netmaker-helm icon indicating copy to clipboard operation
netmaker-helm copied to clipboard

Published 20 hours ago verified publisher icon gravitl

our own postgres

Open segator opened this issue 3 years ago • 7 comments

if we already have a postgres server, can we configure it instead of deploying a new one?

segator avatar Feb 17 '22 19:02 segator

:+1: for this, I would really like to be able to point to a separately managed database rather than running postgres in our cluster.

evandam avatar Jun 17 '22 21:06 evandam

Same here, it seems to be all hardcoded 😢

scalp42 avatar Jun 22 '22 20:06 scalp42

Deploying postgres is hardcoded with helm. You may want to follow the manual deploy steps instead. Otherwise you will need to remove postgres after helm install and then change the connection details: https://github.com/gravitl/netmaker/tree/master/k8s/server

afeiszli avatar Jul 13 '22 16:07 afeiszli

The problem is the postgres instalation fails in this helm chart

2022-12-03 13:35:27.042 GMT [163] FATAL: password authentication failed for user "postgres" 2022-12-03 13:35:27.042 GMT [163] DETAIL: User "postgres" has no password assigned. Connection matched pg_hba.conf line 10: "local all all md5" 2022-12-03 13:35:27.042 GMT [163] LOG: could not send data to client: Broken pipe postgresql-repmgr 13:35:27.04 INFO ==> ** Starting repmgrd ** [2022-12-03 13:35:27] [NOTICE] repmgrd (repmgrd 5.2.1) starting up [2022-12-03 13:35:27] [ERROR] connection to database failed [2022-12-03 13:35:27] [DETAIL] FATAL: password authentication failed for user "repmgr"

We've had similar problems with third-party products that rely on the Mitnami HA Postgresql installation - it looks like Bitnami broker their helm chart, and everyone has to update their helm charts if they are using it as a subchart.

jensjohansen avatar Dec 03 '22 13:12 jensjohansen

For anyone looking: You can now use your own Postgres DB. The configuration isn't documented though, however from the Helm-Chart you should be able to disable the attached bitname postgres-ha and configure the connection to another Postgres instance.

wireguard:
  dbHost: YOUR-POSTGRES-HOST

postgresql-ha:
  enabled: false
  postgresql:
    username: YOUR-POSTGRES-USER
    password: YOUR-POSTGRES-PW
    database: YOUR-POSTGRES-DB

The Postgres port is hardcoded to be 5432

anjomro avatar Jan 31 '23 18:01 anjomro

@anjomro sorry to say, but this is rather useless in its current state.

  • why not support complete configuration, including port?
  • unfortunately, I see it waaaay to often, but secrets in plain yaml gives me headaches. They are a nightmare (or even impossible) to manager securely with GitOps. Other helm-charts support "secretKeyRef", where the corresponding env vars are then read from secrets.

Here's what would make sense:

postgresql-ha:
  enabled: false
  postgresql:
    username:
      secretKeyRef:
        name: db-credentials
        key: username
    password:
      secretKeyRef:
        name: db-credentials
        key: password
    database: YOUR-POSTGRES-DB

Edit: Where do I even set the URL for my DB?

maaft avatar Feb 09 '23 10:02 maaft

looks like the work for this was submitted in PR #35

jessebot avatar Jul 09 '23 12:07 jessebot