JanssenProject · moabu · Nov 13, 2024 · Nov 11, 2024 · Nov 11, 2024 · Nov 11, 2024
@@ -208,6 +208,8 @@ Kubernetes: `>=v1.22.0-0`
 | configmap.cnVaultSecretIdFile | string | `"/etc/certs/vault_secret_id"` | Path to file contains Vault AppRole secret ID. |
 | configmap.cnVaultVerify | bool | `false` | Verify connection to Vault. |
 | configmap.containerMetadataName | string | `"kubernetes"` |  |
+| configmap.kcAdminPassword | string | `"Test1234#"` | Keycloak  admin UI password |
+| configmap.kcAdminUsername | string | `"admin"` | Keycloak admin UI username |
 | configmap.kcDbPassword | string | `"Test1234#"` | Password for Keycloak database access |
 | configmap.kcDbSchema | string | `"keycloak"` | Keycloak database schema name (note that PostgreSQL may using "public" schema). |
 | configmap.kcDbUrlDatabase | string | `"keycloak"` | Keycloak database name |
@@ -296,8 +298,6 @@ Kubernetes: `>=v1.22.0-0`
 | kc-scheduler.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
 | kc-scheduler.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
 | kc-scheduler.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| kcAdminCredentialsFile | string | `"/etc/jans/conf/kc_admin_creds"` | Path to file contains Keycloak admin credentials (username and password) |
-| kcDbPasswordFile | string | `"/etc/jans/conf/kc_db_password"` | Path to file contains password for database access |
 | lbIp | string | `"22.22.22.22"` | The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `fqdn` is globally resolvable. |
 | lifecycle | object | `{}` |  |
 | link.appLoggers | object | `{"enableStdoutLogPrefix":"true","linkLogLevel":"INFO","linkLogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. |

@@ -202,8 +202,6 @@ data:
   KC_DB_URL_PORT: {{ .Values.configmap.kcDbUrlPort | quote }}
   KC_DB_URL_DATABASE: {{ .Values.configmap.kcDbUrlDatabase | quote }}
   KC_DB_URL_PROPERTIES: {{ .Values.configmap.kcDbUrlProperties | quote }}
-  CN_SAML_KC_DB_PASSWORD_FILE: {{ .Values.kcDbPasswordFile | quote }}
-  CN_SAML_KC_ADMIN_CREDENTIALS_FILE: {{ .Values.kcAdminCredentialsFile | quote }}
   {{- end }}
   CN_LOCK_ENABLED: {{ index .Values "auth-server" "lockEnabled" | quote }}
   CN_OPA_URL: {{ .Values.configmap.cnOpaUrl | quote }}

@@ -35,7 +35,7 @@ spec:
         sidecar.istio.io/rewriteAppHTTPProbers: "true"
       {{- end }}
       {{- if .Values.customAnnotations.pod }}
-      {{ toYaml .Values.customAnnotations.pod | indent 4 }}              
+      {{ toYaml .Values.customAnnotations.pod | indent 4 }}
       {{- end }}
       {{- end }}
     spec:
@@ -76,7 +76,7 @@ spec:
               {{- end }}
               python3 /scripts/tls_generator.py &
               /app/bin/entrypoint.sh
-          {{- end}}    
+          {{- end}}
         {{- end}}
         ports:
         - name: {{ .Values.service.name }}
@@ -113,11 +113,6 @@ spec:
             mountPath: /scripts/updatelbip.py
             subPath: updatelbip.py
         {{- end }}
-        {{- if .Values.saml.enabled }}
-          - name: kc-db-pass
-            mountPath: {{ .Values.kcDbPasswordFile }}
-            subPath: kc_db_password
-        {{- end }}
         livenessProbe:
 {{- toYaml .Values.livenessProbe | nindent 10 }}
         readinessProbe:
@@ -149,9 +144,3 @@ spec:
           configMap:
             name: {{ .Release.Name }}-updatelbip
       {{- end }}
-
-      {{- if .Values.saml.enabled }}
-        - name: kc-db-pass
-          secret:
-            secretName: {{ .Release.Name }}-kc-db-pass
-      {{- end }}
@@ -33,6 +33,9 @@ stringData:
         "auth_sig_keys": {{ index .Values "auth-server" "authSigKeys" | quote }},
         "auth_enc_keys": {{ index .Values "auth-server" "authEncKeys" | quote }},
         "optional_scopes": {{ list (include "janssen-all-in-one.optionalScopes" . | fromJsonArray | join ",") | quote }},
+        {{- if .Values.saml.enabled }}
+        "kc_admin_username": {{ .Values.configmap.kcAdminUsername | quote }},
+        {{- end }}
         "init_keys_exp": {{ index .Values "auth-server-key-rotation" "initKeysLife" }}
       },
       "_secret": {
@@ -58,31 +61,11 @@ stringData:
         "aws_config": {{ include "janssen-all-in-one.aws-config" . | b64enc | quote }},
         "aws_replica_regions": {{ .Values.configmap.cnAwsSecretsReplicaRegions | toJson | b64enc | quote }},
         {{- end }}
+        {{- if .Values.saml.enabled }}
+        "kc_db_password": {{ .Values.configmap.kcDbPassword | quote }},
+        "kc_admin_password": {{ .Values.configmap.kcAdminPassword | quote }},
+        {{- end }}
         "encoded_salt": {{ .Values.salt | quote }}
       }
     }
 {{- end }}
-
-{{- if .Values.saml.enabled }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Release.Name }}-kc-db-pass
-  labels:
-{{ include "janssen-all-in-one.labels" . | indent 4 }}
-{{- if .Values.additionalLabels }}
-{{ toYaml .Values.additionalLabels | indent 4 }}
-{{- end }}
-{{- if or (.Values.additionalAnnotations) (.Values.customAnnotations.secret) }}
-  annotations:
-{{- if .Values.additionalAnnotations }}
-{{ toYaml .Values.additionalAnnotations | indent 4 }}
-{{- end }}
-{{- if .Values.customAnnotations.secret }}
-{{ toYaml .Values.customAnnotations.secret | indent 4 }}
-{{- end }}
-{{- end }}
-data:
-  kc_db_password: {{ .Values.configmap.kcDbPassword | b64enc }}
-{{- end}}
@@ -146,6 +146,10 @@ configmap:
   lbAddr: ""
   # -- Quarkus transaction recovery. When using MySQL, there could be issue regarding XA_RECOVER_ADMIN; refer to https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_xa-recover-admin for details.
   quarkusTransactionEnableRecovery: true
+  # -- Keycloak  admin UI password
+  kcAdminPassword: Test1234#
+  # -- Keycloak admin UI username
+  kcAdminUsername: admin
   # -- Keycloak logging level
   kcLogLevel: INFO
   # -- Keycloak database vendor name (default to MySQL server). To use PostgreSQL server, change the value to postgres.
@@ -565,10 +569,6 @@ cnSqlPasswordFile: /etc/jans/conf/sql_password
 cnCouchbasePasswordFile: /etc/jans/conf/couchbase_password
 # -- Path to Couchbase superuser password file
 cnCouchbaseSuperuserPasswordFile: /etc/jans/conf/couchbase_superuser_password
-# -- Path to file contains password for database access
-kcDbPasswordFile: /etc/jans/conf/kc_db_password
-# -- Path to file contains Keycloak admin credentials (username and password)
-kcAdminCredentialsFile: /etc/jans/conf/kc_admin_creds
 # -- Path to configuration schema file
 cnConfiguratorConfigurationFile: /etc/jans/conf/configuration.json
 # -- Path to dumped configuration schema file