Alertmanager SSO Configuration

SSO for Alertmanager depends on Authservice being deployed and configured within the cluster. Please see the linked prerequisite for Authservice.

Prerequisites

• Ensure the Global SSO Settings have already been configured for this cluster.
• Access to Keycloak Master Realm
• Ensure Authservice SSO has already been configured for this cluster.

Create Keycloak Client

tip

If this client already exists due to it being configured for another cluster, consider adding the environment name as common prefix to the client name. For example, the client name could be my-org-run-alertmanager.

1. While you are in the smoothglue realm, click on Clients under Manage in the left pane.
2. Click Create client.
3. Enter client name alertmanager for Client ID.
4. Click on the Next button.
5. Toggle on Client authentication.
6. Click on the Next button. Note: The application's FQDN name may be obtained by running kubectl get virtualservice -A
7. Enter https://{{ application_fqdn }}/login/generic_oauth for Valid Redirect URIs.
8. Click on the Save button.

SSO Configuration

Retrieve the client_secret from the Keycloak client:

1. As a Keycloak Admin and within the smoothglue realm, click Clients on the left-hand panel.
2. Click on the alertmanager client.
3. Click on the Credentials tab.
4. Copy the value from the Client Secret field.

Add the following values to bigbang-secrets.yaml to configure SSO:

monitoring:
  sso:
    enabled: true
    alertmanager:
      client_id: alertmanager # should match the client name in keycloak
      client_secret: ""

info

See How to Configure Big Bang Values for more information on configuring Big Bang applications.