During installation using helm chart glue deploys opendj with no exceptions. gluu-oxauth can't connect to it just dropping excetptions: ``` WARNING - pygluu.containerlib.wait - 2020-06-07 09:43:47,747 - LDAP is not ready; reason=LDAP is not fully initialized; retrying in 10.0 seconds WARNING - pygluu.containerlib.wait - 2020-06-07 09:43:58,522 - LDAP is not ready; reason=LDAP is not fully initialized; retrying in 10.0 seconds WARNING - pygluu.containerlib.wait - 2020-06-07 09:44:09,181 - LDAP is not ready; reason=LDAP is not fully initialized; retrying in 10.0 seconds ``` So gluu-oxtrust-0 can't start due to this problem Installation on GKE cluster v1.14.10-gke.36 with helm chart provided from latest pygluu-kubernetes-linux.pyz package. here the values file ``` #global values to be used across charts global: # cloud.enabled specifies whether it's cloud deployment or not cloud: enabled: true awsLocalStorage: false # microk8s.io/hostpath, k8s.io/minikube-hostpath, kubernetes.io/aws-ebs provisioner: kubernetes.io/gce-pd pool: default fsType: ext4 gcePdStorageType: pd-standard azureStorageAccountType: Standard_LRS azureStorageKind: Managed reclaimPolicy: Retain nginxNamespace: ingress #service names to be used globally/by other charts oxAuthServiceName: oxauth oxTrustServiceName: oxtrust ldapServiceName: opendj # Networking configs nginxIp: "35.197.246.84" # SHOULD BE CHANGED FOR CLOUD domain: gluu.dev.vermietet.de # specify if the domain above is registered or not. isDomainRegistered: "true" # "true" or "false" lbAddr: "" # axx-109xx52.us-west-2.elb.amazonaws.com gluuLdapUrl: opendj:1636 gluuOxtrustBackend: oxtrust:8080 gluuOxauthBackend: oxauth:8080 gluuOxdServerUrl: oxd-server:8443 # If REDIS is the Cache Type gluuRedisUrl: redis:6379 gluuRedisUseSsl: "false" gluuRedisType: STANDALONE gluuRedisSslTruststore: "" gluuRedisSentinelGroup: "" gluuMaxRamPercent: "75.0" configAdapterName: kubernetes configSecretAdapter: kubernetes #persistence types and options # options: ldap/couchbase/hybrid gluuPersistenceType: ldap # options REDIS/NATIVE_PERSISTENCE gluuCacheType: NATIVE_PERSISTENCE # options: default/user/site/cache/statistic # used only if GLUU_PERSISTENCE_TYPE is ldap or hybrid gluuPersistenceLdapMapping: default # used only if GLUU_PERSISTENCE_TYPE is couchbase or hybrid # NOTE: For the CB instalation please check the documentation gluuCouchbaseCrt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlakNDQW1LZ0F3SUJBZ0lKQUwyem5UWlREUHFNTUEwR0NTcUdTSWIzRFFFQkN3VUFNQzB4S3pBcEJnTlYKQkFNTUlpb3VZMkpuYkhWMUxtUmxabUYxYkhRdWMzWmpMbU5zZFhOMFpYSXViRzlqWVd3d0hoY05NakF3TWpBMQpNRGt4T1RVeFdoY05NekF3TWpBeU1Ea3hPVFV4V2pBdE1Tc3dLUVlEVlFRRERDSXFMbU5pWjJ4MWRTNWtaV1poCmRXeDBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUIKQ2dLQ0FRRUFycmQ5T3lvSnRsVzhnNW5nWlJtL2FKWjJ2eUtubGU3dVFIUEw4Q2RJa1RNdjB0eHZhR1B5UkNQQgo3RE00RTFkLzhMaU5takdZZk41QjZjWjlRUmNCaG1VNmFyUDRKZUZ3c0x0cTFGT3MxaDlmWGo3d3NzcTYrYmlkCjV6Umw3UEE0YmdvOXVkUVRzU1UrWDJUUVRDc0dxVVVPWExrZ3NCMjI0RDNsdkFCbmZOeHcvYnFQa2ZCQTFxVzYKVXpxellMdHN6WE5GY0dQMFhtU3c4WjJuaFhhUGlva2pPT2dyMkMrbVFZK0htQ2xGUWRpd2g2ZjBYR0V0STMrKwoyMStTejdXRkF6RlFBVUp2MHIvZnk4TDRXZzh1YysvalgwTGQrc2NoQTlNQjh3YmJORUp2ZjNMOGZ5QjZ0cTd2CjF4b0FnL0g0S1dJaHdqSEN0dFVnWU1oU0xWV3UrUUlEQVFBQm80R2NNSUdaTUIwR0ExVWREZ1FXQkJTWmQxWU0KVGNIRVZjSENNUmp6ejczZitEVmxxREJkQmdOVkhTTUVWakJVZ0JTWmQxWU1UY0hFVmNIQ01Sanp6NzNmK0RWbApxS0V4cEM4d0xURXJNQ2tHQTFVRUF3d2lLaTVqWW1kc2RYVXVaR1ZtWVhWc2RDNXpkbU11WTJ4MWMzUmxjaTVzCmIyTmhiSUlKQUwyem5UWlREUHFNTUF3R0ExVWRFd1FGTUFNQkFmOHdDd1lEVlIwUEJBUURBZ0VHTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQk9meTVWSHlKZCtWUTBXaUQ1aSs2cmhidGNpSmtFN0YwWVVVZnJ6UFN2YWVFWQp2NElVWStWOC9UNnE4Mk9vVWU1eCtvS2dzbFBsL01nZEg2SW9CRnVtaUFqek14RTdUYUhHcXJ5dk13Qk5IKzB5CnhadG9mSnFXQzhGeUlwTVFHTEs0RVBGd3VHRlJnazZMRGR2ZEN5NVdxWW1MQWdBZVh5VWNaNnlHYkdMTjRPUDUKZTFiaEFiLzRXWXRxRHVydFJrWjNEejlZcis4VWNCVTRLT005OHBZN05aaXFmKzlCZVkvOEhZaVQ2Q0RRWWgyTgoyK0VWRFBHcFE4UkVsRThhN1ZLL29MemlOaXFyRjllNDV1OU1KdjM1ZktmNUJjK2FKdWduTGcwaUZUYmNaT1prCkpuYkUvUENIUDZFWmxLaEFiZUdnendtS1dDbTZTL3g0TklRK2JtMmoKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= gluuCouchbasePass: P@ssw0rd # gluuCouchbaseUrl is the couchbase service name gluuCouchbaseUrl: couchbase-couchbase-cluster.gluu.svc.cluster.local gluuCouchbaseUser: Administrator # gluuCouchbasePassFile is the location of password file. Should be named `couchbase_password` containing only password file gluuCouchbasePassFile: /etc/gluu/conf/couchbase_password # gluuCouchbaseCertFile location of gluuCouchbaseCertFile: /etc/certs/couchbase.crt # Enable installation of services oxauth: enabled: true config: enabled: true persistence: enabled: false oxtrust: enabled: true opendj: enabled: true oxshibboleth: enabled: false efs-provisioner: enabled: false oxd-server: enabled: false # redis should be enabled only when cacheType is REDIS redis: enabled: false nginx: enabled: true key-rotation: enabled: false nfs: enabled: false shared-shib: enabled: true cr-rotate: enabled: false #efs-provisioner used for creating shared file system in AWS efs-provisioner: efsProvisioner: # If specified, use this DNS or IP to connect the EFS dnsName: "" # fs-xxxxxx.efs.us-east-1.amazonaws.com efsFileSystemId: "" awsRegion: us-west-2 path: /opt/shared-shibboleth-idp provisionerName: example.com/gcp-efs storageClass: name: gcp-efs isDefault: false persistentVolume: accessModes: ReadWriteMany storage: 5Gi casa: image: repository: gluufederation/casa tag: 4.2.0_dev pullPolicy: Always # Required environment variables for generating Gluu server initial config # values for config-init sub-chart config: orgName: Gluu # email address of the administrator usually. Used for certificate creation email: support@gluu.com # adminPass is administrator password for oxTrust adminPass: P@ssw0rd # ldapPass is the password for LDAP ldapPass: P@ssw0rd # organisation location details countryCode: US state: TX city: SLC # ldapType only OpenDJ is supported ldapType: opendj image: repository: gluufederation/config-init tag: 4.1.1_01 cr-rotate: image: repository: gluufederation/cr-rotate tag: 4.1.1_02 pullPolicy: Always key-rotation: image: repository: gluufederation/key-rotation tag: 4.1.1_01 pullPolicy: Always nfs: image: repository: k8s.gcr.io/volume-nfs tag: 0.8 pullPolicy: IfNotPresent opendj: # options true/false : must be enabled if cache type is REDIS gluuRedisEnabled: false replicas: 1 persistence: size: 5Gi image: repository: gluufederation/wrends tag: 4.1.1_01 pullPolicy: Always # persistence layer persistence: enabled: false image: repository: gluufederation/persistence tag: 4.1.1_01 pullPolicy: Always configmap: gluuOxtrustApiEnabled: false gluuOxtrustApiTestMode: false # Auto install other services. If enabled the respective service chart will be installed gluuPassportEnabled: false gluuCasaEnabled: false gluuRadiusEnabled: false gluuSamlEnabled: true oxauth: image: repository: