mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-07-23 01:12:22 +00:00
6e135302a7
* Test markdoc variables * Restructure connectors * Fix paths * Update index * Database services * Prep dashboard images * Prep dashboard images * Migrate dashboards * Update partials * Refactor pipelines * Add missing services * Add missing services * Add missing services
1.4 KiB
1.4 KiB
| title | slug |
|---|---|
| Keycloak SSO for Kubernetes | /deployment/security/keycloak/kubernetes |
Keycloak SSO for Kubernetes
Check the Helm information here.
Once the Client Id and Client Secret are generated, see the snippet below for an example of where to
place the client id value and update the authorizer configurations in the values.yaml.
Create a secret in kubernetes with the client secret:
kubectl create secret generic custom-oidc-key-secret --namespace=dev-open-metadata --from-literal=custom-oidc-key-secret=<change-for-your-secret>
The configuration below already uses the presets shown in the example of keycloak configurations, you can change to yours.
openmetadata:
config:
authorizer:
className: "org.openmetadata.service.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
initialAdmins:
- "admin-user"
principalDomain: "open-metadata.org"
authentication:
provider: "custom-oidc"
publicKeys:
- "http://openmetadata:8585/api/v1/config/jwks"
- "http://localhost:8081/auth/realms/data-sec/protocol/openid-connect/certs"
authority: "http://localhost:8081/auth/realms/data-sec"
clientId: "{Client ID}"
callbackUrl: "http://localhost:8585/callback"
{% partial file="/v1.1.0/deployment/configure-ingestion.md" /%}