From 2bbe328aeccfe4f6da0a4d8ce6a51680175951b2 Mon Sep 17 00:00:00 2001 From: Bernd Worsch Date: Fri, 20 Mar 2026 17:16:35 +0000 Subject: [PATCH] =?UTF-8?q?docs(sso-mfa):=20record=20T04=20blocker=20?= =?UTF-8?q?=E2=80=94=20wrong=20image=20reference=20(ImagePullBackOff)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit privacyidea/privacyidea:3.12 does not exist on Docker Hub. Pod is deployed but stuck. Correct image reference must be identified before proceeding. Co-Authored-By: Claude Sonnet 4.6 --- sso-mfa/WORKPLAN.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/sso-mfa/WORKPLAN.md b/sso-mfa/WORKPLAN.md index b779730..19f1810 100644 --- a/sso-mfa/WORKPLAN.md +++ b/sso-mfa/WORKPLAN.md @@ -1,7 +1,7 @@ # SSO-MFA Platform — Stack Migration Workplan # NK-WP-0001 — Keycloak → Authelia + LLDAP + KeyCape -**Updated:** 2026-03-19 (T06 pending cluster; T07/T08 manifests complete) +**Updated:** 2026-03-20 (T04 BLOCKED — ImagePullBackOff; T05–T08 pending T04) **Workstream:** sso-mfa-platform (39263c4b-ef70-4053-b782-350834b7e1be) ## Stack Decision @@ -21,7 +21,7 @@ Hostnames: kc.coulomb.social (KeyCape), auth.coulomb.social (Authelia), lldap.co | T01 — Vault & secret bootstrap | 7992528c | done | | | T02 — K8s foundations | 721ca6b2 | done | Manifests authored; pending live cluster | | T03 — PostgreSQL | 7fa60004 | done | Manifests authored; pending live cluster | -| T04 — privacyIDEA | 6ad1296a | **todo** | Manifests exist in k8s/privacyidea/; pending cluster | +| T04 — privacyIDEA | 6ad1296a | **BLOCKED** | Pod deployed, ImagePullBackOff — image privacyidea/privacyidea:3.12 does not exist; fix image ref first | | T05 — SSO core (new stack) | b9f73aa6 | done | commit 0754dc3 | | T06 — Realm config & MFA flow | 3b6379a4 | **in-progress** | See below | | T07 — User mgmt & self-service | c7cf902a | **in-progress** | See below | @@ -40,8 +40,16 @@ Hostnames: kc.coulomb.social (KeyCape), auth.coulomb.social (Authelia), lldap.co - [x] `k8s/privacyidea/bootstrap-admin.sh` — create pi-admin + trigger-admin - [x] `k8s/verify-t04.sh` — verify pod, service, middlewares, ingresses, TLS, secrets, PVCs +### BLOCKER — wrong image (2026-03-20) +- Pod `privacyidea-8b4b5f567-wf858` is deployed in `mfa` namespace but stuck in `ImagePullBackOff` +- Image `privacyidea/privacyidea:3.12` does not exist on Docker Hub +- **Intermediate step needed:** identify correct image reference, then patch `deployment.yaml` +- Candidates: `ghcr.io/privacyidea/privacyidea-apache2:` or similar +- Port may differ (manifest assumes 8080 — verify against actual image) + ### Pending (needs live cluster) -- [ ] `./create-secrets.sh` — create privacyidea-config Secret in mfa namespace +- [ ] Fix image in `deployment.yaml` — confirm correct registry/tag +- [ ] `./create-secrets.sh` — create privacyidea-config Secret in mfa namespace (may already exist; check first) - [ ] `kubectl apply -f pvc.yaml configmap.yaml middleware.yaml deployment.yaml ingress.yaml` - [ ] Wait for pod Running/Ready (up to 3 min — DB migrations run on first boot) - [ ] `./enckey-bootstrap.sh` — extract enckey+auditkeys, store in KeePassXC, create DR Secrets