Configure Shift Services

How to configure Shift services - configure KOBIL Shift Chart sections per service.

Main Services are:

IDP

Important parameter for IDP (idpCore) services, is the template file "auto-import.json" provided by KOBIL covering the required (and sufficient) worker-tenant configuration. For this the KOBIL Shift metaconfiguration file needs to cover per "valuesOverride" an appropriate setup (see here for using "valuesOverride") - find sample here:

enable auto-import.json load

# \-- Configuration for idp-core

idpCore:
  enabled: true
  # loading specific idp-core chart settings overriding defaults
  valuesOverride:
    # mainContainer related parameter updates under hierarchy
    # "mainContainer" (see sub-chart idp-core \<root\>/values.yaml)
    mainContainer:
      importRealm:
        # when enabled the auto-import.json is saved at Pod runtime into directory /realm-auto-import
        enable: true
        useBuiltin: true

This "realm" configuration is used as a template when creating a "worker-tenant" in Keycloak (i.e. via Workspace Management Portal) starting from default MASTER realm.

AST

Most important for (production) install is to setup/create all parameter for a unique new internal "Issuer CA" and also the randoms/keys. Find details from README in section "IssuerCA" KOBIL Shift internal Issuer CA Related parameter are ast.existingSecretEncryptionKeys, ast.sessionEncryptionMasterKey, ast.databaseEncryptionMasterKey, ast.issuer.existingSecretIssuerCa , ast.issuer.existingSecretIssuerCa, ast.issuer.key 

smartDashboard

Requires post-deployment reconfiguration to enable smartDashboard client within IDP. See README for more details. In simple description - define new client in IDP - and then running a redeployment with adopted metaconfig "values.yaml" for helm upgrade command.