generated from coulomb/repo-seed
fix(privacyidea): add PI_ADDRESS/PI_PORT; switch readiness probe to tcpSocket
gpappsoft entrypoint requires PI_ADDRESS and PI_PORT env vars to build the gunicorn bind argument. Without them the container crashes immediately. /token/ returns 401 for unauthenticated GET requests so the httpGet readiness probe was permanently failing. Switch to tcpSocket to match the startup and liveness probes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -70,6 +70,11 @@ spec:
|
|||||||
env:
|
env:
|
||||||
- name: PRIVACYIDEA_CONFIGFILE
|
- name: PRIVACYIDEA_CONFIGFILE
|
||||||
value: /etc/privacyidea/pi.cfg
|
value: /etc/privacyidea/pi.cfg
|
||||||
|
# gpappsoft entrypoint passes these to gunicorn as the bind address/port.
|
||||||
|
- name: PI_ADDRESS
|
||||||
|
value: "0.0.0.0"
|
||||||
|
- name: PI_PORT
|
||||||
|
value: "8080"
|
||||||
# Sensitive values from Secret (PI_SECRET_KEY, PI_PEPPER, PI_SQLALCHEMY_DATABASE_URI)
|
# Sensitive values from Secret (PI_SECRET_KEY, PI_PEPPER, PI_SQLALCHEMY_DATABASE_URI)
|
||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
@@ -104,8 +109,9 @@ spec:
|
|||||||
periodSeconds: 15
|
periodSeconds: 15
|
||||||
failureThreshold: 3
|
failureThreshold: 3
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
httpGet:
|
# /token/ returns 401 for unauthenticated GET; use tcpSocket instead.
|
||||||
path: /token/
|
# Switch to httpGet /healthz or similar once confirmed in the image.
|
||||||
|
tcpSocket:
|
||||||
port: 8080
|
port: 8080
|
||||||
initialDelaySeconds: 0
|
initialDelaySeconds: 0
|
||||||
periodSeconds: 10
|
periodSeconds: 10
|
||||||
|
|||||||
Reference in New Issue
Block a user