fix(privacyidea): correct image to ghcr.io/gpappsoft, port 5001→8080

privacyidea/privacyidea:3.12 and privacyidea/otpserver:3.12.2 do not
exist on Docker Hub. Correct image is ghcr.io/gpappsoft/privacyidea-docker:3.12.2
which listens on port 8080.

Update all port references: deployment, service, ingress, netpol-mfa,
netpol-sso (keycape→privacyIDEA egress rule).

Also: creds-bootstrap-agent.sh — restart privacyIDEA deployment after
applying new secrets so the pod picks up updated env vars.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-03-21 09:37:38 +00:00
parent bcae4bc6dd
commit bececac7b8
5 changed files with 31 additions and 21 deletions

View File

@@ -188,8 +188,17 @@ if [[ "$DRY_RUN" == false ]]; then
fi
done
[[ "$ALL_OK" == true ]] || die "One or more required secrets are missing — check creds-apply output above"
# Restart privacyIDEA if the deployment exists, so it picks up the newly
# generated secrets. Without this, a running pod would have stale env vars.
if kubectl get deployment privacyidea -n mfa &>/dev/null 2>&1; then
log "restarting privacyIDEA deployment to pick up new secrets..."
kubectl rollout restart deployment/privacyidea -n mfa
ok "privacyIDEA restart triggered"
fi
else
echo " [dry-run] would verify K8s secrets"
echo " [dry-run] would restart privacyIDEA if deployment exists"
fi
# ── Phase 5: Post-apply bootstrap — wait for privacyIDEA ──────────────────────