...

Log into your Postgres pod and access the psql command line

### Native Kubernetes
kubectl exec -it <keycloak postgres pod> /bin/bash
bash
psql -U postgres -d postgres

OR### OpenShift
oc rsh <keycloak postgres pod>
bash
psql -U postgres -d postgres

...

Apply the secrets change using

### Native Kubernetes
kubectl apply -f keycloak/k8s/keycloak-credentials.yaml

OR### 
OpenShift
oc apply -f keycloak/k8s/keycloak-credentials.yaml

Validate the secrets was updated using

### Native Kubernetes
kubectl get secrets

OR### OpenShift

oc get secrets

Once the change has been applied you will need to restart all dependant pods on this secret in the next section.

...

This can be done through the console via the keycloak Admin portal which be accessed via

<Domain <DOMAIN_URL>/keycloak

The default password is as prescribed by what’s in the secrets configuration.

1. Login as the Admin user for Keycloak and head to the top right hand corner to “Manage Account”.

2. Head to the password section on the left hand side pannel.

3. Simply update the password here.

4. Once the password is updated make sure you update the keycloak-credentials.yaml secret file KEYCLOAK_PASSWORD to match and reapply it.

   Code Block
   ### Native Kubernetes kubectl apply -f keycloak-credentials.yaml ### OROpenShift oc apply -f keycloak-credentials.yaml

5. Restart the deployment pod only to ensure the password takes effect.

   Code Block
   ### Native Kubernetes kubectl delete pod <keycloak deployment pod> ### OROpenShift ovoc delete pod <keycloak deployment pod>

...

Log into your Postgres pod and access the psql command line

### Native Kubernetes
kubectl exec -it <postgres pod> /bin/bash
bash
psql -U postgres -d postgres

OR### OpenShift
oc rsh <postgres pod>
bash
psql -U postgres -d postgres

...

Apply the secrets change using

### Native Kubernetes
kubectl apply -f postgres/k8s/credentails.yaml

OR### 
OpenShift
oc apply -f postgres/k8s/credentails.yaml

Validate the secrets was updated using

### Native Kubernetes
kubectl get secrets

OR### OpenShift

oc get secrets

Once the change has been applied you will need to restart all dependant pods on this secret in the next section.

...

These pods should no longer be in a CrashLoop state after the restart.

Changing client keys for service authentication

1. From https://DOMAIN_URI/keycloak/auth click the Administration Console and login.

2. On the left hand panel go to Client

   Image Added

    

3. Now click client starting with 0b3a... and head to Credentials, click the Regenerate Secret button and copy the Secret

   Image Added

    

4. In cerebrum/k8s/cerebrum-auth-credentials.yaml

   1. Copy the secret value to OIDC_CLIENT_SECRET

   2. Set ENABLE_AUTH to 'true'

      Code Block
      apiVersion: v1 kind: Secret metadata: name: cerebrum-auth-credentials type: Opaque stringData: KEYCLOAK_AUTH_URL: http://keycloak-internal-gateway-cluster-ip-service/keycloak/auth OIDC_OPENID_REALM: kada OIDC_CLIENT_SECRET: <COPY SECRET HERE> OIDC_CLIENT_ID: 0b3a... ENABLE_AUTH: 'true'

       

5. Repeat the same key generation process [steps 2-4] for the client starting withf6b2....

6. Copy the secret.

7. In solr/k8s/solr-auth-credentials.yaml

   1. Copy the secret value to OIDC_CLIENT_SECRET.

   2. Update KEYCLOAK_AUTH_URL set <REPLACE WITH PROJECT NAMESPACE> to the kubernetes project namespace.

   3. Save.

      Code Block
      apiVersion: v1 kind: Secret metadata: name: solr-auth-credentials type: Opaque stringData: KEYCLOAK_AUTH_URL: http://keycloak-internal-gateway-cluster-ip-service.<REPLACE WITH PROJECT NAMESPACE>.svc.cluster.local/keycloak/auth OIDC_OPENID_REALM: kada OIDC_CLIENT_SECRET: <COPY SECRET HERE> OIDC_CLIENT_ID: f6b2...