Enterprise Edition
Available on: Enterprise Edition
How to configure Kestra Enterprise Edition.
Kestra Enterprise Edition offers many enhancements over the Open Source Edition, adding authentication, security, audit logs, and more. Here are some of the features available in the Enterprise Edition:
- Multi-Tenancy
- Audit Logs
- Authentication
- SSO
- RBAC
- Secrets Manager
- Namespace Management
- Worker Groups
- Worker Isolation
For more information on what is included in the Enterprise Edition, check out the product page.
Enterprise Edition license
To use Kestra Enterprise Edition, you will need a valid license. Our sales team will provide this license to you; if it's not the case, please reach out to them at sales@kestra.io.
The license is set up using two configuration properties: id
and key
.
kestra.ee.license.id
: license identifier.kestra.ee.license.key
: license key.
When you launch Kestra Enterprise Edition, it will check the license and display the validation step in the log.
SuperAdmin User from configuration
The most powerful user in Kestra is the SuperAdmin
You can create a SuperAdmin user from the configuration file.
The super-admin requires three properties:
kestra.security.super-admin.username
: the username of the super-adminkestra.security.super-admin.password
: the password of the super-adminkestra.security.super-admin.tenantAdminAccess
: a list of tenants that the super-admin can access- This property can be omitted if you do not use multi-tenancy
- If a Tenant does not exists, it will be created
- At each startup, this user is checked and if the list of access permissions has been modified, new access permissions can be created, but none will be removed
The password should never be stored in clear text in the configuration file. Make sure to use an environment variable in the format ${KESTRA_SUPERADMIN_PASSWORD}
.
kestra:
security:
super-admin:
username: your_username
password: ${KESTRA_SUPERADMIN_PASSWORD}
tenantAdminAccess:
- <optional>
Default Role from configuration
The default role is the role that will be assigned to a new user when it is created.
For setup facilities, you can define the default role from the configuration file. Each time you start Kestra, the default role will be checked and created if it does not exist for every Tenant.
The default role requires three properties:
kestra.security.default-role.name
: the name of the default rolekestra.security.default-role.description
: the description of the default rolekestra.security.default-role.permissions
: the permissions of the default role- This has to be a map with a Permission as a key and a list of Action as a value
kestra:
security:
default-role:
name: default
description: "Default role"
permissions:
FLOW: ["CREATE", "READ", "UPDATE", "DELETE"]
Make sure that you attach the default-role
configuration under kestra.security
rather than under micronaut.security
— it's easy to confuse the two so make sure you enter that configuration in the right place.
When using multitenancy, the default role will be added to every tenant. The admin will then need to explicitly add the user to a tenant.
Was this page helpful?