oss deployment in CrashLoopBackOff: "Master key is missing" #2059
Description
Very similar to this issue, I'm running into problems deploying the OSS chart.
Environment
kubectl version
Client Version: v1.34.1
Kustomize Version: v5.7.1
Server Version: v1.33.4+k3s1helm version
version.BuildInfo{Version:"v3.19.0", GitCommit:"3d8990f0836691f0229297773f3524598f46bda6", GitTreeState:"clean", GoVersion:"go1.25.1"}helm ls -n artifactory
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
artifactory artifactory 1 2025-10-10 12:02:19.213098 -0400 EDT deployed artifactory-oss-107.117.18 7.117.18 Deployment
helm install artifactory jfrog/artifactory-oss --namespace artifactory --create-namespace --values deploy/artifactory/values.yamlThis is the values.yaml I'm using:
artifactory:
artifactory:
image:
registry: releases-docker.jfrog.io
repository: jfrog/artifactory-oss
resources:
requests:
memory: "1Gi"
cpu: "500m"
limits:
memory: "2Gi"
cpu: "1"
javaOpts:
xms: "512m"
xmx: "1g"
other: ""
installer:
platform: art-oss-helm
installerInfo: '{"productId":"Helm_artifactory-oss/{{ .Chart.Version }}","features":[{"featureId":"Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"},{"featureId":"Database/{{ .Values.database.type }}"},{"featureId":"PostgreSQL_Enabled/{{ .Values.postgresql.enabled }}"},{"featureId":"Nginx_Enabled/{{ .Values.nginx.enabled }}"},{"featureId":"ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"},{"featureId":"SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"},{"featureId":"UnifiedSecretInstallation_Enabled/{{ .Values.artifactory.unifiedSecretInstallation }}"},{"featureId":"Filebeat_Enabled/{{ .Values.filebeat.enabled }}"},{"featureId":"ReplicaCount/{{ .Values.artifactory.replicaCount }}"}]}'
nginx:
enabled: false
tlsSecretName: ""
service:
type: ClusterIP
ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
hosts:
- kgal-ec2-svcs.dev
paths:
- path: /artifactory(/|$)(.*)
pathType: Prefix
tls:
- secretName: tls-kgal-ec2-svcs-dev-crt
hosts:
- kgal-ec2-svcs.dev
postgresql:
enabled: true
primary:
persistence:
size: 1Gi
databaseUpgradeReady: "no"
jfconnect:
enabled: false
rtfs:
enabled: false
onemodel:
enabled: false
evidence:
enabled: falseThe Pod logs show that the master.key is missing:
shared.security.masterKeyExternal (Default Value): false
shared.security.masterKeyFile (Default Value): etc/security/master.key
2025-10-10T15:54:46.110Z [jfrou] [INFO ] [769dcfb9e9e584f3] [security_keys.go:172] [main] [] - Master key is missing. Pending for 5 seconds with 5m0s timeout
2025-10-10T15:54:51.115Z [jfrou] [INFO ] [769dcfb9e9e584f3] [security_keys.go:172] [main ] [] - Master key is missing. Pending for 10 seconds with 5m0s timeout
I read through the docs about the master key and I was thinking to just kubectl exec into the Pod and generate it manually but I'm getting a permission error:
bash-5.1$ openssl rand -hex 16 > /etc/security/master.key
bash: /etc/security/master.key: Permission deniedLooks like there's no securityContext exposed for the Pod either so I couldn't elevate privileges and run the Pod as root.
I searched through the repo and found that the README for the catalog chart mention:
Installation requires a
jfrogUrl,joinKeyand amasterKey. You can pass the join key along with the Helm install / upgrade command or pass it in a values.yaml file. The following sample shows how to provide a join key in the values.yaml file.
jfrogUrl: http://art-artifactory.art:8082
joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFI tried setting those as well in the OSS chart but they're not picked up (I didn't see them in the template).