system
4 weeks ago
parent
5791c4fb84
commit
ae136a7124
@ -0,0 +1,85 @@ |
|||||||
|
#version: openmetadata, 1.12.1 |
||||||
|
openmetadata: |
||||||
|
config: |
||||||
|
authorizer: |
||||||
|
className: "org.openmetadata.service.security.DefaultAuthorizer" |
||||||
|
containerRequestFilter: "org.openmetadata.service.security.JwtFilter" |
||||||
|
initialAdmins: |
||||||
|
- "admin" |
||||||
|
- "paasup" |
||||||
|
- "tech" |
||||||
|
principalDomain: "gke.paasup.io" |
||||||
|
allowedDomains: |
||||||
|
- "gke.paasup.io" |
||||||
|
|
||||||
|
authentication: |
||||||
|
clientType: confidential |
||||||
|
provider: "custom-oidc" |
||||||
|
publicKeys: |
||||||
|
- "https://openmetadata.gke.paasup.io/api/v1/system/config/jwks" |
||||||
|
- "https://keycloak.gke.paasup.io/realms/paasup/protocol/openid-connect/certs" |
||||||
|
clientId: "open-metadata" |
||||||
|
callbackUrl: "https://openmetadata.gke.paasup.io/callback" |
||||||
|
jwtPrincipalClaims: |
||||||
|
- "email" |
||||||
|
- "preferred_username" |
||||||
|
- "sub" |
||||||
|
oidcConfiguration: |
||||||
|
enabled: true |
||||||
|
oidcType: "Keycloak" |
||||||
|
clientId: |
||||||
|
secretRef: oidc-secrets |
||||||
|
secretKey: openmetadata-oidc-client-id |
||||||
|
clientSecret: |
||||||
|
secretRef: oidc-secrets |
||||||
|
secretKey: openmetadata-oidc-client-secret |
||||||
|
discoveryUri: "https://keycloak.gke.paasup.io/realms/paasup/.well-known/openid-configuration" |
||||||
|
serverUrl: "https://openmetadata.gke.paasup.io" |
||||||
|
callbackUrl: "https://openmetadata.gke.paasup.io/callback" |
||||||
|
tokenValidity: "3600" |
||||||
|
sessionExpiry: "604800" |
||||||
|
pipelineServiceClientConfig: |
||||||
|
metadataApiEndpoint: "http://openmetadata:8585/api" |
||||||
|
airflow: |
||||||
|
apiEndpoint: "http://openmetadata-dependencies-api-server:8080" |
||||||
|
|
||||||
|
ingress: |
||||||
|
enabled: true |
||||||
|
className: "kong" |
||||||
|
annotations: |
||||||
|
cert-manager.io/cluster-issuer: root-ca-issuer |
||||||
|
cert-manager.io/duration: 8760h |
||||||
|
cert-manager.io/renew-before: 720h |
||||||
|
konghq.com/protocols: https |
||||||
|
konghq.com/https-redirect-status-code: "301" |
||||||
|
hosts: |
||||||
|
- host: "openmetadata.gke.paasup.io" |
||||||
|
paths: |
||||||
|
- path: / |
||||||
|
pathType: ImplementationSpecific |
||||||
|
tls: |
||||||
|
- secretName: openmetadata-tls |
||||||
|
hosts: |
||||||
|
- "openmetadata.gke.paasup.io" |
||||||
|
|
||||||
|
extraVolumes: |
||||||
|
- name: java-truststore |
||||||
|
secret: |
||||||
|
secretName: java-truststore |
||||||
|
|
||||||
|
extraVolumeMounts: |
||||||
|
- name: java-truststore |
||||||
|
mountPath: /etc/ssl/java |
||||||
|
readOnly: true |
||||||
|
|
||||||
|
resources: {} |
||||||
|
|
||||||
|
extraEnvs: |
||||||
|
- name: OPENMETADATA_OPTS |
||||||
|
value: > |
||||||
|
-Djavax.net.ssl.trustStore=/etc/ssl/java/cacerts |
||||||
|
-Djavax.net.ssl.trustStorePassword=openmetadata |
||||||
|
- name: LOG_LEVEL |
||||||
|
value: "INFO" |
||||||
|
- name: "OPENMETADATA_PUBLIC_URL" |
||||||
|
value: "https://openmetadata.gke.paasup.io" |
||||||
Loading…
Reference in new issue