gluufederation/oxauth tag: 4.1.1_02 pullPolicy: Always oxd-server: # A dummy keystore CHANGE THIS TO YOUR OWN KEYSTORE configmap: adminKeystorePassword: Passw0rd applicationKeystorePassword: Passw0rd applicationKeystoreCn: oxd_server adminKeystoreCn: oxd_server image: repository: gluufederation/oxd-server tag: 4.1.1_01 pullPolicy: Always resources: {} # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi nginx: # ingress resources ingress: enabled: true path: / hosts: - gluu.dev.vermietet.de tls: - secretName: tls-certificate # DON'T change hosts: - gluu.dev.vermietet.de # oxpassport service installation is dependant on boolean value dependant set in persistence.configmap.gluuPassportEnabled oxpassport: image: repository: gluufederation/oxpassport tag: 4.1.1_01 pullPolicy: Always # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi oxshibboleth: image: repository: gluufederation/oxshibboleth tag: 4.1.1_01 pullPolicy: Always oxtrust: image: repository: gluufederation/oxtrust tag: 4.1.1_01 pullPolicy: Always radius: image: repository: gluufederation/radius tag: 4.1.1_01 pullPolicy: Always redis: image: repository: redis tag: alpine pullPolicy: IfNotPresent ``` opendj logs: ``` INFO - pygluu.containerlib.wait - 2020-06-07 09:34:55,589 - Config is ready INFO - pygluu.containerlib.wait - 2020-06-07 09:34:55,775 - Secret is ready INFO - entrypoint - 2020-06-07 09:34:57,071 - Syncing OpenDJ certs. INFO - entrypoint - 2020-06-07 09:35:01,745 - Checking certificate's Subject Alt Name (SAN) INFO - entrypoint - 2020-06-07 09:35:01,791 - Re-generating OpenDJ certs with SAN support. [07/Jun/2020:09:35:14 +0000] category=CORE severity=NOTICE msgID=134 msg=Wren:DS Server 4.0.0-M3 (build 20190729080147, revision number 4dc791965aa1e038953363ca26db0b64b2216891) starting up [07/Jun/2020:09:35:17 +0000] category=JVM severity=NOTICE msgID=21 msg=Installation Directory: /opt/opendj [07/Jun/2020:09:35:17 +0000] category=JVM severity=NOTICE msgID=23 msg=Instance Directory: /opt/opendj [07/Jun/2020:09:35:17 +0000] category=JVM severity=NOTICE msgID=17 msg=JVM Information: 1.8.0_212-b04 by IcedTea, 64-bit architecture, 6621036544 bytes heap size [07/Jun/2020:09:35:17 +0000] category=JVM severity=NOTICE msgID=18 msg=JVM Host: gluu-opendj-0.opendj.gluu.svc.cluster.local, running Linux 4.14.138+ amd64, 27394482176 bytes physical memory size, number of processors available 1 [07/Jun/2020:09:35:17 +0000] category=JVM severity=NOTICE msgID=19 msg=JVM Arguments: "-Dorg.opends.server.scriptName=start-ds" [07/Jun/2020:09:35:21 +0000] category=BACKEND severity=NOTICE msgID=513 msg=The database backend site containing 0 entries has started [07/Jun/2020:09:35:22 +0000] category=BACKEND severity=NOTICE msgID=513 msg=The database backend metric containing 0 entries has started [07/Jun/2020:09:35:22 +0000] category=BACKEND severity=NOTICE msgID=513 msg=The database backend userRoot containing 0 entries has started [07/Jun/2020:09:35:22 +0000] category=EXTENSIONS severity=NOTICE msgID=221 msg=DIGEST-MD5 SASL mechanism using a server fully qualified domain name of: gluu-opendj-0.opendj.gluu.svc.cluster.local [07/Jun/2020:09:35:23 +0000] category=CORE severity=NOTICE msgID=135 msg=The Directory Server has started successfully [07/Jun/2020:09:35:23 +0000] category=CORE severity=NOTICE msgID=139 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID org.opends.messages.core-135): The Directory Server has started successfully ```