secretKey: openmetadata-database-password
databaseName: <DATABASE_NAME>
```
{% note %}
In the above code snippet, the Database Credentials (Auth Password Kubernetes Secret) is still required and cannot be empty. Set it to dummy / random value.
{% /note %}
Install / Upgrade your Helm Release with the following command -
```bash
helm repo update open-metadata
helm upgrade --install openmetadata open-metadata/openmetadata --values <OPENMETADATA_HELM_VALUES_FILE_PATH>
```
For further reference, checkout the official documentation available in the below links -
- [MySQL](https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/migrate-mysql-to-passwordless-connection?tabs=sign-in-azure-cli%2Cjava%2Capp-service)
- [PostgreSQL](https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/migrate-postgresql-to-passwordless-connection?tabs=sign-in-azure-cli%2Cjava%2Capp-service%2Cassign-role-service-connector)

2
openmetadata-docs/content/v1.6.x/menu.md
View File

@ -191,6 +191,8 @@ site_menu:
url: /deployment/rds-iam-auth url: /deployment/rds-iam-auth
- category: Deployment / How to enable Azure Auth - category: Deployment / How to enable Azure Auth
url: /deployment/azure-auth url: /deployment/azure-auth
- category: Deployment / Azure - Enable Passwordless Database Backend Connection
url: /deployment/azure-passwordless-auth
- category: Deployment / Production-Ready Requirements - category: Deployment / Production-Ready Requirements
url: /deployment/requirements url: /deployment/requirements
- category: Deployment / Server Configuration Reference - category: Deployment / Server Configuration Reference

98
openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/azure-passwordless-auth.md Normal file
View File

@ -0,0 +1,98 @@
---
title: Azure - Enable Passwordless Database Backend Connection
slug: /deployment/azure-passwordless-auth
collate: false
---
# Azure - Enable Passwordless Database Backend Connection
By Default, OpenMetadata supports basic authentication when connecting to MySQL/PostgreSQL as Database backend. With Azure, you can enhance the security for configuring Database configurations other the basic authentication mechanism.
This guide will help you setup the application to use passwordless approach for Azure PaaS Databases (preferrably [Azure Database for PostgreSQL - Flexible Server](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/service-overview) and [Azure Database for MySQL - Flexible Server](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/overview)).
# Prerequisites
This guide requires the following prerequisites -
- Azure Database Flexible Server enabled with Microsoft Entra authentication
- [Azure Managed Identities](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview)
- Azure Kubernetes Service (Enabled with Workload Identity) or Azure VM
- OpenMetadata Application Version `1.5.9` and higher
If you are looking to enable Passwordless Database Backend Configuration on Existing OpenMetadata Application hosted using Azure Cloud, you need to create perform the following prerequisites -
- Create Managed Identity from Azure Portal
- Create a SQL User for Managed Identity in Azure Databases
- PostgreSQL Reference link [here](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-manage-azure-ad-users#create-a-userrole-using-microsoft-entra-principal-name)
- MySQL Reference link [here](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-azure-ad#create-microsoft-entra-users-in-azure-database-for-mysql)
- Assign Existing OpenMetadata Database Tables Ownership to Managed Identities created in above step
# Enabling Passwordless connections with OpenMetadata
Configure your Helm Values for Kubernetes Deployment like below -
```yaml
# For PostgreSQL
commonLabels:
azure.workload.identity/use: "true"
serviceAccount:
create: true
annotations:
azure.workload.identity/client-id: <USER_MANAGED_IDENTITY_CLIENT_ID>
name: "openmetadata-sa"
automountServiceAccountToken: true
openmetadata:
config:
database:
host: <HOST_NAME>
driverClass: org.postgresql.Driver
dbParams: "azure=true&allowPublicKeyRetrieval=true&serverTimezone=UTC&sslmode=require&authenticationPluginClassName=com.azure.identity.extensions.jdbc.postgresql.AzurePostgresqlAuthenticationPlugin"
dbScheme: postgresql
port: 5432
auth:
username: <USER_MANAGED_IDENTITY_NAME>
password:
secretRef: database-secrets
secretKey: openmetadata-database-password
databaseName: <DATABASE_NAME>
# For MySQL
commonLabels:
azure.workload.identity/use: "true"
serviceAccount:
create: true
annotations:
azure.workload.identity/client-id: <USER_MANAGED_IDENTITY_CLIENT_ID>
name: "openmetadata-sa"
automountServiceAccountToken: true
openmetadata:
config:
database:
host: <HOST_NAME>
driverClass: com.mysql.cj.jdbc.Driver
dbParams: "azure=true&allowPublicKeyRetrieval=trueserverTimezone=UTC&sslMode=REQUIRED&defaultAuthenticationPlugin=com.azure.identity.extensions.jdbc.mysql.AzureMysqlAuthenticationPlugin"
dbScheme: mysql
port: 3306
auth:
username: <USER_MANAGED_IDENTITY_NAME>
password:
secretRef: database-secrets
secretKey: openmetadata-database-password
databaseName: <DATABASE_NAME>
```
{% note %}
In the above code snippet, the Database Credentials (Auth Password Kubernetes Secret) is still required and cannot be empty. Set it to dummy / random value.
{% /note %}
Install / Upgrade your Helm Release with the following command -
```bash
helm repo update open-metadata
helm upgrade --install openmetadata open-metadata/openmetadata --values <OPENMETADATA_HELM_VALUES_FILE_PATH>
```
For further reference, checkout the official documentation available in the below links -
- [MySQL](https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/migrate-mysql-to-passwordless-connection?tabs=sign-in-azure-cli%2Cjava%2Capp-service)
- [PostgreSQL](https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/migrate-postgresql-to-passwordless-connection?tabs=sign-in-azure-cli%2Cjava%2Capp-service%2Cassign-role-service-connector)

2
openmetadata-docs/content/v1.7.x-SNAPSHOT/menu.md
View File

@ -191,6 +191,8 @@ site_menu:
url: /deployment/rds-iam-auth url: /deployment/rds-iam-auth
- category: Deployment / How to enable Azure Auth - category: Deployment / How to enable Azure Auth
url: /deployment/azure-auth url: /deployment/azure-auth
- category: Deployment / Azure - Enable Passwordless Database Backend Connection
url: /deployment/azure-passwordless-auth
- category: Deployment / Production-Ready Requirements - category: Deployment / Production-Ready Requirements
url: /deployment/requirements url: /deployment/requirements
- category: Deployment / Server Configuration Reference - category: Deployment / Server Configuration Reference