Comments (5)
juan131
commented on June 22, 2024
Hi @xqe2011
In my opinion, this secret should contain the username, password, port, host, etc. However, after I review the template, only the password is included.
Are you referring to the secret-external-db.yaml template? Please note this template will be ignored if externalDatabase.existingSecret is set.
In values.yaml, it defines
keycloak.databaseSecretHostKeydefaults todb-host. But in configmap-env-vars.yaml, it uses.Values.externalDatabase.existingSecretHostKey
Maybe you're using an old values.yaml? There's no keycloak.databaseSecretHostKey parameter in the current values.yaml. Or you might be referring to the function helper defined here.
from charts.
xqe2011
commented on June 22, 2024
Are you referring to the secret-external-db.yaml template? Please note this template will be ignored if externalDatabase.existingSecret is set.
No, I am referring to the statefulset.yaml lines from 160 to 187.
In _helpers.tpl lines from 194 to 221, it defines keycloak.databaseSecretHostKey from default value db-host or .Values.externalDatabase.existingSecretHostKey, but in statefulset.yaml, it uses .Values.externalDatabase.existingSecretHostKey instead which causes the default value doesn't work.
from charts.
juan131
commented on June 22, 2024
Hi @xqe2011
So you're suggesting that we use set KEYCLOAK_DATABASE_HOST, KEYCLOAK_DATABASE_PORT, ... environment variables if a condition such as the one below is met and fallback into the default values defined in keycloak.databaseSecretXXXKey helpers, am I right?
{{- if and (not .Values.postgresql.enabled) .Values.externalDatabase.existingSecret }}from charts.
xqe2011
commented on June 22, 2024
Hi @juan131
Yes. This change can reduce the time spent investigating why externalDatabase.existingSecret, named to suggest it includes full database credentials such as port, host, and password, only uses the password.
from charts.
juan131
commented on June 22, 2024
@xqe2011 I've been reviewing the logic and it works like this:
postgresql.enabled=true: ignore everyexternalDatabase.***parameters and rely on the information retrieved from PostgreSQL subchart.postgresql.enabled=falseexternalDatabase.existingSecretis set:- For password: retrieve from existing secret using key set at
externalDatabase.existingSecretPasswordKey. - For host, port, user & database: retrieve from existing secret ONLY IF corresponding
keycloak.databaseSecretXXXKeyare set. Otherwise relay onexternalDatabase.host,externalDatabase.port,externalDatabase.userandexternalDatabase.database(added to the configmap-env-vars.yaml ConfigMap).
- For password: retrieve from existing secret using key set at
externalDatabase.existingSecretis NOT set:- Rely on
externalDatabase.host,externalDatabase.port,externalDatabase.user,externalDatabase.database(values added to the configmap-env-vars.yaml ConfigMap) andexternalDatabase.password(value added to the secret-external-db.yaml Secret).
- Rely on
I agree it's over-complicated. Let me review this with the team.
from charts.
Related Issues (20)
- [bitnami/postgresql-ha] Upgrading repmgr from 5.3 to 5.4
- [bitnami/kafka] No NetworkPolicy for jmx metrics HOT 2
- Kafka Broker Cannot Access Outside Kubernetes Cluster via ClusterIP Services HOT 1
- [bitnami/mongodb] Configmap common-scripts broken HOT 1
- Put a requirements.txt it gives error
- [bitnami/ghost] In latest version of ghost, it can't connect to local MySQL server through socket '/opt/bitnami/mysql/tmp/mysql.sock HOT 4
- [ bitnami/postgres-ha ] postgresql-ha vault root password autorotate support HOT 3
- [bitnami/mlflow] raises image warning without changing image HOT 1
- Fix permissions for apprepositories issue 5323 tanzu HOT 3
- [bitnami/grafana-operator] Wrong content of grafanacontactpoints.integreatly.org.yaml HOT 2
- Thanos Sharding Cache Issue
- cp: cannot stat '/opt/bitnami/keycloak/lib/quarkus/*': No such file or directory HOT 3
- [bitnami/contour] Typo in livenessProbe HOT 1
- [multus-cni] Add support for the thick plugin HOT 1
- [bitnami/argo-cd] Liveness Probe always fails on applicationset-controller HOT 1
- test ticket
- Many users reporting "error 400, request header too large" HOT 2
- [bitnami/postgresql-ha] Bug hostname "I have no name!" in release 14.1.3 HOT 1
- [bitnami/mysql] mysql Server upgrade from 'X' to 'X' takes 5 minutes HOT 1
- [bitnami/redis] Low latency HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from charts.