fix: remove unnecessary mount for k8s setup

[moabu]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #10111

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

DryRun Security Summary

The pull request covers a wide range of updates to the Janssen application's Helm charts and configuration files, primarily focusing on improving the security and reliability of the application's infrastructure, with a particular emphasis on the Keycloak integration, credential management, logging, ingress configuration, persistence configuration, and Vault integration.

Expand for full summary

Summary:

The code changes in this pull request cover a wide range of updates to the Janssen application's Helm charts and configuration files. The changes primarily focus on improving the security and reliability of the application's infrastructure, with a particular emphasis on the Keycloak integration, credential management, logging, and ingress configuration.

Key security-related changes include:

1. Keycloak Integration: The changes introduce new configuration options for Keycloak, such as the admin username and password, as well as updates to the database password and schema configurations. Ensuring the secure integration between Janssen and Keycloak is crucial for the overall security of the application.

2. Credential Management: The changes show a move towards more secure handling of sensitive information, such as removing hardcoded credentials from configuration files and using Kubernetes Secrets or environment variables instead.

3. Logging Configuration: The updates to the logging configuration for various Janssen services, including the auth-server, config-api, fido2, link, and scim, are important for security monitoring and incident response.

4. Ingress Configuration: The changes to the ingress configuration for Janssen endpoints, such as the auth-server, fido2, scim, and saml services, are crucial for securing access to these services.

5. Persistence Configuration: The updates to the persistence configuration, including changes to the Couchbase and SQL database settings, are important for ensuring secure and reliable data storage.

6. Vault Integration: The changes to the Vault integration, including updates to the Vault address, AppRole, and secret configuration, are essential for securely managing sensitive configuration and secrets.

Overall, the code changes in this pull request demonstrate a strong focus on enhancing the security and reliability of the Janssen application's infrastructure, with a particular emphasis on the secure integration of critical components like Keycloak, Vault, and the various Janssen services.

Files Changed:

1. charts/janssen-all-in-one/values.yaml: The changes introduce new configuration parameters for the Keycloak component, including the admin username and password, as well as the logging level.
2. charts/janssen/charts/auth-server-key-rotation/README.md: The changes provide an overview of the authentication key rotation functionality, including details on key life, push delay, and key selection strategy.
3. charts/janssen-all-in-one/templates/deployment.yml: The changes remove SAML-related configuration, add custom annotations, and configure probes and resource management.
4. charts/janssen-all-in-one/README.md: The changes add new configuration parameters for the Keycloak component, including the admin username and password, as well as the database connection details.
5. charts/janssen-all-in-one/templates/configmap.yaml: The changes remove Keycloak-specific environment variables, suggesting a shift in the application's authentication mechanism.
6. charts/janssen-all-in-one/templates/secret.yaml: The changes introduce new configuration options related to SAML integration and Keycloak.
7. charts/janssen/charts/cn-istio-ingress/README.md: The changes remove the autogenerated footer from the README.md file.
8. charts/janssen/README.md: The changes update the Keycloak-related configuration parameters, including the admin username and password, as well as the database password.
9. charts/janssen/charts/casa/README.md: The changes remove the autogenerated footer from the README.md file.
10. charts/janssen/charts/config-api/README.md: The changes remove the autogenerated footer from the README.md file.
11. charts/janssen/charts/config/templates/secrets.yaml: The changes introduce new configuration options and secrets related to SAML functionality.
12. charts/janssen/charts/kc-scheduler/README.md: The changes remove the autogenerated footer from the README.md file.
13. charts/janssen/charts/config/templates/configmaps.yaml: The changes remove Keycloak-specific environment variables and add new configuration options related to the Keycloak database.
14. charts/janssen/charts/fido2/README.md: The changes remove the autogenerated footer from the README.md file.
15. charts/janssen/charts/persistence/README.md: The changes remove the autogenerated footer from the README.md file.

Code Analysis

We ran 9 analyzers against 26 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.