It is possible to run FreeIPA in a Kubernetes cluster as a Pod? If Yes. It is a good idea?
I'm new in Kubernetes. I'm currently running FreeIPA as a docker container and it's working very well. The problem in K8s is, there's no fix IP address and the privileged permission could be a problem.
Jay Smith via FreeIPA-users wrote:
It is possible to run FreeIPA in a Kubernetes cluster as a Pod? If Yes. It is a good idea?
I'm new in Kubernetes. I'm currently running FreeIPA as a docker container and it's working very well. The problem in K8s is, there's no fix IP address and the privileged permission could be a problem.
Take a look at https://github.com/freeipa/freeipa-container/issues/529
rob
That's my approach for a deployment in kubernetes but the container doesn't start at all. I try to get it running in a KinD.
apiVersion: apps/v1 kind: Deployment metadata: name: freeipa-server spec: selector: matchLabels: app: freeipa template: metadata: labels: app: freeipa spec: containers: - name: freeipa image: freeipa/freeipa-server:fedora-38-4.10.2 securityContext: privileged: true allowPrivilegeEscalation: true env: - name: IPA_SERVER_HOSTNAME value: myhost.freeipa - name: IPA_SERVER_IP value: "" args: - -U - --unattended
But I don't get any logs or other information:
Name: freeipa-server-7d995b9c7c-nxwf5 Namespace: default Priority: 0 Service Account: default Node: meerstack-worker/172.19.0.3 Start Time: Fri, 27 Oct 2023 19:32:17 +0000 Labels: app=freeipa pod-template-hash=7d995b9c7c Annotations: <none> Status: Running IP: 10.244.1.10 IPs: IP: 10.244.1.10 Controlled By: ReplicaSet/freeipa-server-7d995b9c7c Containers: freeipa: Container ID: containerd://7eb82d668bd0f124004ceb4307db64f9cb39ff09bc9d3cae2174edcb898a6827 Image: freeipa/freeipa-server:fedora-38-4.10.2 Image ID: docker.io/freeipa/freeipa-server@sha256:12e7763a5e6f29ca893e698c23f632af478c2cee472786d89606fd011338c3a9 Port: <none> Host Port: <none> Args: -U --unattended State: Waiting Reason: CrashLoopBackOff Last State: Terminated Reason: Error Exit Code: 123 Started: Fri, 27 Oct 2023 19:35:20 +0000 Finished: Fri, 27 Oct 2023 19:35:22 +0000 Ready: False Restart Count: 5 Environment: IPA_SERVER_HOSTNAME: myhost.freeipa IPA_SERVER_IP: Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-x84ww (ro) Conditions: Type Status Initialized True Ready False ContainersReady False PodScheduled True Volumes: kube-api-access-x84ww: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: <nil> DownwardAPI: true QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 3m29s default-scheduler Successfully assigned default/freeipa-server-7d995b9c7c-nxwf5 to meerstack-worker Normal Pulled 117s (x5 over 3m29s) kubelet Container image "freeipa/freeipa-server:fedora-38-4.10.2" already present on machine Normal Created 117s (x5 over 3m29s) kubelet Created container freeipa Normal Started 117s (x5 over 3m29s) kubelet Started container freeipa Warning BackOff 79s (x10 over 3m24s) kubelet Back-off restarting failed container freeipa in pod freeipa-server-7d995b9c7c-nxwf5_default(68f5147e-7966-46e1-8e69-a137e1737a60)
freeipa-users@lists.fedorahosted.org