Unable to get crAPI deployed via k8s

[HakunMatat4]

crAPI works just fine via local docker but fails via k8s.

I think I have spent already half day trying to get crAPI to run on my kubernetes cluster without much success. For every problem I fix, 1o more problems shows up.

1. Storage is broken:

• The volume never mounts because there is no "PersistentVolume"
• It still fails because there is no class

Atm, this is the only way I got both postgress and mongodb up by adding both the PV and storageClassName.

apiVersion: v1
kind: PersistentVolume
metadata:
  name: mongodb-pv
  namespace: crapi
  labels:
    type: local
spec:
  storageClassName: manual
  capacity:
    storage: 3Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/mnt/data"

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mongodb-pv-claim
  namespace: crapi
  labels:
    app: postgresdb
spec:
  storageClassName: manual
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1000Mi

2. crapi-community and crapi-workshop won't start because crapi-identify cannot start due to a lot of other errors. It gets into an eternal loop:

Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.                                                                                                 │
│ 2023-06-09 05:47:55.568 ERROR 9 --- [           main] o.s.boot.SpringApplication               : Application run failed                                                                                           │
│                                                                                                                                                                                                                   │
│ org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'vehicleController': Unsatisfied dependency expressed through field 'vehicleOwnershipService';

│ Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder 'API_GATEWAY_URL' in value "${API_GATEWAY_URL}"                                                                                      │

[HakunMatat4]

EDIT

The key also fails: That -n is expecting the namespace name which is missing.

kubectl create -n secret generic jwt-key-secret --from-file=../keys

The actual key is also missing, running the command above will fail even with the namespace in place, the right way:

kubectl create secret generic jwt-key-secret --from-file=../keys/jwks.json -n crapi

The script needs to be updated

[HakunMatat4]

Found the problem: crAPI/deploy/k8s/base/identity/config

That file is missing some stuff like:

  API_GATEWAY_URL: https://api.crapi.io
  TLS_ENABLED: ${TLS_ENABLED:-false}
  TLS_KEYSTORE_TYPE: PKCS12
  TLS_KEYSTORE: classpath:certs/server.p12
  TLS_KEYSTORE_PASSWORD: passw0rd
  TLS_KEY_PASSWORD: passw0rd
  TLS_KEY_ALIAS: identity

I managed to get it running in my K8S now.crapi-worshop is still failing and the whole process has been very manual. It will be awesome if the team can fix that.

[piyushroshan]

Thank you for identifying the problem. Since we are a community driven project. It would be great if you can contribute to extent you have discovered

[HakunMatat4]

@piyushroshan sure thing, it is running 90% Since crapi-workshop, isn't running, that part is off Once I get it working without ClickOps, I will create a PR for it.

[HakunMatat4]

Found all the missing bits and pieces. crAPI is fully up and running on a kubernetes cluster. Will put everything together.

[HakunMatat4]

@piyushroshan: https://github.com/OWASP/crAPI/pull/208