fix(privacyidea): override PRIVACYIDEA_CONFIGFILE to use mounted pi.cfg

gpappsoft image sets PRIVACYIDEA_CONFIGFILE=/privacyidea/etc/pi.cfg internally, causing it to ignore our mounted configmap at /etc/privacyidea/pi.cfg and fall back to SQLite. Override the env var so the entrypoint reads our pi.cfg, which points to PostgreSQL via PI_SQLALCHEMY_DATABASE_URI from the secret. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-21 09:43:35 +00:00
parent bececac7b8
commit 9587d14803
1 changed files with 7 additions and 1 deletions
--- a/sso-mfa/k8s/privacyidea/deployment.yaml
+++ b/sso-mfa/k8s/privacyidea/deployment.yaml
@@ -64,7 +64,13 @@ spec:
              containerPort: 8080
              protocol: TCP

-          # ── Environment — sensitive values from Secret ──────────────────
+          # ── Environment ─────────────────────────────────────────────────
+          # Tell gpappsoft entrypoint to use our mounted pi.cfg instead of
+          # the image's built-in /privacyidea/etc/pi.cfg.
+          env:
+            - name: PRIVACYIDEA_CONFIGFILE
+              value: /etc/privacyidea/pi.cfg
+          # Sensitive values from Secret (PI_SECRET_KEY, PI_PEPPER, PI_SQLALCHEMY_DATABASE_URI)
          envFrom:
            - secretRef:
                name: privacyidea-config