search

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
https://infisical.com
Other
13k stars 677 forks source link

Deploying with helm error when npm run migration. #1830

Open RiddlerKnight opened 1 month ago

RiddlerKnight commented 1 month ago

Describe the bug

I installed with infisical-standalone-postgres helm chart with these values

infisical:
  image:
    tag: v0.62.4-postgres
  kubeSecretRef: "formated-infisical-pg"
  autoDatabaseSchemaMigration: false

postgresql:
  enabled: false

I use external postgres and mount the connection string via secret. During migration, I face this error.

> backend@1.0.0 migration:latest
> knex --knexfile ./src/db/knexfile.ts --client pg migrate:latest
Requiring external module ts-node/register
Working directory changed to /backend/src/db
Using environment: production
SSL required
error: SSL required
at Parser.parseErrorMessage (/backend/node_modules/pg-protocol/src/parser.ts:369:69)
at Parser.handlePacket (/backend/node_modules/pg-protocol/src/parser.ts:188:21)
at Parser.parse (/backend/node_modules/pg-protocol/src/parser.ts:103:30)
at Socket.<anonymous> (/backend/node_modules/pg-protocol/src/index.ts:7:48)
at Socket.emit (node:events:519:28)
at Socket.emit (node:domain:488:12)
at addChunk (node:internal/streams/readable:559:12)
at readableAddChunkPushByteMode (node:internal/streams/readable:510:3)
at Socket.Readable.push (node:internal/streams/readable:390:5)
at TCP.onStreamRead (node:internal/stream_base_commons:191:23)
npm notice
npm notice New minor version of npm available! 10.5.2 -> 10.7.0
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v10.7.0>
npm notice Run `npm install -g npm@10.7.0` to update!
npm notice

I try to fix with providing ?sslmode=disable in connection string but noting happen. So I try to mount certificate but no any attribute to provide ssl certificate.

Expect behavior

be able to add ssl certificate or disable ssl verification.

akhilmhdh commented 1 month ago

@RiddlerKnight

You can remove the sslmode=disable and then add certificate using the following environment variables

RiddlerKnight commented 1 month ago

@RiddlerKnight

You can remove the sslmode=disable and then add certificate using the following environment variables

Sure, I tried creating cert with cert-manager signed by Let's Encrypt with my domain. The cert was mounted to postgre db without any problem and tested by kubectl forward-port then connecting with the ca without any issue.

Unfortunately, the migration issue still exist but another error. I checked further that DB_ROOT_CERT env is mounted into the pod with base64 encoded so it seem everything is correct.

This is an error that I got.

> backend@1.0.0 migration:latest
> knex --knexfile ./src/db/knexfile.ts --client pg migrate:latest
Requiring external module ts-node/register
Working directory changed to /backend/src/db
Using environment: production
unable to get issuer certificate
Error: unable to get issuer certificate
at TLSSocket.onConnectSecure (node:_tls_wrap:1674:34)
at TLSSocket.emit (node:events:519:28)
at TLSSocket.emit (node:domain:488:12)
at TLSSocket._finishInit (node:_tls_wrap:1085:8)
at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:871:12)
npm notice
npm notice New minor version of npm available! 10.5.2 -> 10.8.0
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v10.8.0>
npm notice Run `npm install -g npm@10.8.0` to update!
npm notice