search

bitnami / charts

Bitnami Helm Charts
https://bitnami.com
Other
8.95k stars 9.18k forks source link

[bitnami/postgresql] Setting invalid env var when auth is disabled #16865

Closed mrabe142 closed 1 year ago

mrabe142 commented 1 year ago

Name and Version

bitnami/postgres 12.5.2

What architecture are you using?

amd64

What steps will reproduce the bug?

  1. Create a custom values file with enablePostgresUser set to false and other auth variables left blank
  2. Run helm template postres postgresql-12.5.2.tgz -n demo -f custom-values/postgres-values.yml > postgres1252.yml
  3. Inspect the yaml file for expected values

Are you using any custom parameters or values?

auth:
  enablePostgresUser: false

What is the expected behavior?

The empty secrets template would be excluded if empty and POSTGRES_PASSWORD environment variable would not be set if the authentication options are turned off or empty

What do you see instead?

It generated an empty secrets block:

---
# Source: postgresql/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
  name: postres-postgresql
  namespace: "demo"
  labels:
    app.kubernetes.io/name: postgresql
    helm.sh/chart: postgresql-12.5.2
    app.kubernetes.io/instance: postres
    app.kubernetes.io/managed-by: Helm
type: Opaque
data:
  # We don't auto-generate LDAP password when it's not provided as we do for other passwords
---

and it produces a POSTGRES_PASSWORD env variable pointing to a secret that doesn't exist

            # Authentication
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: postres-postgresql
                  key: postgres-password

Additional information

I plan to inject postgres auth via Hashicorp Vault separately so I am leaving the auth stuff for the helm chart empty.

dgomezleon commented 1 year ago

Hi @mrabe142

Thanks for reporting this issue. Would you like to contribute by creating a PR to solve the issue? The Bitnami team will be happy to review it and provide feedback. Here you can find the contributing guidelines.

mrabe142 commented 1 year ago

Hello,

I don't think I would be able to easily do that due to restrictions from my employer but I look forward to a fix.

Thank you

dgomezleon commented 1 year ago

Hi @mrabe142 ,

Don't worry, we have created a task to fix it.