Merge pull request #11 from MiamiOH/7-send-secretsproperties-via-conf…

…igmap

7 send secretsproperties via configmap

README.md

@@ -53,10 +53,6 @@ The following table lists the configurable parameters of the heml-template chart
 | `serviceAccount.create`             | Specifies whether a service account should be created                                                                  | `true`             |
 | `serviceAccount.annotations`        | Annotations to add to the service account                                                                              | {}                 |
 | `serviceAccount.name`               | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | ``                 |
-| `podSecurityContext.runAsUser`      |                                                                                                                        | 1000               |
-| `securityContext.capabilities.drop` |                                                                                                                        | `[ALL]`            |
-| `securityContext.runAsNonRoot`      |                                                                                                                        | true               |
-| `securityContext.runAsUser`         |                                                                                                                        | 1000               |
 | `resources.limits.cpu`              |                                                                                                                        | 2000m              |
 | `resources.limits.memory`           |                                                                                                                        | 4Gi                |
 | `resources.requests.cpu`            |                                                                                                                        | 1000m              |

charts/shibboleth-idp/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.1
+version: 0.3.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/shibboleth-idp/templates/NOTES.txt

@@ -0,0 +1,6 @@
+# We should Probably add more output data to this file
+
+Go to: 
+{{- range .Values.ingress.hosts }}
+    https://{{ . }}/idp/status  to verify that it is up
+{{- end }}

charts/shibboleth-idp/templates/deployment.yaml

@@ -21,8 +21,6 @@ spec:
         {{- toYaml . | nindent 8 }}
     {{- end }}
       serviceAccountName: {{ include "shib-idp.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       {{- if .Values.conf.image }}
       initContainers:
         - name: conf

charts/shibboleth-idp/values.yaml

@@ -4,7 +4,7 @@ fullnameOverride: ""
 replicaCount: 1
 
 image:
-  repository: "tier/shib-idp"
+  repository: "i2incommon/shib-idp"
   tag: "4.3.1_20230330"
   pullPolicy: Always
 
@@ -28,16 +28,6 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name:
 
-podSecurityContext:
-  runAsUser: 1000
-
-securityContext:
-  capabilities:
-    drop:
-    - ALL
-  runAsNonRoot: true
-  runAsUser: 1000
-
 resources:
   limits:
     cpu: 2000m
@@ -75,13 +65,17 @@ conf:
     #   on multiple lines
 
   # data-only container with conf/ files located under /conf
-  image: {}
+  image: 
+    repository: "miamioh/shib-idp-conf"
+    tag: "latest"
     # repository: "nexus.ci.psu.edu:5000/docker/shib-idp-conf"
     # tag: "1.0"
     # pullPolicy: Always    
 
 metadata:
-  image: {}
+  image: 
+    repository: "miamioh/shib-idp-metadata"
+    tag: "latest"
 
 properties:
   # configmaps and secrets whose keys will be appended to conf/idp.properties on startup
@@ -97,4 +91,7 @@ credentials:
   # configmaps and secrets whose keys will be mounted under credentials/ as files
   configMaps: {}
   sealedSecrets: {}
-  values: {}  
+  values: 
+    secrets.properties: |- 
+      idp.authn.LDAP.bindDNCredential: password
+  #TODO #10 Need to figure out how to best pass this info