This is the single sign-on (SSO) service for internal applications, managed using Keycloak. Please refer to the Keycloak documentation to understand key concepts.
Keycloak is deployed using a Helm chart in the systems-production cluster. Configuration files can be found here. Additionally, a custom wrapper with optimized default settings has been created and can be accessed here.
- Grafana: All Grafana instances are integrated with Keycloak for SSO. Detailed integration documentation is available here.
- ArgoCD: ArgoCD supports Keycloak integration, and the Sandbox environment’s ArgoCD is already configured. Documentation for the integration process can be found here.
- AWS: AWS can also be configured for SSO with Keycloak. Details from our preliminary testing (spike) are documented here.
- Metabase: The community version of Metabase does not support SSO.
- Other Applications: Further exploration is needed to evaluate if Keycloak can be used with other internal applications.
Currently, we are using the default master realm.
- Groups:
simple_team: Backend developersArgoCDAdmins: Admin access for ArgoCD
- Roles:
grafana_admingrafana_editor
- Users: Users are managed via the Keycloak Admin Console.
Note: As we expand the types of users and applications, we may revisit and revise our approach to managing groups and roles to better align with our needs.