Failed to deploy Jfrog artifactory on IBM kubernetes cluster (pv enabled and using ibm block storage)

12/24/2019

I am trying to deploy artifactory on IKS cluster with persistence volume as "true". We are using IBM block storage for that. But for some reason or another we are not able to identify why it fails to deploy when persistence volume is enabled for Postgres(sub chart).

Error: (Postgres pod)

Role "artifactory" does not exist.
Connection matched pg_hba.conf line 1: "host all all 0.0.0.0/0 md5"
FATAL: password authentication failed for user "artifactory"
DETAIL: Role "artifactory" does not exist.

Artifactory pod

2019-12-20 23:10:00 [ARTIFACTORY] [INFO ] master.key file currently missing - waiting for Access to create it. Reattempting to check master.key file existence in 1 second.
2019-12-20 23:10:01 [ARTIFACTORY] [INFO ] master.key file currently missing - waiting for Access to create it. Reattempting to check master.key file existence in 1 second.
2019-12-20 23:10:02 [ARTIFACTORY] [INFO ] master.key file currently missing - waiting for Access to create it. Reattempting to check master.key file existence in 1 second.
Dec 20, 2019 11:10:02 PM org.apache.tomcat.jdbc.pool.ConnectionPool init
SEVERE: Unable to create initial connections of pool.`
org.postgresql.util.PSQLException: FATAL: password authentication failed for user "artifactory"
    at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:443)
    at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:217)
    at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:52)
    at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:216)
    at org.postgresql.Driver.makeConnection(Driver.java:404)

What all I have tried:

  • Removed the release
  • Removed the PVC
  • Redeploy
  • Hardcoded the postgres password
  • Verified password on artifactory and postgres container matches

Original charts that I am using from: charts.jfrog.io

Version: 8.2.4 (artifactory-8.2.4.tgz)

Below are the contents what I have modified to overcome the artifactory issue on IBM block storage and issue related to postgre initdb container.(All changes I have made are related to permissions only). After that no progress on it.

In artifactory values.yaml

Nginx

nginx:
  enabled: false

(This is to over permission issue when persistence volume in enabled)

Add custom init containers

    customInitContainers: |
    - name: "prepare-storage"
      image: "{{ .Values.initContainerImage }}"
      imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
      securityContext:
         runAsUser: 0
      command:
        - 'sh'
        - '-c'
      args:
        - chown -R {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} {{ .Values.artifactory.persistence.mountPath }}
      volumeMounts:
        - mountPath: "{{ .Values.artifactory.persistence.mountPath }}"

In postgres folder statefulset.yaml (to over initdb container user issue - using 1001 id)

initContainers:
        - name: init-chmod-data
          image: {{ template "postgresql.volumePermissions.image" . }}
          imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}"
          {{- if .Values.resources }}
          resources: {{- toYaml .Values.resources | nindent 12 }}
          {{- end }}
          command:
            - /bin/sh
            - -c
            - |
              mkdir -p {{ .Values.persistence.mountPath }}/data
              find {{ .Values.persistence.mountPath }} -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs chown -R 1001:1001
              chmod 700 {{ .Values.persistence.mountPath }}/data
          securityContext:
            runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}

Please share your valuable input on this problem or can suggest a workaround. We want to use persistence volume and the block storage.

Thank You

-- akashpatel
artifactory
bitnami
kubernetes
kubernetes-helm
postgresql

0 Answers