Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission denied in k8s keycloak.conf #31073

Open
Fargus3222 opened this issue Dec 17, 2024 · 2 comments
Open

Permission denied in k8s keycloak.conf #31073

Fargus3222 opened this issue Dec 17, 2024 · 2 comments
Assignees
@carrodher
Labels
keycloak tech-issues The user has a technical issue about an application triage Triage is needed

Comments

@Fargus3222
Copy link

Fargus3222 commented Dec 17, 2024
edited by carrodher
Loading

Name and Version

bitnami/keycloak:latest

What architecture are you using?

Kubernetes in autoscaling cluster on Selectel

What steps will reproduce the bug?

I want to run keycloak in Kubernetes and receive /opt/bitnami/scripts/libkeycloak.sh: line 117: /opt/bitnami/keycloak/conf/keycloak.conf: Permission denied but in docker on my local server everything in okay.

What do you see instead?

keycloak 13:53:17.12 INFO  ==>
keycloak 13:53:17.12 INFO  ==> Welcome to the Bitnami keycloak container
keycloak 13:53:17.12 INFO  ==> Subscribe to project updates by watching https://github.com/bitnami/containers
keycloak 13:53:17.12 INFO  ==> Submit issues and feature requests at https://github.com/bitnami/containers/issues
keycloak 13:53:17.13 INFO  ==> Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit https://bitnami.com/enterprise
keycloak 13:53:17.13 INFO  ==>
keycloak 13:53:17.13 INFO  ==> ** Starting keycloak setup **
keycloak 13:53:17.15 INFO  ==> Validating settings in KEYCLOAK_* env vars...
keycloak 13:53:17.16 INFO  ==> Trying to connect to PostgreSQL server postgres.postgres.svc...
keycloak 13:53:17.17 INFO  ==> Found PostgreSQL server listening at postgres.postgres.svc:5432
keycloak 13:53:17.17 INFO  ==> Configuring database settings
/opt/bitnami/scripts/libkeycloak.sh: line 117: /opt/bitnami/keycloak/conf/keycloak.conf: Permission denied

Additional information

I deploy in Deployment without statefulset
@Fargus3222 Fargus3222 added the tech-issues The user has a technical issue about an application label Dec 17, 2024
@github-actions github-actions bot added the triage Triage is needed label Dec 17, 2024
@carrodher
Copy link
Member

Bitnami containers are designed to operate as non-root by default. Consequently, any files or directories used by the application should be owned by the root group, as the random user (1001 by default) is a member of this root group. To ensure proper permissions, you'll need to adjust the ownership of your local directory accordingly.

For more comprehensive information about non-root containers and their significance for security, you can explore the following resources:

These references provide valuable insights into the best practices and considerations when working with non-root containers in Bitnami applications.

@Fargus3222
Copy link
Author

Fargus3222 commented Dec 17, 2024
edited
Loading

My Deployment run with out forwarding /opt/bitnami/keycloak/conf/keycloak.conf both in kubernetes and docker

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@carrodher carrodher

Labels
keycloak tech-issues The user has a technical issue about an application triage Triage is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@carrodher @Fargus3222