custom volumes for bigbang integration

9750a6a5 · kevin.wilder · 77d8d97d · 9750a6a5 · 9750a6a5 · 9750a6a5
Commit 9750a6a5 authored 3 years ago by kevin.wilder
--- a/chart/templates/keycloak/values.yaml
+++ b/chart/templates/keycloak/values.yaml
@@ -53,7 +53,7 @@ secrets:
 {{- end }}

 {{- if and .Values.addons.keycloak.ingress.cert .Values.addons.keycloak.ingress.key }}
-extraVolumes: |-
+extraVolumesBigBang:
  - name: tlscert
    secret:
      secretName: keycloak-tlscert
@@ -61,7 +61,7 @@ extraVolumes: |-
    secret:
      secretName: keycloak-tlskey

-extraVolumeMounts: |-
+extraVolumeMountsBigBang:
  - name: tlscert
    mountPath: /etc/x509/https/tls.crt
    subPath: tls.crt

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -933,9 +933,10 @@ addons:
    git:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git
      path: "./chart"
-      tag: "11.0.0-bb.3"
+      tag: "11.0.0-bb.4"

    # -- Certificate/Key pair to use as the certificate for exposing Keycloak
+    # Setting the ingress cert here will automatically create the volume and volumemounts in the Keycloak Package chart
    ingress:
      key: ""
      cert: ""

--- a/charter/packages/keycloak/Architecture.md
+++ b/charter/packages/keycloak/Architecture.md
@@ -92,7 +92,6 @@ addons:
            realm.json: |-
              {insert realm.json content}
      # Create volumes for each secret above
-      # NOTE: You **MUST** include the tlscert and tlskey volumes since you are overriding the entire key's value
      extraVolumes: |-
        - name: certauthority
          secret:
@@ -103,14 +102,7 @@ addons:
        - name: realm
          secret:
            secretName: {{ include "keycloak.fullname" . }}-realm
-        - name: tlscert
-          secret:
-            secretName: {{ include "keycloak.fullname" . }}-tlscert
-        - name: tlskey
-          secret:
-            secretName: {{ include "keycloak.fullname" . }}-tlskey
      # Volume mount each volume in the appropriate location
-      # NOTE: You **MUST** include the tlscert and tlskey volumes since you are overriding the entire key's value
      extraVolumeMounts: |-
        - name: certauthority
          mountPath: /etc/x509/https/cas.pem
@@ -124,15 +116,6 @@ addons:
          mountPath: /opt/jboss/keycloak/realm.json
          subPath: realm.json
          readOnly: true
-        - name: tlscert
-          mountPath: /etc/x509/https/tls.crt
-          subPath: tls.crt
-          readOnly: true
-        - name: tlskey
-          mountPath: /etc/x509/https/tls.key
-          subPath: tls.key
-          readOnly: true
-
 ```

 ### Keycloak Admin password