Orchestra pods going into crashloopbackoff

[shnigam2]

It has been observed orchestra pods continuously restarting and going into crashloopbackoff state. Please find the logs from orchestra pod

/usr/local/openunison/work/webapp/WEB-INF/lib/*:/usr/local/openunison/work/webapp/WEB-INF/classes:/tmp/quartz
[2023-03-14 08:13:40,680][main] INFO  OpenUnisonOnUndertow - Starting OpenUnison on Undertow 1.0.23-2021053101
[2023-03-14 08:13:40,760][main] INFO  OpenUnisonOnUndertow - Parsing YAML : '/etc/openunison/openunison.yaml'
[2023-03-14 08:13:41,166][main] INFO  OpenUnisonOnUndertow - Config Open Port : '8080'
[2023-03-14 08:13:41,250][main] INFO  OpenUnisonOnUndertow - Disable HTTP2 : 'false'
[2023-03-14 08:13:41,251][main] INFO  OpenUnisonOnUndertow - Allow unescaped characters : 'false'
[2023-03-14 08:13:41,251][main] INFO  OpenUnisonOnUndertow - Config Open External Port : '80'
[2023-03-14 08:13:41,251][main] INFO  OpenUnisonOnUndertow - Config Secure Port : '8443'
[2023-03-14 08:13:41,251][main] INFO  OpenUnisonOnUndertow - Config Secure External Port : '443'
[2023-03-14 08:13:41,252][main] INFO  OpenUnisonOnUndertow - Config Context Root :  '/'
[2023-03-14 08:13:41,252][main] INFO  OpenUnisonOnUndertow - Force to Secure : 'true'
[2023-03-14 08:13:41,252][main] INFO  OpenUnisonOnUndertow - ActiveMQ Directory : '/tmp/amq'
[2023-03-14 08:13:41,252][main] INFO  OpenUnisonOnUndertow - Quartz Directory : '/tmp/quartz'
[2023-03-14 08:13:41,253][main] INFO  OpenUnisonOnUndertow - Config TLS Client Auth Mode : 'none'
[2023-03-14 08:13:41,253][main] INFO  OpenUnisonOnUndertow - Config TLS Allowed Client Subjects : '[]'
[2023-03-14 08:13:41,253][main] INFO  OpenUnisonOnUndertow - Config TLS Protocols : 'null'
[2023-03-14 08:13:41,254][main] INFO  OpenUnisonOnUndertow - Config TLS Ciphers : '[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384]'
[2023-03-14 08:13:41,254][main] INFO  OpenUnisonOnUndertow - Config Path to Deployment : '/usr/local/openunison/work'
[2023-03-14 08:13:41,254][main] INFO  OpenUnisonOnUndertow - Config Path to Environment File : '/etc/openunison/ou.env'
[2023-03-14 08:13:41,254][main] INFO  OpenUnisonOnUndertow - Redirect to contex root : 'false'
[2023-03-14 08:13:41,255][main] INFO  OpenUnisonOnUndertow - Support socket shutdown : false
[2023-03-14 08:13:41,259][main] INFO  OpenUnisonOnUndertow - true
[2023-03-14 08:13:41,259][main] INFO  OpenUnisonOnUndertow - Creating unisonServiceProps
[2023-03-14 08:13:41,269][main] INFO  OpenUnisonOnUndertow - Temporary unisonServiceProps : '/tmp/unisonService16412808887362225966props'
[2023-03-14 08:13:41,362][main] INFO  OpenUnisonOnUndertow - Loading environment file : '/etc/openunison/ou.env'
[2023-03-14 08:13:41,362][main] INFO  OpenUnisonOnUndertow - Adding property : 'SUB_CLAIM'
[2023-03-14 08:13:41,363][main] INFO  OpenUnisonOnUndertow - Adding property : 'EMAIL_CLAIM'
[2023-03-14 08:13:41,363][main] INFO  OpenUnisonOnUndertow - Adding property : 'K8S_SELF_LINK'
[2023-03-14 08:13:41,363][main] INFO  OpenUnisonOnUndertow - Adding property : 'OIDC_IDP_AUTH_URL'
[2023-03-14 08:13:41,363][main] INFO  OpenUnisonOnUndertow - Adding property : 'OU_SVC_NAME'
[2023-03-14 08:13:41,363][main] INFO  OpenUnisonOnUndertow - Adding property : 'OIDC_SCOPES'
[2023-03-14 08:13:41,363][main] INFO  OpenUnisonOnUndertow - Adding property : 'K8S_TOKEN_TYPE'
[2023-03-14 08:13:41,363][main] INFO  OpenUnisonOnUndertow - Adding property : 'OIDC_CLIENT_SECRET'
[2023-03-14 08:13:41,363][main] INFO  OpenUnisonOnUndertow - Adding property : 'K8S_API_HOST'
[2023-03-14 08:13:41,363][main] INFO  OpenUnisonOnUndertow - Adding property : 'OIDC_USER_IN_IDTOKEN'
[2023-03-14 08:13:41,363][main] INFO  OpenUnisonOnUndertow - Adding property : 'OU_HOST'
[2023-03-14 08:13:41,363][main] INFO  OpenUnisonOnUndertow - Adding property : 'OIDC_IDP_TOKEN_URL'
[2023-03-14 08:13:41,363][main] INFO  OpenUnisonOnUndertow - Adding property : 'K8S_IMPERSONATION'
