Setting `existingSecret` for PostgreSQL is not respected by our default values
tumido opened this issue · comments
Tom Coufal commented
Describe the bug
Setting upstream.postgresql.auth.existingSecret
is respected by the PostgreSQL subchart, however we override it for POSTGRESQL_ADMIN_PASSWORD
in our default values. We do not respect the existingSecret
value here. We also do not respect the postgresPassword
for that matter.
Note: POSTGRESQL_ADMIN_PASSWORD
is not set by the bitnami/postgres
chart, however this is a required env variable for UBI-based Postgres images.
Expected Behavior
What are the steps to reproduce this bug?
helm template --set upstream.backstage.postgresql.auth.existingSecret=secretName janus-idp/backstage
- Look at the environment variables exposed to the PostgreSQL container:
...
# Source: backstage/charts/upstream/charts/postgresql/templates/primary/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: release-name-postgresql
...
spec:
...
template:
...
spec:
...
containers:
- name: postgresql
...
env:
...
# Authentication
- name: POSTGRES_USER
value: "bn_backstage"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: secretName
key: password
- name: POSTGRES_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: secretName
key: postgres-password
- name: POSTGRESQL_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: postgres-password
name: 'release-name-postgresql'
Versions of software used and environment
Tom Coufal commented
Workaround is to use values:
upstream:
backstage:
extraEnvVars:
- name: POSTGRESQL_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: postgres-password
name: <EXISTING_SECRET>
postgresql:
primary:
extraEnvVars:
- name: POSTGRESQL_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: postgres-password
name: <EXISTING_SECRET>