diff --git a/automation/dbildungs-iam-keycloak/Chart.yaml b/automation/dbildungs-iam-keycloak/Chart.yaml index 33ddcb99b..3dfcd0287 100644 --- a/automation/dbildungs-iam-keycloak/Chart.yaml +++ b/automation/dbildungs-iam-keycloak/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: SPSH-1651 +appVersion: dbp-1084 description: A Helm Chart for the dbildungs-iam-keycloak name: dbildungs-iam-keycloak type: application -version: 0.0.0-spsh-1651-20241217-1328 +version: 0.0.0-dbp-1084-20241217-1458 diff --git a/automation/dbildungs-iam-keycloak/dev-realm-spsh.json b/automation/dbildungs-iam-keycloak/dev-realm-spsh.json index 9d8821a97..dfabf8403 100644 --- a/automation/dbildungs-iam-keycloak/dev-realm-spsh.json +++ b/automation/dbildungs-iam-keycloak/dev-realm-spsh.json @@ -853,7 +853,7 @@ "oidc.ciba.grant.enabled": "false", "client.secret.creation.time": "1727357679", "backchannel.logout.session.required": "true", - "jwt.credential.certificate": "${KC_SERVICE_CLIENT_CERTIFICATE}", + "jwt.credential.certificate": "MIICpzCCAY8CBgGSudz1xDANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxzcHNoLXNlcnZpY2UwHhcNMjQxMDIzMTQ1MDE4WhcNMzQxMDIzMTQ1MTU4WjAXMRUwEwYDVQQDDAxzcHNoLXNlcnZpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4+xc3VFrYv+1A5Eoa+7firuYN/+3FwoLKSYAe68FQrPTDA27qyTdtPwbZfYe33lxREq7YgAF0T9qGVShXQrQqv+vvf0IDBdsTWd2UbEnJ02vj0CvDKV+1bFBWQt2Ead7MF6Wsw0HbK1tWMlvdZZl7YwypH8uHmXtGvdnnYNCLzJYPEWU4so6CPVAB89cTdspceYGg9HUnoWKv7IklAL/fJfJ/IWO/D/tEmPqM5taONuQmnwmYFhXMFAVRu32uixIYXNzr8Tw9w5naHIjENib83OtiqwidZrGbL7djNidIIs0XOzTxRlOzJ/+ajvUUQJLEQPEpjyd0QFEk2RshtcD9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGsR/rbVu+Yf0rvYsfz59etjNoEtTq8l4jbDMChJRnanLHJvAxqHl0co1m+MbxTYB+l2cnqS6tpwea0LfKICXAamMScxe8dcq86DHV8RFOpWLszZgxFuPNplVxZxWde2AhwxCTz/wF2bPllJGc8mxJK0DJkuC50zh9yXQ6XFfwT9qTVAvqv3aEEKidmY3uDxRYFnzmLzqu7ac+Q3e/AWtP+PCQ+vmSJaSK4Uyn21wu3VN+1Gb8clPVI2pkNypSExq/OeS6g1BZy6Sng9mxG42602RLQj7QwK4GQHxYqMCEagf2W1OzC9pt+kGGg0JlN1kxeodiKLvU/Q8zWGCURWY30=", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "backchannel.logout.revoke.offline.tokens": "false" @@ -959,7 +959,7 @@ "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "backchannel.logout.revoke.offline.tokens": "false", - "acr.loa.map": "{\"gold\":\"10\", \"silver\":\"15\"}", + "acr.loa.map": "{\"gold\":\"10\"}", "default.acr.values": "0" }, "authenticationFlowBindingOverrides": { @@ -1445,72 +1445,6 @@ "configure": true, "manage": true } - }, - { - "id": "dd986a17-44c7-4ec9-87f6-addf1646ecf0", - "clientId": "${KC_SCHOOLSH_CLIENT_ID}", - "name": "School-SH", - "description": "", - "rootUrl": "${KC_SCHOOLSH_CLIENT_ROOT_URL}", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "${KC_SCHOOLSH_CLIENT_SECRET}", - "redirectUris": [ - "/cgi/samlauth" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "saml", - "attributes": { - "saml.assertion.signature": "true", - "saml_assertion_consumer_url_redirect": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/samlauth", - "saml_single_logout_service_url_post": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/tmlogout", - "saml.force.post.binding": "true", - "saml.encrypt": "true", - "saml_assertion_consumer_url_post": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/samlauth", - "saml.server.signature": "true", - "saml.server.signature.keyinfo.ext": "false", - "saml.signing.certificate": "${KC_SCHOOLSH_CLIENT_SIGNING_CERTIFICATE}", - "saml_single_logout_service_url_redirect": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/tmlogout", - "saml.artifact.binding": "false", - "saml.signature.algorithm": "RSA_SHA256", - "saml_force_name_id_format": "false", - "saml.client.signature": "true", - "saml