From 78e3557138b0adf1abc9f95b50fc3536c102d7c1 Mon Sep 17 00:00:00 2001
From: system <system@paasup.io>
Date: Tue, 17 Mar 2026 07:02:53 +0000
Subject: [PATCH] Update values for openmetadata

---
 .../openmetadata-dependencies-values.yaml     | 63 +++++++++++++++
 openmetadata/openmetadata-values.yaml         | 80 +++++++++++++++++++
 2 files changed, 143 insertions(+)
 create mode 100644 openmetadata/openmetadata-dependencies-values.yaml
 create mode 100644 openmetadata/openmetadata-values.yaml

diff --git a/openmetadata/openmetadata-dependencies-values.yaml b/openmetadata/openmetadata-dependencies-values.yaml
new file mode 100644
index 0000000..5986ca5
--- /dev/null
+++ b/openmetadata/openmetadata-dependencies-values.yaml
@@ -0,0 +1,63 @@
+#version: openmetadata, 1.12.1
+airflow:
+  workers:
+    replicas: 2
+    resources: {}
+  scheduler:
+    resources: {}
+  webserver:
+    resources: {}
+  apiServer:
+    resources: {}
+  triggerer:
+    resources: {}
+  dags:
+    persistence:
+      enabled: true
+      storageClassName: ""
+      accessMode: ReadWriteMany
+      size: 1Gi
+  logs:
+    persistence:
+      enabled: true
+      storageClassName: ""
+      size: 1Gi
+  data:
+    metadataConnection:
+      pass: "53IEScOndLMd"       
+
+opensearch:
+  opensearchJavaOpts: "-Xmx1g -Xms1g"
+  persistence:
+    size: 30Gi
+  resources:
+    requests:
+      cpu: "100m"
+      memory: "256M"
+    limits:
+      cpu: "2000m"
+      memory: "2048M"
+
+mysql:
+  enabled: true
+  primary:
+    resources:
+      requests:
+        cpu: "500m"
+        memory: "512Mi"
+      limits:
+        cpu: "750m"
+        memory: "768Mi"
+    persistence:
+      size: 50Gi
+  initdbScripts:
+    init_openmetadata_db_scripts.sql: |
+      CREATE DATABASE openmetadata_db;
+      CREATE USER 'openmetadata_user'@'%' IDENTIFIED BY 'D7ikHgFVJLfR';
+      GRANT ALL PRIVILEGES ON openmetadata_db.* TO 'openmetadata_user'@'%' WITH GRANT OPTION;
+      commit;
+    init_airflow_db_scripts.sql: |
+      CREATE DATABASE airflow_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+      CREATE USER 'airflow_user'@'%' IDENTIFIED BY '53IEScOndLMd';
+      GRANT ALL PRIVILEGES ON airflow_db.* TO 'airflow_user'@'%' WITH GRANT OPTION;
+      commit;
\ No newline at end of file
diff --git a/openmetadata/openmetadata-values.yaml b/openmetadata/openmetadata-values.yaml
new file mode 100644
index 0000000..993dbd5
--- /dev/null
+++ b/openmetadata/openmetadata-values.yaml
@@ -0,0 +1,80 @@
+#version: openmetadata, 1.12.1
+openmetadata:
+  config:
+    authorizer:
+      className: "org.openmetadata.service.security.DefaultAuthorizer"
+      containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
+      initialAdmins:
+      - "admin"
+      - "dwshin"
+      - "kkmbal"
+      - "service-account-service-openmetadata"
+      principalDomain: "gke.paasup.io"
+
+    authentication:
+      clientType: confidential
+      provider: "custom-oidc"
+      publicKeys:
+      - "https://openmetadata.gke.paasup.io/api/v1/system/config/jwks"
+      - "https://keycloak.gke.paasup.io/realms/paasup/protocol/openid-connect/certs"
+      clientId: "open-metadata"
+      callbackUrl: "https://openmetadata.gke.paasup.io/callback"
+      jwtPrincipalClaims:
+        - "email"
+        - "preferred_username"
+        - "sub"
+      oidcConfiguration:
+        enabled: true
+        oidcType: "Keycloak"
+        clientId:
+          secretRef: oidc-secrets
+          secretKey: openmetadata-oidc-client-id
+        clientSecret:
+          secretRef: oidc-secrets
+          secretKey: openmetadata-oidc-client-secret
+        discoveryUri: "https://keycloak.gke.paasup.io/realms/paasup/.well-known/openid-configuration"
+        serverUrl: "https://openmetadata.gke.paasup.io"
+        callbackUrl: "https://openmetadata.gke.paasup.io/callback"
+        tokenValidity: "3600"
+        sessionExpiry: "604800"
+    pipelineServiceClientConfig:
+      metadataApiEndpoint: "http://openmetadata:8585/api"
+      airflow:
+        apiEndpoint: "http://openmetadata-api-server:8080"
+
+ingress:
+  enabled: true
+  className: "kong"
+  annotations:
+    cert-manager.io/cluster-issuer: root-ca-issuer
+    cert-manager.io/duration: 8760h
+    cert-manager.io/renew-before: 720h
+    konghq.com/protocols: https
+    konghq.com/https-redirect-status-code: "301"
+  hosts:
+    - host: "openmetadata.gke.paasup.io"
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+    - secretName: openmetadata-tls
+      hosts:
+        - "openmetadata.gke.paasup.io"
+
+extraVolumes:
+  - name: java-truststore
+    secret:
+      secretName: java-truststore
+
+extraVolumeMounts:
+  - name: java-truststore
+    mountPath: /etc/ssl/java
+    readOnly: true
+
+resources: {}
+
+extraEnvs:
+  - name: LOG_LEVEL
+    value: "INFO"
+  - name: "OPENMETADATA_PUBLIC_URL"
+    value: "https://openmetadata.gke.paasup.io"
\ No newline at end of file