Scope: Configuration options for KOBIL Shift IDP services

Required IDP Services

idpCore

Optional IDP Services

idpScpConnector

idpScheduler

Dependencies for specific IDP-services to other KOBIL Shift Services

idpScpConnector - ast* / asttms

References to KOBIL Shift metaconfig (values.yaml)

Servicegroup enable/disable:

# -- IDP specific values
idp:
  enabled: true

Service configuration:

# -- Configuration for idp-core
idpCore:
  enabled: true
  replicaCount: 1

  database:
    host: postgres
    port: 5432
    name: "idp_core"
    auth:
      username: user
      password: "password"

# -- Configuration for idp-scp-connector
idpScpConnector:
  enabled: true
  replicaCount: 1

  database:
    host: postgres
    port: 5432
    name: "idp_scp_connector"
    auth:
      username: user
      password: "password"

# -- Configuration for idp-scheduler
idpScheduler:
  enabled: false
  replicaCount: 1

Very important parameter for IDP (idpCore) services, is the template file "auto-import.json" provided by KOBIL covering the required (and sufficient) worker-tenant configuration. For this the KOBIL Shift metaconfiguration file needs to cover per valuesOverride an appropriate setup (see here for using valuesOverride)

# -- Configuration for idp-core
idpCore:
  enabled: true
 
  # loading specific idp-core chart settings overriding defaults
  valuesOverride:
    # mainContainer related parameter updates under hierarchy "mainContainer" (see sub-chart idp-core <root>/values.yaml)
    mainContainer:
      importRealm:
        # when enabled the auto-import.json is saved at Pod runtime into directory /realm-auto-import
        enable: true
        useBuiltin: true

This "realm" configuration is used as a template when creating a new realm (worker-tenant) (i.e. via Workspace Management Portal) starting from default MASTER realm.