.encryption.certificate": "${KC_SCHOOLSH_CLIENT_ENCRYPTION_CERTIFICATE}", - "saml.authnstatement": "true", - "display.on.consent.screen": "false", - "saml_name_id_format": "username", - "saml.allow.ecp.flow": "false", - "saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#", - "saml.onetimeuse.condition": "false", - "saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer": "NONE" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "role_list" - ], - "optionalClientScopes": [], - "access": { - "view": true, - "configure": true, - "manage": true - } } ], "clientScopes": [ @@ -2192,27 +2126,12 @@ }, { "id": "d47622d7-8d04-4d38-b7f0-d80eb182f80d", - "name": "rsa", - "providerId": "rsa", + "name": "rsa-generated", + "providerId": "rsa-generated", "subComponents": {}, "config": { - "privateKey": [ - "${KC_RS256_PRIVATE_KEY}" - ], - "certificate": [ - "${KC_RS256_CERTIFICATE}" - ], - "active": [ - "true" - ], - "enabled": [ - "true" - ], "priority": [ "100" - ], - "algorithm": [ - "RS256" ] } }, @@ -2898,7 +2817,7 @@ "piservicepass" : "${PI_ADMIN_PASSWORD}", "piserver" : "${PI_BASE_URL}", "piserviceaccount" : "${PI_ADMIN_USER}", - "pidefaultmessage" : "Diese Aktion setzt eine Zwei-Faktor-Authentifizierung voraus. Bitte geben Sie die 6 Ziffern des Einmalpassworts von Ihrem 2FA-Token ein.", + "pidefaultmessage" : "Diese Aktion setzt eine Zwei-Faktor-Authentifizierung voraus. Bitte geben Sie das Einmalpasswort von Ihrem 2FA-Token ein.", "preftokentype" : "OTP", "pirealm" : "${PI_REALM}", "pidolog" : "true", diff --git a/automation/dbildungs-iam-keycloak/prod-realm-spsh.json b/automation/dbildungs-iam-keycloak/prod-realm-spsh.json index db80ab8f2..88148773c 100644 --- a/automation/dbildungs-iam-keycloak/prod-realm-spsh.json +++ b/automation/dbildungs-iam-keycloak/prod-realm-spsh.json @@ -851,7 +851,7 @@ "oidc.ciba.grant.enabled": "false", "client.secret.creation.time": "1727357679", "backchannel.logout.session.required": "true", - "jwt.credential.certificate": "${KC_SERVICE_CLIENT_CERTIFICATE}", + "jwt.credential.certificate": "MIICpzCCAY8CBgGSudz1xDANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxzcHNoLXNlcnZpY2UwHhcNMjQxMDIzMTQ1MDE4WhcNMzQxMDIzMTQ1MTU4WjAXMRUwEwYDVQQDDAxzcHNoLXNlcnZpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4+xc3VFrYv+1A5Eoa+7firuYN/+3FwoLKSYAe68FQrPTDA27qyTdtPwbZfYe33lxREq7YgAF0T9qGVShXQrQqv+vvf0IDBdsTWd2UbEnJ02vj0CvDKV+1bFBWQt2Ead7MF6Wsw0HbK1tWMlvdZZl7YwypH8uHmXtGvdnnYNCLzJYPEWU4so6CPVAB89cTdspceYGg9HUnoWKv7IklAL/fJfJ/IWO/D/tEmPqM5taONuQmnwmYFhXMFAVRu32uixIYXNzr8Tw9w5naHIjENib83OtiqwidZrGbL7djNidIIs0XOzTxRlOzJ/+ajvUUQJLEQPEpjyd0QFEk2RshtcD9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGsR/rbVu+Yf0rvYsfz59etjNoEtTq8l4jbDMChJRnanLHJvAxqHl0co1m+MbxTYB+l2cnqS6tpwea0LfKICXAamMScxe8dcq86DHV8RFOpWLszZgxFuPNplVxZxWde2AhwxCTz/wF2bPllJGc8mxJK0DJkuC50zh9yXQ6XFfwT9qTVAvqv3aEEKidmY3uDxRYFnzmLzqu7ac+Q3e/AWtP+PCQ+vmSJaSK4Uyn21wu3VN+1Gb8clPVI2pkNypSExq/OeS6g1BZy6Sng9mxG42602RLQj7QwK4GQHxYqMCEagf2W1OzC9pt+kGGg0JlN1kxeodiKLvU/Q8zWGCURWY30=", "oauth2.device.authorization.grant.enabled": "false", "display.on.consent.screen": "false", "backchannel.logout.revoke.offline.tokens": "false" @@ -1282,72 +1282,6 @@ "configure": true, "manage": true } - }, - { - "id": "dd986a17-44c7-4ec9-87f6-addf1646ecf0", - "clientId": "${KC_SCHOOLSH_CLIENT_ID}", - "name": "School-SH", - "description": "", - "rootUrl": "${KC_SCHOOLSH_CLIENT_ROOT_URL}", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "${KC_SCHOOLSH_CLIENT_SECRET}", - "redirectUris": [ - "/cgi/samlauth" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "saml", - "attributes": { - "saml.assertion.signature": "true", - "saml_assertion_consumer_url_redirect": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/samlauth", - "saml_single_logout_service_url_post": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/tmlogout", - "saml.force.post.binding": "true", - "saml.encrypt": "true", - "saml_assertion_consumer_url_post": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/samlauth", - "saml.server.signature": "true", - "saml.server.signature.keyinfo.ext": "false", - "saml.signing.certificate": "${KC_SCHOOLSH_CLIENT_SIGNING_CERTIFICATE}", - "saml_single_logout_service_url_redirect": "${KC_SCHOOLSH_CLIENT_ROOT_URL}/cgi/tmlogout", - "saml.artifact.binding": "false", - "saml.signature.algorithm": "RSA_SHA256", - "saml_force_name_id_format": "false", - "saml.client.signature": "true", - "saml.encryption.certificate": "${KC_SCHOOLSH_CLIENT_ENCRYPTION_CERTIFICATE}", - "saml.authnstatement": "true", - "display.on.consent.screen": "false", - "saml_name_id_format": "username", - "saml.allow.ecp.flow": "false", - "saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#", - "saml.onetimeuse.condition": "false", - "saml.server.signature.keyinfo.xmlSigKeyInfoKeyNameTransformer": "NONE" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "role_list" - ], - "optionalClientScopes": [], - "access": { - "view": true, - "configure": true, - "manage": true - } } ], "clientScopes": [ @@ -2029,27 +1963,12 @@ }, { "id": "d47622d7-8d04-4d38-b7f0-d80eb182f80d", - "name": "rsa", - "providerId": "rsa", + "name": "rsa-generated", + "providerId": "rsa-generated", "subComponents": {}, "config": { - "privateKey": [ - "${KC_RS256_PRIVATE_KEY}" - ], - "certificate": [ - "${KC_RS256_CERTIFICATE}" - ], - "active": [ - "true" - ], - "enabled": [ - "true" - ], "priority": [ "100" - ], - "algorithm": [ - "RS256" ] } }, @@ -2735,7 +2654,7 @@ "piservicepass" : "${PI_ADMIN_PASSWORD}", "piserver" : "${PI_BASE_URL}", "piserviceaccount" : "${PI_ADMIN_USER}", - "pidefaultmessage" : "Diese Aktion setzt eine Zwei-Faktor-Authentifizierung voraus. Bitte geben Sie die 6 Ziffern des Einmalpassworts von Ihrem 2FA-Token ein.", + "pidefaultmessage" : "Diese Aktion setzt eine Zwei-Faktor-Authentifizierung voraus. Bitte geben Sie das Einmalpasswort von Ihrem 2FA-Token ein.", "preftokentype" : "OTP", "pirealm" : "${PI_REALM}", "pidolog" : "true", diff --git a/automation/dbildungs-iam-keycloak/templates/configmap.yaml b/automation/dbildungs-iam-keycloak/templates/configmap.yaml index e6596fee5..4fbaf3eb2 100644 --- a/automation/dbildungs-iam-keycloak/templates/configmap.yaml +++ b/automation/dbildungs-iam-keycloak/templates/configmap.yaml @@ -11,7 +11,5 @@ data: KC_ROOT_URL: "https://{{ .Values.frontendHostname }}" KC_PROXY: "edge" KEYCLOAK_ADMIN: admin - KC_SCHOOLSH_CLIENT_ID: "{{ .Values.schoolsh.clientId }}" - KC_SCHOOLSH_CLIENT_ROOT_URL: "{{ .Values.schoolsh.rootUrl }}" KC_HTTP_MANAGEMENT_PORT: "8090" STATUS_URL: "{{ .Values.status.url }}" \ No newline at end of file diff --git a/automation/dbildungs-iam-keycloak/templates/deployment.yaml b/automation/dbildungs-iam-keycloak/templates/deployment.yaml index 0500d0218..50d66b5f6 100644 --- a/automation/dbildungs-iam-keycloak/templates/deployment.yaml +++ b/automation/dbildungs-iam-keycloak/templates/deployment.yaml @@ -50,8 +50,6 @@ spec: env: - name: JAVA_OPTS_APPEND value: "-Djgroups.dns.query={{ template "common.names.name" . }}-headless.