charts icon indicating copy to clipboard operation
charts copied to clipboard
verified publisher icon bitnami

[bitnami/postgresql] wrong secret key is being used

Open shaykeren opened this issue 7 months ago • 2 comments

Name and Version

bitnami/postgresql 16.2.1

What architecture are you using?

arm64

What steps will reproduce the bug?

  1. use postgresql chart as dependency
  2. having a secret resource with password key
  3. set the following value:`postgresql: enabled: true
  auth:
    username: user1
    password: "1234"
    database: postgres
    existingSecret: my-secret
    enablePostgresUser: false
  1. Observe the following error in postgresql pod Error: couldn't find key postgres-password in Secret n1/my-secret

Are you using any custom parameters or values?

No response

What is the expected behavior?

no using postgres-password

What do you see instead?

couldn't find key postgres-password in Secret n1/my-secret

Additional information

No response

shaykeren avatar May 14 '25 07:05 shaykeren

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

github-actions[bot] avatar May 31 '25 01:05 github-actions[bot]

Hi @shaykeren, sorry for my very late response and thanks for using bitnami/charts.

I am trying to reproduce your issue but I had no luck. These are the steps I followed with the using the bitnami/odoo chart (this chart uses postgresql as subchart):

  1. Create a secret with the password:
$ kubectl create secret generic supersecret --from-literal password=salami
secret/supersecret created
  1. Configure my-values.yaml file:
postgresql:
  enabled: true
  enablePostgresUser: false
  auth:
    username: odoo_user
    existingSecret: supersecret
  1. Deploy odoo with the above values:
$ helm install odoo oci://registry-1.docker.io/bitnamicharts/odoo --version  28.2.4 -f my-values.yaml
NAME: odoo
LAST DEPLOYED: Tue Jun  3 18:30:18 2025
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: odoo
CHART VERSION: 28.2.4
APP VERSION: 18.0.20250405

Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami for more information.

** Please be patient while the chart is being deployed **

1. Get the Odoo URL by running:

** Please ensure an external IP is associated to the odoo service before proceeding **
** Watch the status using: kubectl get svc --namespace default -w odoo **

  export SERVICE_IP=$(kubectl get svc --namespace default odoo --template "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}")
  echo "Odoo URL: http://$SERVICE_IP/"

2. Obtain the login credentials

  export [email protected]
  export ODOO_PASSWORD=$(kubectl get secret --namespace "default" odoo -o jsonpath="{.data.odoo-password}" | base64 -d)

  echo Email   : $ODOO_EMAIL
  echo Password: $ODOO_PASSWORD

WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
  - resources
+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

After this point everything looks good and the postgresql pod is using the secret supersecret without postgres password:

$ kubectl logs odoo-postgresql-0
postgresql 16:30:52.65 WARN  ==> Skipping export of 'POSTGRES_POSTGRES_PASSWORD'. '/opt/bitnami/postgresql/secrets/postgres-password' is not readable.
postgresql 16:30:52.65 INFO  ==> 
postgresql 16:30:52.65 INFO  ==> Welcome to the Bitnami postgresql container
postgresql 16:30:52.65 INFO  ==> Subscribe to project updates by watching https://github.com/bitnami/containers
postgresql 16:30:52.65 INFO  ==> Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami/ for more information.
postgresql 16:30:52.65 INFO  ==> 
postgresql 16:30:52.75 INFO  ==> ** Starting PostgreSQL setup **
postgresql 16:30:52.85 WARN  ==> Skipping export of 'POSTGRES_POSTGRES_PASSWORD'. '/opt/bitnami/postgresql/secrets/postgres-password' is not readable.
postgresql 16:30:52.85 INFO  ==> Validating settings in POSTGRESQL_* env vars..
postgresql 16:30:52.95 INFO  ==> Loading custom pre-init scripts...
postgresql 16:30:52.95 INFO  ==> Initializing PostgreSQL database...
postgresql 16:30:53.05 INFO  ==> pg_hba.conf file not detected. Generating it...
postgresql 16:30:53.05 INFO  ==> Generating local authentication configuration
postgresql 16:31:00.15 INFO  ==> Starting PostgreSQL in background...
postgresql 16:31:03.04 INFO  ==> Creating user odoo_user
postgresql 16:31:03.44 INFO  ==> Granting access to "odoo_user" to the database "bitnami_odoo"
...

fmulero avatar Jun 03 '25 16:06 fmulero

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

github-actions[bot] avatar Jun 19 '25 01:06 github-actions[bot]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

github-actions[bot] avatar Jun 24 '25 02:06 github-actions[bot]