yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-10-24 23:34:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenMetadata/openmetadata-docs/content/v1.1.0-snapshot/deployment/security/keycloak/kubernetes.md
Pere Miquel Brull 2008eda764
[Docs] - Rename to v1.1.0-snapshot and fix sync CI (#11644) 
* Rename v1.1.0 to v1.1.0-snapshot

* Delete old docs
2023-05-17 15:55:31 +02:00

69 lines
2.3 KiB
Markdown
Raw Blame History

---
title: Keycloak SSO for Kubernetes
slug: /deployment/security/keycloak/kubernetes
---
# Keycloak SSO for Kubernetes
Check the Helm information [here](https://artifacthub.io/packages/search?repo=open-metadata).
Once the `Client Id` and `Client Secret` are generated, see the snippet below for an example of where to
place the client id value and update the authorizer configurations in the `values.yaml`.
Create a secret in kubernetes with the client secret:
```shell
kubectl create secret generic custom-oidc-key-secret --namespace=dev-open-metadata --from-literal=custom-oidc-key-secret=<change-for-your-secret>
```
The configuration below already uses the presets shown in the example of keycloak configurations, you can change to yours.
### Before 0.12.1
```yaml
global:
authorizer:
className: "org.openmetadata.service.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
initialAdmins:
- "admin-user"
principalDomain: "open-metadata.org"
authentication:
provider: "custom-oidc"
publicKeys:
- "http://localhost:8081/auth/realms/data-sec/protocol/openid-connect/certs"
authority: "http://localhost:8081/auth/realms/data-sec"
clientId: "{Client ID}"
callbackUrl: "http://localhost:8585/callback"
airflow:
openmetadata:
authProvider: "custom-oidc"
customOidc:
clientId: "open-metadata"
secretKey:
secretRef: custom-oidc-key-secret
secretKey: custom-oidc-key-secret
tokenEndpoint: "http://localhost:8081/realms/data-sec/protocol/openid-connect/token"
```
### After 0.12.1
```yaml
global:
authorizer:
className: "org.openmetadata.service.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
initialAdmins:
- "admin-user"
principalDomain: "open-metadata.org"
authentication:
provider: "custom-oidc"
publicKeys:
- "http://openmetadata:8585/api/v1/config/jwks"
- "http://localhost:8081/auth/realms/data-sec/protocol/openid-connect/certs"
authority: "http://localhost:8081/auth/realms/data-sec"
clientId: "{Client ID}"
callbackUrl: "http://localhost:8585/callback"
```
**Note:** Follow [this](/how-to-guides/feature-configurations/bots) guide to configure the `ingestion-bot` credentials for
ingesting data from Airflow.
Reference in New Issue View Git Blame Copy Permalink