bianchi2
commented
3 months ago @knutejohKLP thanks for raising this one. Indeed, adding chmod looks like the right thing to do, but you can also override this init container cmd in your Helm values.
Closed knutejohKLP closed 2 months ago
bianchi2
commented
3 months ago @knutejohKLP thanks for raising this one. Indeed, adding chmod looks like the right thing to do, but you can also override this init container cmd in your Helm values.
knutejohKLP
commented
3 months ago @bianchi2 Yes, we are currently using bitbucket.additionalCertificates.customCmd to get it working, but it would be great if the default settings worked for both official bitbucket images. I guess you would want to migrate users to the java17 based image going forward, and I suspect a lot of users running bitbucket onprem have their own ca certificates and would need to add them to the bitbucket ca store, and migrating is more smooth without the need to add a custom command to fix this issue :)
Suggestion
When using the ubi9-jdk17 image of Bitbucket 8.19.0, the import-cert script fails as the copied cacerts store only has read permission set for owner and group. Because of this, the keytool import statement in the script fails with permission denied as it cannot write to the cacerts file. On the ubuntu-jdk11 image this does not fail as the file has read/write for the owner. I have not tested with other versions of bitbucket.
Adding 'chmod 664 /var/ssl/cacerts;' after the filecopy of the cacerts file fixes the issue.
Product
Bitbucket
Code of Conduct