Skip to content

[bitnami/postgresql-ha] pgpool is mapping PGPOOL_POSTGRES_PASSWORD env. var. from wrong secretKeyRef #32807

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rstribrn opened this issue Apr 3, 2025 · 4 comments · May be fixed by #32857
Open

[bitnami/postgresql-ha] pgpool is mapping PGPOOL_POSTGRES_PASSWORD env. var. from wrong secretKeyRef #32807

rstribrn opened this issue Apr 3, 2025 · 4 comments · May be fixed by #32857
Assignees
@javsalgar
Labels
postgresql-ha stale 15 days without activity tech-issues The user has a technical issue about an application triage Triage is needed

Comments

@rstribrn
Copy link
Contributor

rstribrn commented Apr 3, 2025
edited
Loading

Name and Version

bitnami/postgresql-ha-15.3.8

What architecture are you using?

None

What steps will reproduce the bug?

Deploy HelmChart using different passwords (values) defined in secret "my-db-secret", and use this secret file in "postgresql.existingSecret: my-db-secret".

postgresql-ha-15.3.8.tgz/postgresql-ha/templates/pgpool/deployment.yaml

            {{- if .Values.postgresql.usePasswordFiles }}
            - name: PGPOOL_POSTGRES_PASSWORD_FILE
              value: "/opt/bitnami/pgpool/secrets/pgpool-password"
            {{- else }}
            - name: PGPOOL_POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ include "postgresql-ha.postgresqlSecretName" . }}
                  key: password
            {{- end }}

key should be "postgres-password", not "password".

Secret file content example below.

How to test:

kubectl exec --tty --stdin -n <my_namespace> pod/my-postgresql-ha-pgpool-b9c77db9d-q5wrt -- bash -c "env | sort"

=> check content of PGPOOL_POSTGRES_PASSWORD
=> using wrong password
=> pgpool keeps restarting (due to invalid probe)...

Are you using any custom parameters or values?

secret-postgresql.yaml

apiVersion: v1
kind: Secret
metadata:
  name: my-db-secret
  labels:
    {{ toYaml .Values.global.labels | nindent 4 }}
type: Opaque
stringData:
  postgres-password: pwd1
  password: pwd2
  repmgr-password: pwd3

What is the expected behavior?

PGPOOL_POSTGRES_PASSWORD should use password from correct secretKeyRef.

What do you see instead?

Password from the other key.

Additional information

No response
@rstribrn rstribrn added the tech-issues The user has a technical issue about an application label Apr 3, 2025
@github-actions github-actions bot added the triage Triage is needed label Apr 3, 2025
@rstribrn
Copy link
Contributor Author

rstribrn commented Apr 3, 2025

Output from "env | sort" inside the container (manually edited for this bug report):

...
PGPOOL_POSTGRES_PASSWORD=pwd2
PGPOOL_POSTGRES_USERNAME=postgres
PGPOOL_SR_CHECK_DATABASE=postgres
PGPOOL_SR_CHECK_PASSWORD=pwd3
PGPOOL_SR_CHECK_USER=repmgr
...

@javsalgar javsalgar changed the title postgresql-ha: pgpool is mapping PGPOOL_POSTGRES_PASSWORD env. var. from wrong secretKeyRef [bitnami/postgresql-ha] pgpool is mapping PGPOOL_POSTGRES_PASSWORD env. var. from wrong secretKeyRef Apr 7, 2025
@javsalgar
Copy link
Contributor

Hi!

Thank you so much for reporting the issue. As you spotted it, would you like to submit a PR setting correct secretKeyRef? If not we will work on it.

@rstribrn rstribrn linked a pull request Apr 7, 2025 that will close this issue
Open
@github-actions GitHub Actions
Copy link

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

@github-actions github-actions bot added the stale 15 days without activity label Apr 23, 2025
@rstribrn
Copy link
Contributor Author

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

PR has been send.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@javsalgar javsalgar

Labels
postgresql-ha stale 15 days without activity tech-issues The user has a technical issue about an application triage Triage is needed
Projects
None yet
Milestone
No milestone
2 participants
@javsalgar @rstribrn