coulomb/net-kingdom
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(sso-mfa): record T04 blocker — wrong image reference (ImagePullBackOff)

Browse Source 
privacyidea/privacyidea:3.12 does not exist on Docker Hub. Pod is deployed
but stuck. Correct image reference must be identified before proceeding.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Bernd Worsch
2026-03-20 17:16:35 +00:00
parent bee0936d5d
commit 2bbe328aec
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
sso-mfa/WORKPLAN.md
View File

@@ -1,7 +1,7 @@
# SSO-MFA Platform — Stack Migration Workplan
# NK-WP-0001 — Keycloak → Authelia + LLDAP + KeyCape
**Updated:** 2026-03-19 (T06 pending cluster; T07/T08 manifests complete)
**Updated:** 2026-03-20 (T04 BLOCKED — ImagePullBackOff; T05T08 pending T04)
**Workstream:** sso-mfa-platform (39263c4b-ef70-4053-b782-350834b7e1be)
## Stack Decision
@@ -21,7 +21,7 @@ Hostnames: kc.coulomb.social (KeyCape), auth.coulomb.social (Authelia), lldap.co
| T01 — Vault & secret bootstrap | 7992528c | done | |
| T02 — K8s foundations | 721ca6b2 | done | Manifests authored; pending live cluster |
| T03 — PostgreSQL | 7fa60004 | done | Manifests authored; pending live cluster |
| T04 — privacyIDEA | 6ad1296a | **todo** | Manifests exist in k8s/privacyidea/; pending cluster |
| T04 — privacyIDEA | 6ad1296a | **BLOCKED** | Pod deployed, ImagePullBackOff — image privacyidea/privacyidea:3.12 does not exist; fix image ref first |
| T05 — SSO core (new stack) | b9f73aa6 | done | commit 0754dc3 |
| T06 — Realm config & MFA flow | 3b6379a4 | **in-progress** | See below |
| T07 — User mgmt & self-service | c7cf902a | **in-progress** | See below |
@@ -40,8 +40,16 @@ Hostnames: kc.coulomb.social (KeyCape), auth.coulomb.social (Authelia), lldap.co
- [x] `k8s/privacyidea/bootstrap-admin.sh` — create pi-admin + trigger-admin
- [x] `k8s/verify-t04.sh` — verify pod, service, middlewares, ingresses, TLS, secrets, PVCs
### BLOCKER — wrong image (2026-03-20)
- Pod `privacyidea-8b4b5f567-wf858` is deployed in `mfa` namespace but stuck in `ImagePullBackOff`
- Image `privacyidea/privacyidea:3.12` does not exist on Docker Hub
- **Intermediate step needed:** identify correct image reference, then patch `deployment.yaml`
- Candidates: `ghcr.io/privacyidea/privacyidea-apache2:<tag>` or similar
- Port may differ (manifest assumes 8080 — verify against actual image)
### Pending (needs live cluster)
- [ ] `./create-secrets.sh` — create privacyidea-config Secret in mfa namespace
- [ ] Fix image in `deployment.yaml` — confirm correct registry/tag
- [ ] `./create-secrets.sh` — create privacyidea-config Secret in mfa namespace (may already exist; check first)
- [ ] `kubectl apply -f pvc.yaml configmap.yaml middleware.yaml deployment.yaml ingress.yaml`
- [ ] Wait for pod Running/Ready (up to 3 min — DB migrations run on first boot)
- [ ] `./enckey-bootstrap.sh` — extract enckey+auditkeys, store in KeePassXC, create DR Secrets