Comments (7)
Hi @xqe2011
In my opinion, this secret should contain the username, password, port, host, etc. However, after I review the template, only the password is included.
Are you referring to the secret-external-db.yaml template? Please note this template will be ignored if externalDatabase.existingSecret
is set.
In values.yaml, it defines
keycloak.databaseSecretHostKey
defaults todb-host
. But in configmap-env-vars.yaml, it uses.Values.externalDatabase.existingSecretHostKey
Maybe you're using an old values.yaml? There's no keycloak.databaseSecretHostKey
parameter in the current values.yaml. Or you might be referring to the function helper defined here.
from charts.
Are you referring to the secret-external-db.yaml template? Please note this template will be ignored if externalDatabase.existingSecret is set.
No, I am referring to the statefulset.yaml
lines from 160 to 187.
In _helpers.tpl
lines from 194 to 221, it defines keycloak.databaseSecretHostKey
from default value db-host
or .Values.externalDatabase.existingSecretHostKey
, but in statefulset.yaml
, it uses .Values.externalDatabase.existingSecretHostKey
instead which causes the default value doesn't work.
from charts.
Hi @xqe2011
So you're suggesting that we use set KEYCLOAK_DATABASE_HOST
, KEYCLOAK_DATABASE_PORT
, ... environment variables if a condition such as the one below is met and fallback into the default values defined in keycloak.databaseSecretXXXKey
helpers, am I right?
{{- if and (not .Values.postgresql.enabled) .Values.externalDatabase.existingSecret }}
from charts.
Hi @juan131
Yes. This change can reduce the time spent investigating why externalDatabase.existingSecret
, named to suggest it includes full database credentials such as port, host, and password, only uses the password.
from charts.
@xqe2011 I've been reviewing the logic and it works like this:
postgresql.enabled=true
: ignore everyexternalDatabase.***
parameters and rely on the information retrieved from PostgreSQL subchart.postgresql.enabled=false
externalDatabase.existingSecret
is set:- For password: retrieve from existing secret using key set at
externalDatabase.existingSecretPasswordKey
. - For host, port, user & database: retrieve from existing secret ONLY IF corresponding
keycloak.databaseSecretXXXKey
are set. Otherwise relay onexternalDatabase.host
,externalDatabase.port
,externalDatabase.user
andexternalDatabase.database
(added to the configmap-env-vars.yaml ConfigMap).
- For password: retrieve from existing secret using key set at
externalDatabase.existingSecret
is NOT set:- Rely on
externalDatabase.host
,externalDatabase.port
,externalDatabase.user
,externalDatabase.database
(values added to the configmap-env-vars.yaml ConfigMap) andexternalDatabase.password
(value added to the secret-external-db.yaml Secret).
- Rely on
I agree it's over-complicated. Let me review this with the team.
from charts.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
from charts.
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.
from charts.
Related Issues (20)
- [bitnami/redis] chart enables AOF even if persistence = false
- [bitnami/rabbitmq] Cluster doesn't work. Management UI shows only one node. HOT 3
- Invalid redis tag HOT 1
- [bitnami/logstash] Unable to configure plugins: (ArgumentError) could not find a temporary directory exception HOT 6
- Redis Cluster Helm chart Unable to add additional nodes HOT 3
- [bitnami/odoo] Set external database for Odoo Charts, after install module hangs and not start anymore HOT 6
- Discourse Infinite Loading Screen HOT 3
- [bitnami/keycloak] Proxy Headers ENV breaks installs HOT 6
- [bitnami/spring-cloud-dataflow] Adding annotations to stream deployment HOT 3
- [bitnami/postgresql] Please Add Service Type for metrics in bitnami/postgres HOT 1
- [bitnami/keycloak] new hostname env var does not add httpRelativePath HOT 3
- [bitnami/valkey-cluster] Cannot enable external-access HOT 1
- [bitnami/redis-cluster] broken on ipv6 clusters HOT 2
- Redis-sentinel not starting up after scaling all statefulset replicas to 0 HOT 9
- [bitnami/kubernetes-event-exporter] Event discarded as being older then maxEventAgeSeconds HOT 5
- [bitnami/discourse] Discourse forum - Sidekiq mem leak HOT 3
- Solving security issues HOT 5
- Postgrsql keep restarting HOT 3
- Unable to set the absolute value for the memoryHighWatermark using templating HOT 3
- [bitnami/postgresql-ha]: improper password sanitation in pgpool HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from charts.