Checklist
[x ] I have read intro post: About the Installation Issues category
[ x] I have read the tutorials, help and searched for similar issues
[x ] I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
[x ] I describe the steps I have taken to trouble shoot the problem
[ x] I describe the steps on how to reproduce the issue
Hello,
I’ve been trying to deploy passbolt on my kubernetes cluster for several days now. It’s just been set up and has three nodes (one master and three workers). To deploy the passbolt version of kubernetes, i’ve used the following commands:
helm repo add passbolt “https://download.passbolt.com/charts/passbolt”
helm install mypassbolt passbolt/passbolt
After waiting several minutes, during which time I was unable to perform any action, I received the following error message:
Error: INSTALLATION FAILED: failed pre-install: 1 error occurred:
* timed out waiting for the condition
The “kubectl get event” command returns the following output:
9m40s Normal Scheduled pod/mypassbolt8-job-create-gpg-keys-lspf9 Successfully assigned default/mypassbolt88-job-create-gpg-keys-lspf9 to sv-csl-008-b
4m58s Normal Pulled pod/mypassbolt8-job-create-gpg-keys-lspf9 Container image “passbolt/passbolt:4.4.2-1-ce” already present on machine
4m58s Normal Created pod/mypassbolt8-job-create-gpg-keys-lspf9 Created container mypassbolt88-job-create-gpg-keys
4m58s Normal Started pod/mypassbolt8-job-create-gpg-keys-lspf9 Started container mypassbolt88-job-create-gpg-keys
3m31s Warning BackOff pod/mypassbolt8-job-create-gpg-keys-lspf9 Back-off restarting failed container mypassbolt8-job-create-gpg-keys in pod mypassbolt88-job-create-gpg-keys-lspf9_default(c4ec3d9d-0126-4d34-b9e7-32a
I’m an absolute beginner in container management, I’m trying to set up an infrastructure because my company is planning to buy a Passbolt CE license. Do you have any ideas for solving my problem?
Thanks in advance!
Just a reminder that Helm is more of an advanced install method and if you are a beginner with containers it might be a better idea to go with a different install choice. Particularly as you mention you are doing this for a trial and not just for educational purposes.
However if you do want to continue with Helm we’ll need a bit more information here. Could you run a describe on that pod when it is trying to start?
Also are you running this on EKS, GKE, your own hardware, something like kind or minikube, or a different option?
Thank you for your answer.
I’m interrested if you have a more simple way to install passbolt on kubernetes cluster: my main goal is to make it work 
I have set a kubernetes cluster on my own hardware (three servers under Rocky Linux 9). I have installed Kubernetes from scratch.
Here is the result of the describe:
Name: mypassbolt-job-create-gpg-keys-ggxnp
Namespace: default
Priority: 0
Service Account: mypassbolt-sa-create-gpg-keys
Node: sv-csl-008-b/10.1.2.161
Start Time: Mon, 15 Jan 2024 15:29:09 +0100
Labels: app.kubernetes.io/action=create-gpg-keys
app.kubernetes.io/type=job
batch.kubernetes.io/controller-uid=8deb203e-c2d8-4758-adf6-7e755da3d6ed
batch.kubernetes.io/job-name=mypassbolt-job-create-gpg-keys
controller-uid=8deb203e-c2d8-4758-adf6-7e755da3d6ed
job-name=mypassbolt-job-create-gpg-keys
Annotations: cni.projectcalico.org/containerID: 998ff3b748b58c7100d1b79b8f8f88544adeca18161626733d07339e289958aa
cni.projectcalico.org/podIP: 192.168.211.129/32
cni.projectcalico.org/podIPs: 192.168.211.129/32
Status: Running
IP: 192.168.211.129
IPs:
IP: 192.168.211.129
Controlled By: Job/mypassbolt-job-create-gpg-keys
Containers:
mypassbolt-job-create-gpg-keys:
Container ID: containerd://21cf1509f0fe674eced44ab54f754037c2e75aa18bb3ef8e75ab84dfd035c238
Image: passbolt/passbolt:4.4.2-1-ce
Image ID: docker.io/passbolt/passbolt@sha256:d4a957640f93c936bf585c4efe3d5a77b679dece60b996f0c56d9ad09b064ca1
Port: <none>
Host Port: <none>
Command:
/bin/bash
Args:
-c
set -e
key_email="${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com}"
key_name="${PASSBOLT_KEY_NAME:-Passbolt default user}"
key_length="${PASSBOLT_KEY_LENGTH:-3072}"
subkey_length="${PASSBOLT_SUBKEY_LENGTH:-4096}"
expiration="${PASSBOLT_KEY_EXPIRATION:-0}"
su -c "gpg --homedir $GNUPGHOME --batch --no-tty --gen-key <<EOF
Key-Type: default
Key-Length: $key_length
