Workaround for Secret Agent operator

This topic has 0 replies, 1 voice, and was last updated 4 weeks ago by [email protected].

  • Author
    Posts
  • #28663

    Hi,

    We are trying to deploy ForgeRock7.1 in a multi-tenant environment where cluster is shared with multiple applications. However newly introduced Secret agent operator with FR7.1, requires a cluster level permission to generate and manage the secrets for ForgeRock containers. Being a multi-tenant environment, cluster level permission is not allowed to secret agent operator, so we decided to generate secrets manually, store in AWS secret manager and pass on to kubernetes environment in similar fashion as secret agent operator is doing. However our AM pod is still not able to resolve the certificate path, in short we are stuck without secrets :(

    Wondering if any has used 7.1 without secret agent operator ?

    We are also getting random error while initializing the AM pod-

    {“timestamp”:”2021-08-25T12:55:14.217Z”,”level”:”ERROR”,”thread”:”pool-4-thread-1″,”logger”:”org.forgerock.openam.entitlement.
    indextree.IndexChangeManagerImpl”,”message”:”Error attempting to initiate index change monitor.”,”context”:”default”,”exception”:”org.forgerock.openam.entitlement.indextree.ChangeMonitorException: Failed creating persistent search.\n\tat org.forgerock.openam.entitlement.indextree.IndexChangeMonitorImpl.start(IndexChangeMonitorImpl.java:89)\n\tat org.forgerock.openam.entitlement.indextree.IndexChangeManagerImpl$MonitorTask.run(IndexChangeManagerImpl.java:151)\n\tat org.forgerock.openam.entitlement.indextree.IndexChangeManagerImpl$TryAgainTask.run(IndexChangeManagerImpl.java:201)\n\tat java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)\n\tat java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)\n\tat java
    .base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)\n\tat jav
    a.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\n\tat java.base/java.util.concurrent.Th
    readPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\n\tat java.base/java.lang.Thread.run(Thread.java:829)\nCaused by: org
    .forgerock.opendj.ldap.ConnectionException: Connect Error: No operational connection factories available\n\tat org.forgerock.o
    pendj.ldap.LdapException.newLdapException(LdapException.java:228)\n\tat org.forgerock.opendj.ldap.LdapException.newLdapExcepti
    on(LdapException.java:143)\n\tat org.forgerock.opendj.ldap.LdapException.newLdapException(LdapException.java:113)\n\tat org.fo
    rgerock.opendj.ldap.LdapException.newLdapException(LdapException.java:71)\n\tat org.forgerock.opendj.ldap.LoadBalancer.noOpera
    tionalConnectionFactoriesException(LoadBalancer.java:767)\n\tat org.forgerock.opendj.ldap.LoadBalancer.connect0(LoadBalancer.j
    ava:325)\n\tat io.reactivex.rxjava3.internal.operators.single.SingleFromCallable.subscribeActual(SingleFromCallable.java:43)\n
    \tat io.reactivex.rxjava3.core.Single.subscribe(Single.java:4813)\n\tat io.reactivex.rxjava3.internal.operators.single.SingleM
    ap.subscribeActual(SingleMap.java:35)\n\tat io.reactivex.rxjava3.core.Single.subscribe(Single.java:4813)\n\tat io.reactivex.rx
    java3.core.Single.blockingGet(Single.java:3644)\n\tat org.forgerock.opendj.ldap.LdapConnectionFactory.lambda$getConnection$5(L
    dapConnectionFactory.java:360)\n\tat org.forgerock.opendj.ldap.LdapConnectionFactory.rethrowRxRuntimeException(LdapConnectionF
    actory.java:681)\n\tat org.forgerock.opendj.ldap.LdapConnectionFactory.getConnection(LdapConnectionFactory.java:360)\n\tat org
    .forgerock.openam.service.datastore.LdapDataStoreService$ManagedConnectionFactory.getConnection(LdapDataStoreService.java:337)
    \n\tat org.forgerock.openam.entitlement.indextree.IndexChangeMonitorImpl.start(IndexChangeMonitorImpl.java:78)\n\t… 8 common
    frames omitted\n”}

    Appreciate your help !

    Thanks

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?