Skaffold Config For Apache Polaris With Keycloak as IDP. Prepared fot he article on medium https://medium.com/@artur.rakhmatulin/understanding-apache-polaris-rbac-from-the-inside-by-creating-my-own-ui-b65449c2c9b5

polaris-bootstrap-values.yaml

image:
  repository: docker.io/binarycat/polaris-admin-tool
  tag: 1.2.0-incubating-SNAPSHOT
  pullPolicy: IfNotPresent

polarisMgmt:
  host: polaris-mgmt
  port: 8182

persistence:
  database: "POLARIS"
  username: "postgres"
  password: "password"
  host: postgres
  port: 5432

bootstrap:
  realms: 
    - "POLARIS"
    - "EXTERNAL"
  credentials:
    - "POLARIS,root,s3cr3t"
    - "EXTERNAL,root2,s3cr3t"

polaris-values.yaml

features:
  SUPPORTED_CATALOG_STORAGE_TYPES:
    - S3

authentication:
  type: internal
  authenticator:
    type: default
  tokenBroker:
    secret: {}

persistence:
  type: relational-jdbc
  relationalJdbc:
    secret: {}

extraEnv:
  - name: "polaris.readiness.ignore-severe-issues"
    value: "true"
  - name: "polaris.realm-context.realms"
    value: "POLARIS,EXTERNAL"
  - name: "polaris.authentication.type"
    value: "internal"
  - name: "polaris.authentication.EXTERNAL.type"
    value: "mixed"
  - name: "quarkus.oidc.tenant-enabled"
    value: "true"
  - name: "quarkus.oidc.auth-server-url"
    value: "http://keycloak:8080/realms/EXTERNAL"
  - name: "quarkus.oidc.client-id"
    value: "apache_polaris"
  - name: "quarkus.oidc.credentials.secret"
    value: "apache_polaris_secret"
  - name: "quarkus.oidc.roles.role-claim-path"
    value: "principal_roles"
  - name: "polaris.oidc.principal-mapper.id-claim-path"
    value: "principal_id"
  - name: "polaris.oidc.principal-mapper.name-claim-path"
    value: "principal_name"
  - name: "polaris.oidc.principal-roles-mapper.mappings[0].regex"
    value: "(.+)"
  - name: "polaris.oidc.principal-roles-mapper.mappings[0].replacement"
    value: "PRINCIPAL_ROLE:$1"
  - name: QUARKUS_DATASOURCE_DB_KIND
    value: "postgresql"
  - name: QUARKUS_DATASOURCE_USERNAME
    value: "postgres"
  - name: QUARKUS_DATASOURCE_PASSWORD
    value: "password"
  - name: QUARKUS_DATASOURCE_JDBC_URL
    value: "jdbc:postgresql://postgres:5432/POLARIS"
  - name: AWS_ACCESS_KEY_ID
    valueFrom:
      secretKeyRef:
        name: demo-aws-access-key
        key: key_id
  - name: AWS_SECRET_ACCESS_KEY
    valueFrom:
      secretKeyRef:
        name: demo-aws-access-key
        key: key_secret

skaffold-polaris-keycloak.yaml

apiVersion: skaffold/v4beta11
kind: Config
metadata:
  name: polaris

deploy:
  helm:
    releases:
      - name: keycloak-db
        repo: https://binarycat0.github.io/helm-charts-demo-polaris-persistence-db
        remoteChart: binarycat-polaris-persistence-db
        version: "1.0.1"
        namespace: polaris
        createNamespace: true
        setValues:
          appLabel: keycloak-db
          service:
            name: keycloak-db
            port: 5432
          persistence:
            name: keycloak-db-pvc
          postgres:
            database: "KEYCLOAK"
            username: "postgres"
            password: "password"

      - name: keycloak
        remoteChart: binarycat-keycloak
        repo: https://binarycat0.github.io/helm-charts-demo-keycloak
        version: "1.0.3"
        namespace: polaris
        createNamespace: true
        setValues:
          kind: Deployment
          appLabel: keycloak
          service:
            name: keycloak
            port: 8080
          db:
            host: keycloak-db
            port: 5432
            name: "KEYCLOAK"
            username: "postgres"
            password: "password"
          extraEnv:
            - name: KC_BOOTSTRAP_ADMIN_USERNAME
              value: "admin"
            - name: KC_BOOTSTRAP_ADMIN_PASSWORD
              value: "admin"

      - name: persistence-db
        remoteChart: binarycat-polaris-persistence-db
        repo: https://binarycat0.github.io/helm-charts-demo-polaris-persistence-db/
        version: "1.0.1"
        namespace: polaris
        createNamespace: true
        setValues:
          appLabel: persistence-db
          service:
            name: postgres
            port: 5432
          persistence:
            name: postgres-pvc
          postgres:
            database: "POLARIS"
            username: "postgres"
            password: "password"

      - name: polaris
        chartPath: "{{ .HOME }}/polaris/helm/polaris"
        namespace: polaris
        createNamespace: true
        valuesFiles:
          - "{{ .HOME }}/polaris/helm/polaris/values.yaml"
          - polaris-values.yaml

      - name: polaris-bootstrap
        remoteChart: binarycat-polaris-bootstrap
        repo: https://binarycat0.github.io/helm-charts-demo-polaris-bootstrap-job
        namespace: polaris
        valuesFiles:
          - polaris-bootstrap-values.yaml
        setValues:
          jobName: polaris-bootstrap

      - name: apache-polaris-ui
        repo: https://binarycat0.github.io/polaris-admin-panel
        remoteChart: apache-polaris-ui
        namespace: polaris
        setValues:
          image:
            repository: ghcr.io/binarycat0/apache-polaris-ui
            tag: "latest"

portForward:
  - resourceType: service
    resourceName: keycloak
    namespace: polaris
    port: 8080
    localPort: 8080

  - resourceType: service
    resourceName: polaris
    namespace: polaris
    port: 8181
    localPort: 8181

  - resourceType: service
    resourceName: polaris-mgmt
    namespace: polaris
    port: 8182
    localPort: 8182
    
  - resourceType: service
    resourceName: postgres
    namespace: polaris
    port: 5432
    localPort: 5432

  - resourceType: service
    resourceName: apache-polaris-ui
    namespace: polaris
    port: 80
    localPort: 3000