[2023-03-14 08:13:41,364][main] INFO  OpenUnisonOnUndertow - Adding property : 'K8S_DASHBOARD_HOST'
[2023-03-14 08:13:41,364][main] INFO  OpenUnisonOnUndertow - Adding property : 'GIVEN_NAME_CLAIM'
[2023-03-14 08:13:41,364][main] INFO  OpenUnisonOnUndertow - Adding property : 'FAMILY_NAME_CLAIM'
[2023-03-14 08:13:41,364][main] INFO  OpenUnisonOnUndertow - Adding property : 'OIDC_CLIENT_ID'
[2023-03-14 08:13:41,364][main] INFO  OpenUnisonOnUndertow - Adding property : 'MYVD_CONFIG_PATH'
[2023-03-14 08:13:41,364][main] INFO  OpenUnisonOnUndertow - Adding property : 'unisonKeystorePassword'
[2023-03-14 08:13:41,364][main] INFO  OpenUnisonOnUndertow - Adding property : 'OIDC_IDP_USER_URL'
[2023-03-14 08:13:41,364][main] INFO  OpenUnisonOnUndertow - Adding property : 'DISPLAY_NAME_CLAIM'
[2023-03-14 08:13:41,364][main] INFO  OpenUnisonOnUndertow - Adding property : 'K8S_DB_SECRET'
[2023-03-14 08:13:41,364][main] INFO  OpenUnisonOnUndertow - Adding property : 'K8S_DASHBOARD_NAMESPACE'
[2023-03-14 08:13:41,364][main] INFO  OpenUnisonOnUndertow - Adding property : 'OU_QUARTZ_MASK'
[2023-03-14 08:13:41,364][main] INFO  OpenUnisonOnUndertow - Adding property : 'GROUPS_CLAIM'
[2023-03-14 08:13:41,364][main] INFO  OpenUnisonOnUndertow - Adding property : 'K8S_DASHBOARD_SERVICE'
[2023-03-14 08:13:41,365][main] INFO  OpenUnisonOnUndertow - Adding property : 'OIDC_IDP_LIMIT_DOMAIN'
[2023-03-14 08:13:41,365][main] INFO  OpenUnisonOnUndertow - Adding property : 'PROMETHEUS_SERVICE_ACCOUNT'
[2023-03-14 08:13:41,365][main] INFO  OpenUnisonOnUndertow - Adding property : 'K8S_URL'
[2023-03-14 08:13:41,365][main] INFO  OpenUnisonOnUndertow - Adding property : 'SESSION_INACTIVITY_TIMEOUT_SECONDS'
[2023-03-14 08:13:41,365][main] INFO  OpenUnisonOnUndertow - Adding property : 'K8S_CLUSTER_NAME'
[2023-03-14 08:13:41,365][main] INFO  OpenUnisonOnUndertow - Loading keystore for Undertow
[2023-03-14 08:13:41,365][main] INFO  OpenUnisonOnUndertow - OpenUnison XML File : '/usr/local/openunison/work/webapp/WEB-INF/unison.xml'
[2023-03-14 08:13:41,469][main] INFO  OpenUnisonConfigLoader - No config from include files, using original
[2023-03-14 08:13:43,065][main] INFO  OpenUnisonOnUndertow - Loading keystore : '/etc/openunison/unisonKeyStore.p12'
[2023-03-14 08:13:43,065][main] INFO  OpenUnisonOnUndertow - Building Undertow
[2023-03-14 08:13:43,258][main] INFO  OpenUnisonOnUndertow - Check if enabling HTTP2 - false
[2023-03-14 08:13:43,258][main] INFO  OpenUnisonOnUndertow - Enabling HTTP2
[2023-03-14 08:13:43,260][main] INFO  OpenUnisonOnUndertow - Adding open port : '8080'
Exception in thread "main" java.io.IOException: Invalid keystore format
    at java.base/com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:725)
    at java.base/java.security.KeyStore.load(KeyStore.java:1479)
    at com.tremolosecurity.openunison.undertow.OpenUnisonOnUndertow.setupTlsListener(OpenUnisonOnUndertow.java:533)
    at com.tremolosecurity.openunison.undertow.OpenUnisonOnUndertow.main(OpenUnisonOnUndertow.java:280)

[mlbiam]

I think this is the result of recent breaking changes made in OpenJDK with respect to how PKCS12 files are generated and read. You're using a very old (and unsupported) version of openunison. 1.0.23 came out in may 2021, but are running with a much newer version of the operator (which since we patch regularly has the latest openjdk). We're no longer building https://github.com/OpenUnison/openunison-k8s-login-oidc instances publicly since it went end of life at the end of 2022 (after over a year of being supported). Your options are to:

1. Upgrade to the distro represented in this repository. You can install using ArgoCD now using supported instructions - https://openunison.github.io/deployauth/#deploying-with-argocd
2. Build a container from https://github.com/OpenUnison/openunison-k8s-login-oidc, maintaining it on your own
3. Purchase a support contract, and we can negotiate how long we'll continue to maintain the version you are running.

[mlbiam]

no new activity, closing