I’ve been trying to deploy Vikunja using the helm chart through argocd on DigitalOcean, but I’ve been running into the following issue when starting the frontend.
I am using the bundled postgres, traefik for ingress, and will be using authentik for auth.
These are the logs when starting it. I’m unfortunately not familiar enough to understand why it might be failing permissions here. I’m assuming it did successfully bind port 80, which would rule out low number port permissions. And I have restarted and recreated the pod, which I would assume would rule out an already bound port. In argocd it showing all other resources in the deployment are healthy.
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
20-envsubst-on-templates.sh: Running envsubst on /etc/nginx/templates/default.conf.template to /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/50-injector.sh
info: API URL is https://vikunja.xxxxxxx.xxxxx/api/v1/
info: Sentry enabled: false
info: started at 2023-08-02T01:50:13+00:00
/docker-entrypoint.sh: Launching /docker-entrypoint.d/60-ipv6-disable.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2023/08/02 01:50:13 [emerg] 1#1: bind() to 0.0.0.0:81 failed (13: Permission denied)
nginx: [emerg] bind() to 0.0.0.0:81 failed (13: Permission denied)
Can you show what you changed?
Chart.yaml:
apiVersion: v2
name: vikunja
version: 0.0.0
dependencies:
- name: vikunja
version: 0.2.0
repository: https://kolaente.dev/api/packages/vikunja/helm
values.yaml:
vikunja:
frontend:
apiUrl: https://vikunja.<domain>/api/v1/
ingress:
enabled: true
className: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
hosts:
- host: vikunja.<domain>
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- vikunja.<domain>
secretName: vikunja-secret-tls
api:
config:
service:
frontendurl: https://vikunja.<domain>
enableregistration: true
timezone: MST
database:
type: postgres
user: vikunja
password: <password>
host: vikunja-postgresql
database: vikunja
ingress:
enabled: true
className: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
hosts:
- host: vikunja.<domain>
paths:
- path: /api/v1/
pathType: Prefix
tls:
- hosts:
- vikunja.<domain>
secretName: vikunja-secret-tls
postgresqlEnabled: true
postgresql:
auth:
username: vikunja
password: <password>
database: vikunja
The problem is that Kubernetes usually doesn’t allow binding of any ports below 1024. There are ways you can make it, but they are not recommended. The correct approach is to make Vikunja bind on high ports
Set these options in the env key for the frontend:
env:
- name: VIKUNJA_HTTP_PORT
value: "8080"
- name: VIKUNJA_HTTP2_PORT
value: "8081"
And don’t forget to update the reference in the Service key:
service:
type: ClusterIP
port: 8080
This allowed the frontend to start up for me. If I get the time tomorrow, I’ll raise a PR on the helm chart because it is basically broken in its current state.
Thank you! I applied those settings into my values.yaml and it worked.