Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-2594

Sectio 13.1 (Kubernetes / OpenShift files plain-text vault provider) very difficult to understand

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Major Major
    • None
    • RH-SSO-7.6.4
    • Documentation
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      1. Issue description:

      The section 13.1. Kubernetes / OpenShift files plain-text vault provider is very difficult to understand.

      https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6/html/server_administration_guide/vault-administration#providers

      It needs clarification on:

      1. How to build the filename containing the password:

      The filename to be used is <realmname>_<secret-name>
      (Double all underscores within the secret name or the realm name in the file name)
       
      2. The filename password should contain no trailing space '\n' (usually added by editor such as vi or echo).
      It means that the trailing space should be removed, otherwise authentication will fail.

      3. You should indicate how to create the secret

      4. You need to describe how to add the equivalent command to OCP/RH-SSO pod deployment

      /subsystem=keycloak-server/spi=vault/:add
      /subsystem=keycloak-server/spi=vault/provider=files-plaintext/:add(enabled=true,properties={dir => "${jboss.home.dir}/standalone/configuration/vault"})
      /subsystem=keycloak-server/spi=vault:write-attribute(name=default-provider,value=files-plaintext)

      usually this is done via a configmap.

      5. You need to add volumeMounts/Volume to accommodate your newly created secret and configmap.

              amunro@redhat.com Andrew Munro
              rhn-support-orivat Olivier Rivat
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: