MariaDB does not offer auth.rootPassword option and secrets get hardcoded into values.yaml

[cloudscape-germany]

I am seeing this in my nextcloud mariadb pod:

$ k logs -n nextcloud pod/nextcloud-mariadb-0

mariadb 18:32:42.96
mariadb 18:32:42.96 Welcome to the Bitnami mariadb container
mariadb 18:32:42.97 Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-mariadb
mariadb 18:32:42.97 Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-mariadb/issues
mariadb 18:32:42.97
mariadb 18:32:42.97 INFO  ==> ** Starting MariaDB setup **
mariadb 18:32:42.98 INFO  ==> Validating settings in MYSQL_*/MARIADB_* env vars
mariadb 18:32:42.99 INFO  ==> Initializing mariadb database
mariadb 18:32:43.00 WARN  ==> The mariadb configuration file '/opt/bitnami/mariadb/conf/my.cnf' is not writable. Configurations based on environment variables will not be applied for this file.
mariadb 18:32:43.00 INFO  ==> Using persisted data
mariadb 18:32:43.02 INFO  ==> Running mysql_upgrade
mariadb 18:32:43.02 INFO  ==> Starting mariadb in background
mariadb 18:32:45.04 INFO  ==> Stopping mariadb

Any ideas what the reason for this might be?

[cloudscape-germany]

Ok I might have found the issue. It's not that file, but a mariadb password issue. Apparently if you use the build in option in values.yaml, you can only set username and password but root user and root password get created.

See https://github.com/nextcloud/helm/blob/master/charts/nextcloud/templates/db-secret.yaml

Can we update the chart to incorporate auth.rootPassword like in Bitnami's MariaDB chart, even better, via a secret?

Should be this file https://github.com/nextcloud/helm/blob/master/charts/nextcloud/templates/deployment.yaml

 {{- else if .Values.mariadb.enabled }}
  - name: MYSQL_HOST
    value: {{ template "mariadb.primary.fullname" .Subcharts.mariadb }}
  - name: MYSQL_DATABASE
    value: {{ .Values.mariadb.auth.database | quote }}
  - name: MYSQL_USER
    valueFrom:
      secretKeyRef:
        name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
        key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }}
  - name: MYSQL_PASSWORD
    valueFrom:
      secretKeyRef:
        name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
        key: {{ .Values.externalDatabase.existingSecret.passwordKey | default "db-password" }}

I'm not sure I understand why in above code we try to retrieve external secret if there is not even the option in values.yaml to provide external secret for internal mariadb. This behaviour does render upgradability nill, unless I misunderstand something.

[cloudscape-germany]

Ok, apparently it is possible to set rootPassword in the values.yaml file, but it was not included in the template. But we should set this via a secret.

[alimnette]

i have a same issue

[cloudscape-germany]

@alimnette Cool. When can we expect your pull request?

[jessebot]

Remember to be kind to your fellow community members here. 🙏

Ok I might have found the issue. It's not that file, but a mariadb password issue. Apparently if you use the build in option in values.yaml, you can only set username and password but root user and root password get created.

I don't think we actually need to use the MariaDB root password for Nextcloud, do we? Either way, anything that works in the Bitnami subchart, will also work when passed into this chart. If you'd like to add it to values.yaml, that makes sense, as it's also already documented in our README here, but didn't make it into the values.yaml.