search

airflow-helm / charts

The User-Community Airflow Helm Chart is the standard way to deploy Apache Airflow on Kubernetes with Helm. Originally created in 2017, it has since helped thousands of companies create production-ready deployments of Airflow on Kubernetes.
https://github.com/airflow-helm/charts/tree/main/charts/airflow
Apache License 2.0
630 stars 474 forks source link

pgBouncer fails to start when I deploy on Openshift #750

Closed robkuehl closed 8 months ago

robkuehl commented 1 year ago

Checks

Chart Version

8.7.1

Kubernetes Version

Client Version: v1.26.1
Server Version: v1.23.12+7566c4d

Helm Version

version.BuildInfo{Version:"v3.11.1", GitCommit:"293b50c65d4d56187cd4e2f390f0ada46b4c4737", GitTreeState:"clean", GoVersion:"go1.19.5"}

Description

I am tryining to deploy Airflow into Azure Red Hat Openshift (ARO). The deployment works when I disable pgbouncer. When I add pgbouncer, it fails for the pgbouncer container.

Relevant Logs

mkdir: can't create directory '/home/pgbouncer/generated-certs': Permission denied
/home/pgbouncer/config/gen_self_signed_cert.sh: line 16: openssl: not found
chmod: /home/pgbouncer/generated-certs/client.key: No such file or directory
Successfully generated self-signed certificate: /home/pgbouncer/generated-certs/client.crt
Successfully generated self-signed certificate key: /home/pgbouncer/generated-certs/client.key
/home/pgbouncer/config/gen_auth_file.sh: line 18: can't create /home/pgbouncer/users.txt: Permission denied
Successfully generated auth_file: /home/pgbouncer/users.txt
2023-06-19 09:56:22.418 UTC [7] ERROR could not open auth_file /home/pgbouncer/users.txt: No such file or directory
2023-06-19 09:56:22.421 UTC [7] ERROR TLS setup failed: failed to load certificate file "/home/pgbouncer/generated-certs/client.crt": No such file or directory
2023-06-19 09:56:22.421 UTC [7] FATAL TLS setup failed

Custom Helm Values

pgbouncer:
  ## if the pgbouncer Deployment is created
  ## [FAQ] https://github.com/airflow-helm/charts/blob/main/charts/airflow/docs/faq/database/pgbouncer.md
  enabled: true

  ## configs for the pgbouncer container image
  ##
  image:
    repository: ghcr.io/airflow-helm/pgbouncer
    tag: 1.17.0-patch.0
    pullPolicy: IfNotPresent
    uid: 1000710002
    gid: 1001

  ## resource requests/limits for the pgbouncer Pods
  ## [SPEC] https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#resourcerequirements-v1-core
  resources: {}

  ## sets pgbouncer config: `auth_type`
  authType: scram-sha-256

  serverSSL:
    ## sets pgbouncer config: `server_tls_sslmode`
    mode: verify-full

    # ## sets pgbouncer config: `server_tls_ciphers`
    # ciphers: normal

    ## sets pgbouncer config: `server_tls_ca_file`
    caFile:
      existingSecret: "postgres-tls-secret"
      existingSecretKey: root.crt
stale[bot] commented 9 months ago

This issue has been automatically marked as stale because it has not had activity in 60 days. It will be closed in 7 days if no further activity occurs.

Thank you for your contributions.

Issues never become stale if any of the following is true:

  1. they are added to a Project
  2. they are added to a Milestone
  3. they have the lifecycle/frozen label
CoinCoderBuffalo commented 6 months ago

Seeing the same issue. How did you resolve this?

Logs from
pgbouncer
in
airflow-cluster-pgbouncer-7cbfcf8464-ntjqf
/home/pgbouncer/config/gen_self_signed_cert.sh: line 16: openssl: not found
chmod: /home/pgbouncer/generated-certs/client.key: No such file or directory
Successfully generated self-signed certificate: /home/pgbouncer/generated-certs/client.crt
Successfully generated self-signed certificate key: /home/pgbouncer/generated-certs/client.key
Successfully generated auth_file: /home/pgbouncer/users.txt
2024-01-02 16:44:48.772 UTC [7] ERROR TLS setup failed: failed to load certificate file "/home/pgbouncer/generated-certs/client.crt": No such file or directory
2024-01-02 16:44:48.772 UTC [7] FATAL TLS setup failed