yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-07-11 19:20:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenMetadata/openmetadata-docs/content/v0.13.3/deployment/security/keycloak/kubernetes.md
Sriharsha Chintalapani 6ca1ec6fbe
Delete old docs (#11627) 
* Delete old docs and rename the openmetadata-docs-v1 to openmetadata-docs

* Delete old docs and rename the openmetadata-docs-v1 to openmetadata-docs

* Delete old docs and rename the openmetadata-docs-v1 to openmetadata-docs
2023-05-17 07:04:56 +02:00

2.3 KiB
Raw Blame History

title slug
Keycloak SSO for Kubernetes /deployment/security/keycloak/kubernetes

Keycloak SSO for Kubernetes

Check the Helm information here.

Once the Client Id and Client Secret are generated, see the snippet below for an example of where to place the client id value and update the authorizer configurations in the values.yaml.

Create a secret in kubernetes with the client secret:

kubectl create secret generic custom-oidc-key-secret --namespace=dev-open-metadata --from-literal=custom-oidc-key-secret=<change-for-your-secret>

The configuration below already uses the presets shown in the example of keycloak configurations, you can change to yours.

Before 0.12.1

global:
  authorizer:
    className: "org.openmetadata.service.security.DefaultAuthorizer"
    containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
    initialAdmins:
      - "admin-user"
    principalDomain: "open-metadata.org"
  authentication:
    provider: "custom-oidc"
    publicKeys:
      - "http://localhost:8081/auth/realms/data-sec/protocol/openid-connect/certs"
    authority: "http://localhost:8081/auth/realms/data-sec"
    clientId: "{Client ID}"
    callbackUrl: "http://localhost:8585/callback"
  airflow:
    openmetadata:
      authProvider: "custom-oidc"
      customOidc:
        clientId: "open-metadata"
        secretKey:
          secretRef: custom-oidc-key-secret
          secretKey: custom-oidc-key-secret
        tokenEndpoint: "http://localhost:8081/realms/data-sec/protocol/openid-connect/token"

After 0.12.1

global:
  authorizer:
    className: "org.openmetadata.service.security.DefaultAuthorizer"
    containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
    initialAdmins:
      - "admin-user"
    principalDomain: "open-metadata.org"
  authentication:
    provider: "custom-oidc"
    publicKeys:
      - "http://localhost:8081/auth/realms/data-sec/protocol/openid-connect/certs"
    authority: "http://localhost:8081/auth/realms/data-sec"
    clientId: "{Client ID}"
    callbackUrl: "http://localhost:8585/callback"

Note: Follow this guide to configure the ingestion-bot credentials for ingesting data from Airflow.