Subkey-Type: default
Subkey-Length: $subkey_length
Name-Real: $key_name
Name-Email: $key_email
Expire-Date: $expiration
%no-protection
%commit
EOF" -ls /bin/bash www-data || \
gpg --homedir $GNUPGHOME --batch --no-tty --gen-key <<EOF
Key-Type: default
Key-Length: $key_length
Subkey-Type: default
Subkey-Length: $subkey_length
Name-Real: $key_name
Name-Email: $key_email
Expire-Date: $expiration
%no-protection
%commit
EOF
PRIVATE_SERVERKEY="$(gpg --homedir $GNUPGHOME --armor --export-secret-keys $key_email | base64 -w0)"
PUBLIC_SERVERKEY="$(gpg --homedir $GNUPGHOME --armor --export $key_email | base64 -w0)"
cd /tmp
cpuArch=${CPU_ARCH:-$(eval "case `uname -m` in 'x86_64') echo 'amd64';;'aarch64') echo 'arm64';;esac")}
kubectlDownload=${KUBECTL_DOWNLOAD_CMD:-'curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${cpuArch}/kubectl"'}
eval $kubectlDownload
chmod +x kubectl
./kubectl patch secret mypassbolt-sec-gpg --type='json' -p='[{"op": "replace", "path" : "/data/serverkey_private.asc", "value" : '"${PRIVATE_SERVERKEY}"'}]'
./kubectl patch secret mypassbolt-sec-gpg --type='json' -p='[{"op": "replace", "path" : "/data/serverkey.asc", "value" : '"${PUBLIC_SERVERKEY}"'}]'
touch /tmp/pod/success
echo "Success"
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 6
Started: Mon, 15 Jan 2024 15:34:08 +0100
Finished: Mon, 15 Jan 2024 15:34:51 +0100
Ready: False
Restart Count: 4
Environment Variables from:
mypassbolt-cm-env ConfigMap Optional: false
mypassbolt-sec-env Secret Optional: false
Environment:
DATASOURCES_DEFAULT_HOST: mypassbolt-mariadb-primary
Mounts:
/tmp/pod from mypassbolt-job-create-gpg-keys-vol-success (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-2lrsr (ro)
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
mypassbolt-job-create-gpg-keys-vol-success:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
kube-api-access-2lrsr:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 6m15s default-scheduler Successfully assigned default/mypassbolt-job-create-gpg-keys-ggxnp to sv-csl-008-b
Normal Pulling 6m14s kubelet Pulling image "passbolt/passbolt:4.4.2-1-ce"
Normal Pulled 5m42s kubelet Successfully pulled image "passbolt/passbolt:4.4.2-1-ce" in 32.495s (32.495s including waiting)
Normal Created 77s (x5 over 5m42s) kubelet Created container mypassbolt-job-create-gpg-keys
Normal Pulled 77s (x4 over 4m53s) kubelet Container image "passbolt/passbolt:4.4.2-1-ce" already present on machine
Normal Started 76s (x5 over 5m42s) kubelet Started container mypassbolt-job-create-gpg-keys
Warning BackOff 7s (x9 over 4m7s) kubelet Back-off restarting failed container mypassbolt-job-create-gpg-keys in pod mypassbolt-job-create-gpg-keys-ggxnp_default(ad1dd605-f413-4d96-975d-aab369dd9370)
I’d suggest not using kubernetes, it isn’t really an easy or beginner friendly way to install. Since you have Rocky we do offer an RPM package which would likely get you up and running quickest here.
Can you grab the logs from this?
Also a thing I have seen before on some set ups is an issue with the pvc so I would check there
Hello and thank you ! I’m sorry for my late answer but i was away from office because of health issue…
I know that kubernetes isn’t the easyest way to install passbolt, but my company want to buy it and to ensure that the front of passbolt will be highly avaible. We already have highly avaiable databases, so my objective is to build an infrastructure that can make the frontend of pasbolt highly avaiable.
Did you find issues with pvc? Or do you know others solutions that can allow me to make pasbolt frontend highly avaible?
Kind regards
Hey, apologies for the delay in getting back to you here. For some kubernetes set ups there can be some issues with PVCs. For example when running a testing cluster I had to enable local path storage
As for other solutions what is your HA requirement? A lot of people say HA but really they mean a DR set up where a few minutes of downtime is fine while failing over to another instance
Hello and thank you for your reply!
I’m writing a new topic on the forum to better describe my project. I want my passbolt instance to be redundant, i.e. with at least two web front-ends and a database cluster.
I’ve abandoned the idea of using Kubernetes for this project because it’s too complex.
