charts icon indicating copy to clipboard operation
charts copied to clipboard

Published 20 hours ago verified publisher icon bitnami

[bitnami/postgresql] PostgreSQL passwords stops working after a few days

Open mordax7 opened this issue 4 months ago • 2 comments

Name and Version

bitnami/postgresql 12.12.10

What architecture are you using?

arm64

What steps will reproduce the bug?

I am using ArgoCD to try to install this chart, using these values:

authentik:
  global:
    env:
      - name: AUTHENTIK_POSTGRESQL__PASSWORD
        valueFrom:
          secretKeyRef:
            name: authentik-postgresql
            key: password
      - name: AUTHENTIK_REDIS__PASSWORD
        valueFrom:
          secretKeyRef:
            name: authentik-redis
            key: password
      - name: AUTHENTIK_SECRET_KEY
        valueFrom:
          secretKeyRef:
            name: authentik-secret-key
            key: key

  authentik:
    # Disable GeoIP features
    events:
      context_processors:
        geoip: ""
        asn: ""
  
  # Authentik server configuration
  server:
    # Disable all resource limits
    resources:
      requests:
        cpu: 100m
        memory: 512Mi
      limits:
  
  # Enable persistence for PostgreSQL
  postgresql:
    enabled: true
    auth:
      username: authentik
      database: authentik
      existingSecret: authentik-postgresql
    primary:
      resources:
        limits: {}

  # Enable Redis
  redis:
    enabled: true
    auth:
      enabled: true
      existingSecret: authentik-redis
      existingSecretPasswordKey: password

The secrets for the passwords I create with the following template:

---
apiVersion: v1
kind: Secret
metadata:
  name: authentik-postgresql
  labels:
    app.kubernetes.io/name: {{ include "authentik.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
type: Opaque
data:
  password: {{ randAlphaNum 20 | b64enc | quote }}
  postgres-password: {{ randAlphaNum 20 | b64enc | quote }}
---
apiVersion: v1
kind: Secret
metadata:
  name: authentik-redis
  labels:
    app.kubernetes.io/name: {{ include "authentik.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
type: Opaque
data:
  password: {{ randAlphaNum 20 | b64enc | quote }}

What do you see instead?

Despite not doing any manual changes, I am experiencing an issue with the app's inability to connect to the PostgreSQL server after a few days. When attempting to connect to the PostgreSQL server manually, the environment variables POSTGRES_PASSWORD and POSTGRES_POSTGRES_PASSWORD still match the originally set passwords from the secrets. However, I am unable to connect locally using these credentials, even though it was working when I initially deployed everything.

I have attempted to resolve the issue by setting it up initially and then restarting each Pod, but it does not seem to have been connected to the problem.

I suspect that when there is a new version of the Helm Chart, which I upgrade automatically, it may be causing some changes and possibly setting a new password. However, I am unable to confirm my suspicions at this time.

I found this issue https://github.com/bitnami/charts/issues/28893, which goes a bit in this direction but do not understand what exactly the fix was.

Additional information

I have the same problem also when trying to deploy Next Cloud. The PostgreSQL password just changes after some time.

mordax7 avatar Oct 02 '24 23:10 mordax7