generated from coulomb/repo-seed
fix(sso-mfa): NK-WP-0003-T04 — correct privacyIDEA image and port
privacyidea/privacyidea:3.12 does not exist on Docker Hub. Correct image: privacyidea/otpserver:3.12.2 (port 5001). Updated files: - deployment.yaml: image, containerPort, probes, service port - ingress.yaml: backend service port - netpol-mfa.yaml: ingress port + keycloak → keycape label - netpol-sso.yaml: KeyCape egress port to privacyIDEA Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -10,13 +10,8 @@
|
||||
# 5. enckey-bootstrap.sh — extract enckey + audit keys, create DR Secrets
|
||||
# 6. bootstrap-admin.sh — create pi-admin (+ MFA enrolment) and trigger-admin
|
||||
#
|
||||
# Container port: 8080.
|
||||
# The official privacyidea/privacyidea image uses nginx internally.
|
||||
# If the image you pull listens on port 80 instead of 8080:
|
||||
# - Change containerPort below to 80
|
||||
# - Change the Service targetPort to 80
|
||||
# - Update sso-mfa/k8s/network-policies/netpol-mfa.yaml ports to 80
|
||||
# - Reapply both files
|
||||
# Container port: 5001.
|
||||
# privacyidea/otpserver listens on port 5001 internally.
|
||||
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
@@ -58,13 +53,14 @@ spec:
|
||||
containers:
|
||||
- name: privacyidea
|
||||
# Pin to a specific release; update via image update policy.
|
||||
# Check https://hub.docker.com/r/privacyidea/privacyidea for latest stable.
|
||||
image: privacyidea/privacyidea:3.12
|
||||
# Official image: https://hub.docker.com/r/privacyidea/otpserver
|
||||
# privacyidea/privacyidea:3.12 does not exist — correct repo is otpserver.
|
||||
image: privacyidea/otpserver:3.12.2
|
||||
imagePullPolicy: IfNotPresent
|
||||
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
containerPort: 5001
|
||||
protocol: TCP
|
||||
|
||||
# ── Environment — sensitive values from Secret ──────────────────
|
||||
@@ -90,20 +86,20 @@ spec:
|
||||
# Startup probe: give PI up to 3 min to run DB migrations on first boot.
|
||||
startupProbe:
|
||||
tcpSocket:
|
||||
port: 8080
|
||||
port: 5001
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 10
|
||||
failureThreshold: 18 # 18 × 10s = 3 min
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: 8080
|
||||
port: 5001
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 15
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /token/
|
||||
port: 8080
|
||||
port: 5001
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 10
|
||||
failureThreshold: 3
|
||||
@@ -147,6 +143,6 @@ spec:
|
||||
app.kubernetes.io/name: privacyidea
|
||||
ports:
|
||||
- name: http
|
||||
port: 8080
|
||||
targetPort: 8080
|
||||
port: 5001
|
||||
targetPort: 5001
|
||||
protocol: TCP
|
||||
|
||||
Reference in New Issue
Block a user