AEROGEAR-1986 split up keycloak config into secret and non secret parts

[pb82]

Split up the keycloak config into secret and non secret parts where the non-secret parts are stored in a config map.

Based on this proposal: https://github.com/aerogear/proposals/blob/master/apbs/create-secret-and-configmap-during-provision.md#proposed-solution

To verify, checkout this branch and provision the apb. After everything is deployed, check that both, a config map and a secret with the name keycloak exist. The secret should only contain username and password. Delete the service instance. The config map and the secret should also be deleted.

[pb82]

@philbrookes this seems redundant. Does the mobile-cli need the name to be in a label too?

[philbrookes]

I think this can be removed.

[pb82]

@philbrookes this seems redundant. Does the mobile-cli need the name as a label and in metadata?

[philbrookes]

@pb82 this isn't metadata, this is the content of the secret/configmap. Though whether it is still required I'm unsure, this used to be required for the mcp-api-server to figure out what to call the service, but that may no longer be required in the mobile-cli. @maleck13 any thoughts?

[philbrookes]

@pb82 oh my mistake, I see that it is listed in both metadata and labels now, the location of this comment threw me off!

Yes, I think just having one of these would be sufficient.

[maleck13]

Yes I think we can largely work from the service instances now so likely don't need the additional name

[david-martin]

@maleck13 would appreciate your review of this based on the proposal

[psturc]

@pb82 did apb test work with this change?

[pb82]

@psturc Yes, it worked for me. Let's see what Jenkins says.

[psturc]

Well it doesn't look good. Looks like the same issue as in https://issues.jboss.org/browse/AEROGEAR-1987

[maleck13]

This looks about what I would expect. However I think @philbrookes and @pb82 should sync up and test that we can get the config ok and that we can do a binding between sync and kc ok (particularly via the CLI) IF there are issues with this, we should update
https://issues.jboss.org/browse/AEROGEAR-1924 with the details

[pb82]

@maleck13 @philbrookes i tried this and updated https://issues.jboss.org/browse/AEROGEAR-1924 with the results.

[psturc]

LGTM. I think the frequently occurring issue with deploying postgresql on Wendy shouldn't block this PR, since it's probably the issue with the testing cluster.

[pb82]

@maleck13 @dimitraz after adding the labels to the ServiceInstances of keycloak and fh-sync-server and running mobile create integration localregistry-fh-sync-server-apb-tpl9h localregistry-keycloak-apb-2mgdc --namespace myproject i get this error:

Error: failed to create pod preset for service : PodPreset.settings.k8s.io "localregistry-fh-sync-server-apb-tpl9h-localregistry-keycloak-apb-2mgdc" is invalid: [spec.selector.matchLabels: Invalid value: "": name part must be non-empty, spec.selector.matchLabels: Invalid value: "": name part must consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]'), spec.volumes[0].name: Required value, spec.volumeMounts[0].name: Required value]

[maleck13]

@pb82 aerogear-attic/mobile-cli#55