Configuration¶
This section contains example configurations for Ververica Platform.
The configuration can be passed to Ververica Platform during the installation with helm via the values.yaml file under the vvp key.
Full Example Configuration¶
This full example demonstrates most of the options needed to configure Ververica Platform for your environment.
vvp:
auth:
enabled: true
admins:
- group:vvp-admins # The OIDC-supplied group which indicates an administrator
oidc:
groupsClaim: roles # The OIDC claim containing a user's groups
registrationId: my-oidc-provider
registration:
clientId: vvp
clientSecret: secret
redirectUri: "{baseUrl}/{action}/oauth2/code/{registrationId}"
clientAuthenticationMethod: basic
authorizationGrantType: authorization_code
scope:
- openid
provider:
authorizationUri: http://my-oidc-provider.internal/openid-connect/auth
tokenUri: http://my-oidc-provider.internal/openid-connect/token
userInfoUri: http://my-oidc-provider.internal/openid-connect/userinfo
jwkSetUri: http://my-oidc-provider.internal/openid-connect/certs
userNameAttribute: email # Required to correctly identify users
endSessionEndpoint: http://my-oidc-provider.internal/openid-connect/logout
blobStorage:
baseUri: s3://my-bucket/vvp
# Add additional custom Flink images to the UI, optionally setting them as the default image
# for a particular Flink minor version
flinkVersionMetadata:
- flinkVersion: 1.9.0 # The full Flink version this image supplies
imageTag: 1.9.0-custom1 # The Docker image tag for the Flink repository specified below
defaultFor:
- 1.9 # Make this the default image for deployments on Flink 1.9
flinkDeploymentDefaults:
registry: my-custom-registry.internal/vvp
repository: flink
license:
#data: {} # The contents of a vvP license
file: /path/to/my/license
Authentication Configuration Examples¶
Google Authentication¶
(Scope under vvp.auth)
# Google auth does not support groups, so administrators must be specified manually in this
# list, or with an environment variable: vvp.admins=user:admin1@example.com,admin2@example.com
admins:
- user:admin1@example.com
- user:admin2@example.com
oidc:
#groupsClaim: # Google auth does not support groups
registrationId: google
registration:
clientId: 1009242745340-9piji4g84vkrzbp2qyp19asrk8p2ug2s.apps.googleusercontent.com
clientSecret: 4wHQZc_KHN0u8QqgpmV6TY86
provider:
userNameAttribute: email # Required to correctly identify users
Azure Authentication¶
(Scope under vvp.auth)
# Without additional Azure-specific dependencies in the back-end, it does not
# seem possible to use groups, so administrators must be specified manually in this
# list, or with an environment variable: vvp.admins=user:admin1@example.com,admin2@example.com
admins:
- user:admin1@example.com
- user:admin2@example.com
oidc:
#groupsClaim: # currently no support for groups from Azure
# NOTE: Your Azure application needs a redirect URI of <baseUrl>/login/oauth2/code/vvp
registrationId: vvp
registration:
clientId: xxxxxx-your-client-id-xxxxxx
clientSecret: xxxxxx-your-client-secret-xxxxxx
redirectUri: "{baseUrl}/{action}/oauth2/code/{registrationId}"
clientAuthenticationMethod: basic
authorizationGrantType: authorization_code
scope:
- openid
- profile
provider:
# Let Spring Boot figure out parameters itself from
# https://sts.windows.net/xxxxxx-your-tenant-id-xxxxxx/.well-known/openid-configuration
# Note: External users may not be able to sign in if you use the 'common'
# tenant ID. Instead, find your Azure AD's tenant ID and use that.
issuerUri: https://login.microsoftonline.com/xxxxxx-your-tenant-id-xxxxxx/v2.0 # No trailing slash!
# make sure, spring-boot does not fetch user info
# see https://github.com/spring-projects/spring-security/issues/7679
userInfoUri:
userNameAttribute: preferred_username # Required to correctly identify users