{{ template "common.names.namespace" . }}.svc.cluster.local" - - name: KC_HTTP_POOL_MAX_THREADS - value: "{{ .Values.threadPool }}" - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: @@ -72,16 +70,6 @@ spec: secretKeyRef: name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} key: db-password - - name: KC_RS256_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: keycloak-rs256-privateKey - - name: KC_RS256_CERTIFICATE - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: keycloak-rs256-certificate - name: KC_CLIENT_SECRET valueFrom: secretKeyRef: @@ -92,11 +80,6 @@ spec: secretKeyRef: name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} key: keycloak-adminSecret - - name: KC_SERVICE_CLIENT_CERTIFICATE - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: keycloak-serviceClientCertificate - name: KC_ITSLEARNING_CLIENT_SECRET valueFrom: secretKeyRef: @@ -144,21 +127,6 @@ spec: key: keycloak-nextcloud-clientSecret - name: KC_DB_URL value: "jdbc:postgresql://$(DB_HOST)/$(DB_NAME)" - - name: KC_SCHOOLSH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: keycloak-schoolsh-clientSecret - - name: KC_SCHOOLSH_CLIENT_SIGNING_CERTIFICATE - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: keycloak-schoolsh-signingCertificate - - name: KC_SCHOOLSH_CLIENT_ENCRYPTION_CERTIFICATE - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: keycloak-schoolsh-encryptionCertificate {{- if .Values.extraEnvVars }} {{ toYaml .Values.extraEnvVars | nindent 12 }} {{- end }} @@ -178,4 +146,4 @@ spec: name: {{ .Values.realm.name }} {{- with .Values.extraVolumes }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/automation/dbildungs-iam-keycloak/templates/ingress2nd.yaml b/automation/dbildungs-iam-keycloak/templates/ingress2nd.yaml deleted file mode 100644 index bb594edc1..000000000 --- a/automation/dbildungs-iam-keycloak/templates/ingress2nd.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{if .Values.ingress.enabled2nd }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "common.names.name" . }}-2nd - namespace: {{ template "common.names.namespace" . }} - labels: - {{- include "common.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - tls: - - hosts: - - {{ .Values.keycloak2ndHostname }} - ingressClassName: {{ .Values.ingress.ingressClassName }} - rules: - - host: {{ .Values.keycloak2ndHostname }} - http: - paths: - - path: {{ .Values.ingress.path }} - pathType: {{ .Values.ingress.pathType }} - backend: - service: - name: {{ template "common.names.name" . }} - port: - number: {{ .Values.service.ports.http }} -{{- end }} \ No newline at end of file diff --git a/automation/dbildungs-iam-keycloak/templates/keycloak-servicemonitor.yaml b/automation/dbildungs-iam-keycloak/templates/keycloak-servicemonitor.yaml deleted file mode 100644 index 85a83f34d..000000000 --- a/automation/dbildungs-iam-keycloak/templates/keycloak-servicemonitor.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.keycloak.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.names.name" . }} - namespace: {{ template "common.names.namespace" . }} - labels: - {{- include "common.labels" . | nindent 4 }} - app.kubernetes.io/component: keycloak -spec: - namespaceSelector: - matchNames: - - {{ include "common.names.namespace" . | quote }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "common.names.name" . }} - endpoints: - - port: {{ .Values.keycloak.serviceMonitor.port }} - path: {{ .Values.keycloak.serviceMonitor.path }} - interval: {{ .Values.keycloak.serviceMonitor.interval | default "30s" }} -{{- end }} diff --git a/automation/dbildungs-iam-keycloak/templates/pdb.yaml b/automation/dbildungs-iam-keycloak/templates/pdb.yaml deleted file mode 100644 index 7bedbc8f0..000000000 --- a/automation/dbildungs-iam-keycloak/templates/pdb.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.podDisruptionBudget.enabled }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ template "common.names.name" . }}-pdb - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "common.names.