Comments (3)
There are three possible solutions:
- As a cluster operator, use Istio CNI instead of Istio init containers (Istio CNI documentation)
- Use Istio version 1.1.3 or higher (1.1.3 includes a fix for this)
- Change the Keycloak Helm chart so that
securityContext
is only defined on the main container instead of defining it on the top levelspec
. Defining it on the top levelspec
results in injected containers of Istio inherting the security context configuration, thus causing this issue.
from helm-charts.
- As a cluster operator, use Istio CNI instead of Istio init containers (Istio CNI documentation)
Thanks for the tip.. This worked like a charm, and the "problem" gone "global". This is the solution
- Use Istio version 1.1.3 or higher (1.1.3 includes a fix for this)
I was using 1.1.4
, in the version that failed. I upgraded to 1.1.6
and enabled cni at the same time, so I'm not sure if 1.1.6
contains a fix or not..
- Change the Keycloak Helm chart so that
securityContext
is only defined on the main container instead of defining it on the top levelspec
. Defining it on the top levelspec
results in injected containers of Istio inherting the security context configuration, thus causing this issue.
A best practice
might be to set it on the container-level, but then fsGroup
coulnt be used. Looks like keycloak starts fine without, but not sure if there are any other bugs related.
from helm-charts.
I was using
1.1.4
, in the version that failed. I upgraded to1.1.6
and enabled cni at the same time, so I'm not sure if1.1.6
contains a fix or not..
I tested the Keycloak chart using 1.1.6
and didn't encouter any issues regarding the init containers. I didn't test 1.1.3
myself but atleast the changelog says that it fixed the issue by explicitly setting the securityContext.runAsUser
to 0
(i.e. root) for istio-init
.
A
best practice
might be to set it on the container-level, but thenfsGroup
coulnt be used. Looks like keycloak starts fine without, but not sure if there are any other bugs related.
fsGroup
could still be used on PodSpecification
, it does not interfere with istio-init
. I'll work on a PR to support Istio 1.0.x.
from helm-charts.
Related Issues (20)
- Is this repo still being maintained? HOT 2
- Support extraVolumeMounts and extraVolumes for deployment in templates HOT 2
- SHA1 support has been removed from JDK 9 onwards. Need to have option to support SHA1 algorithm. HOT 2
- Defaults for container memory limit HOT 1
- PVCs for postgres HOT 1
- Upgrading from 24.0.3 with the keycloakx helm chart to 25.0.0 fails HOT 15
- Running helm package fails HOT 1
- proxy definition is deprecated after updating image to 24.0.3. The proxy-headers should be used instead. HOT 1
- Release of keycloakx version 25 HOT 1
- Updating Image to 25.0.X results in CrashLoop using KeycloakX Chart HOT 7
- Keycloak.X version: 2.4.1 admin console somethingWentWrong HOT 4
- Keycloak 25.0.0 Helm Chart deployment -> CrashLoop HOT 7
- Regrouping issue about the last helm keycloakx chart release
- Metrics Endpoint appears to be broken in Keycloakx 2.4.2 Chart
- Keycloakx 25.0.1 crashloop without any message HOT 1
- KeycloakX 2.4.3 - ServiceMonitor template is broken
- Reverse Proxy behind the keycloak.
- Keycloak 25.0.0 codecentric helm charts - Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure resource '<URL>'. HOT 2
- keycloakx Mariadb Support
- Keycloak-x: How to block console (/auth) access on default ingress? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm-charts.