Skip to content
This repository has been archived by the owner on Feb 2, 2024. It is now read-only.

Setting existingSecret for PostgreSQL is not respected by our default values #138

Closed
tumido opened this issue Oct 26, 2023 · 1 comment · Fixed by #148
Closed

Setting existingSecret for PostgreSQL is not respected by our default values #138

tumido opened this issue Oct 26, 2023 · 1 comment · Fixed by #148
Assignees
@PatAKnight
Labels
kind/bug Something isn't working status/triage

Comments

@tumido
Copy link
Member

tumido commented Oct 26, 2023

Describe the bug

Setting upstream.postgresql.auth.existingSecret is respected by the PostgreSQL subchart, however we override it for POSTGRESQL_ADMIN_PASSWORD in our default values. We do not respect the existingSecret value here. We also do not respect the postgresPassword for that matter.

Note: POSTGRESQL_ADMIN_PASSWORD is not set by the bitnami/postgres chart, however this is a required env variable for UBI-based Postgres images.

Expected Behavior

What are the steps to reproduce this bug?

  1. helm template --set upstream.backstage.postgresql.auth.existingSecret=secretName janus-idp/backstage
  2. Look at the environment variables exposed to the PostgreSQL container:
...
# Source: backstage/charts/upstream/charts/postgresql/templates/primary/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: release-name-postgresql
  ...
spec:
  ...
  template:
    ...
    spec:
      ...
      containers:
        - name: postgresql
          ...
          env:
            ...
            # Authentication
            - name: POSTGRES_USER
              value: "bn_backstage"
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: secretName
                  key: password
            - name: POSTGRES_POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: secretName
                  key: postgres-password
            - name: POSTGRESQL_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: postgres-password
                  name: 'release-name-postgresql'

Versions of software used and environment
@tumido tumido added kind/bug Something isn't working status/triage labels Oct 26, 2023
@tumido
Copy link
Member Author

tumido commented Oct 26, 2023

Workaround is to use values:

upstream:
  backstage:
    extraEnvVars:
      - name: POSTGRESQL_ADMIN_PASSWORD
        valueFrom:
          secretKeyRef:
            key: postgres-password
            name: <EXISTING_SECRET>
  postgresql:
    primary:
      extraEnvVars:
        - name: POSTGRESQL_ADMIN_PASSWORD
          valueFrom:
            secretKeyRef:
              key: postgres-password
              name: <EXISTING_SECRET>

@PatAKnight PatAKnight mentioned this issue Nov 13, 2023
Merged
4 tasks
@jasperchui jasperchui linked a pull request Nov 22, 2023 that will close this issue
fix: update default values to account for postgresql existingSecret #148
Merged
4 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@PatAKnight PatAKnight

Labels
kind/bug Something isn't working status/triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: update default values to account for postgresql existingSecret PatAKnight/helm-backstage
2 participants
@tumido @PatAKnight