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} - selector: - matchLabels: - app.kubernetes.io/name: dbildungs-iam-keycloak -{{- end }} \ No newline at end of file diff --git a/automation/dbildungs-iam-keycloak/templates/secret.yaml b/automation/dbildungs-iam-keycloak/templates/secret.yaml index ea0ff8cde..fa32c7e33 100644 --- a/automation/dbildungs-iam-keycloak/templates/secret.yaml +++ b/automation/dbildungs-iam-keycloak/templates/secret.yaml @@ -9,11 +9,8 @@ data: admin-password: {{ .Values.auth.admin_password }} db-host: {{ .Values.database.host }} db-password: {{ .Values.database.password }} - keycloak-rs256-privateKey: {{ .Values.auth.keycloak_rs256_privateKey }} - keycloak-rs256-certificate: {{ .Values.auth.keycloak_rs256_certificate }} keycloak-adminSecret: {{ .Values.auth.keycloak_adminSecret }} keycloak-clientSecret: {{ .Values.auth.keycloak_clientSecret }} - keycloak-serviceClientCertificate: {{ .Values.auth.keycloak_serviceClientCertificate }} keycloak-itslearning-clientSecret: {{ .Values.auth.keycloak_itslearning_clientSecret }} keycloak-ox-clientSecret: {{ .Values.auth.keycloak_ox_clientSecret }} pi-admin-password: {{ .Values.auth.pi_admin_password }} @@ -23,8 +20,5 @@ data: pi-user-realm: {{ .Values.auth.pi_user_realm }} keycloak-nextcloud-clientId: {{ .Values.auth.keycloak_nextcloud_clientId }} keycloak-nextcloud-clientSecret: {{ .Values.auth.keycloak_nextcloud_clientSecret }} - keycloak-schoolsh-clientSecret: {{ .Values.auth.keycloak_schoolsh_clientSecret }} - keycloak-schoolsh-signingCertificate: {{ .Values.auth.keycloak_schoolsh_signingCertificate }} - keycloak-schoolsh-encryptionCertificate: {{ .Values.auth.keycloak_schoolsh_encryptionCertificate }} {{- end }} \ No newline at end of file diff --git a/automation/dbildungs-iam-keycloak/values.yaml b/automation/dbildungs-iam-keycloak/values.yaml index 798e92132..e79fbf64c 100644 --- a/automation/dbildungs-iam-keycloak/values.yaml +++ b/automation/dbildungs-iam-keycloak/values.yaml @@ -8,21 +8,14 @@ image: tag: "" pullPolicy: Always -schoolsh: - clientId: https://school-sh.invalid - rootUrl: https://school-sh.invalid - auth: # existingSecret: Refers to a secret already present in the cluster, which is required for the authentication and configuration of the database setup tasks. existingSecret: "" secretName: dbildungs-iam-keycloak admin_password: "" admin_user: "" - keycloak_rs256_privateKey: "" - keycloak_rs256_certificate: "" keycloak_adminSecret: "" keycloak_clientSecret: "" - keycloak_serviceClientCertificate: "" keycloak_itslearning_clientSecret: "" keycloak_ox_clientSecret: "" keycloak_nextcloud_clientId: "" @@ -32,10 +25,6 @@ auth: pi_admin_password: "" pi_user_resolver: "" pi_user_realm: "" - schoolsh_clientSecret: "" - schoolsh_signingCertificate: "" - schoolsh_encryptionCertificate: "" - command: [] @@ -57,7 +46,6 @@ restartPolicy: Always keycloakHostname: "" frontendHostname: "" -keycloak2ndHostname: "" containerSecurityContext: enabled: true @@ -79,9 +67,6 @@ resources: memory: "1Gi" cpu: "150m" -# should be about 4 times the cpu count -threadPool: 16 - startupProbe: enabled: true httpGet: @@ -103,8 +88,6 @@ readinessProbe: port: mgmt ingress: - # Only enable if 2nd host name is defined - enabled2nd: false ingressClassName: nginx path: / pathType: Prefix @@ -127,12 +110,6 @@ service: ports: http: 80 -keycloak: - serviceMonitor: - enabled: true - path: "/metrics" - port: 'mgmt' - autoscaling: enabled: false minReplicas: 1 @@ -141,7 +118,3 @@ autoscaling: status: url: "https://status.dev.spsh.dbildungsplattform.de/" - -podDisruptionBudget: - enabled: true - minAvailable: "80%"