search

bitnami / charts

Bitnami Helm Charts
https://bitnami.com
Other
9.03k stars 9.22k forks source link

[bitnami/keycloak] Keycloak chart is incorrectly setting the database existing password key in `KEYCLOAK_DATABASE_PASSWORD` env var. #25232

Closed hamza-m-masood closed 6 months ago

hamza-m-masood commented 7 months ago

Name and Version

bitnami/keycloak 21.0.2

What architecture are you using?

GKE

What steps will reproduce the bug?

  1. Run: helm install keycloak oci://registry-1.docker.io/bitnamicharts/keycloak -n keycloak -f ./keycloak.yaml The ./keycloak.yaml is the values.yaml. It's contents are pasted below.
  2. Error: 
    
COMMAND:
kubectl events keycloak -n keycloak

OUTPUT: ... 2m51s (x11 over 4m45s) Warning Failed Pod/keycloak-0 Error: couldn't find key password in Secret keycloak/camunda-secrets


### Are you using any custom parameters or values?

Here is my values.yaml:
```yaml
auth:
  existingSecret: camunda-secrets
  passwordSecretKey: keycloak-secret
postgresql:
  auth:
    existingSecret: camunda-secrets
    secretKeys:
      userPasswordKey: postgresql-secret
      adminPasswordKey: postgresql-secret
      replicationPasswordKey: postgresql-secret

What is the expected behavior?

The chart should correctly reference the auth.passwordSecretKey and start up the keycloak pod in a healthy state.

What do you see instead?

Currently, the KEYCLOAK_DATABASE_PASSWORD sets the incorrect secret key. It uses password instead of referencing the secret key from auth.passwordSecretKey Here is the full environment variable:

    - name: KEYCLOAK_DATABASE_PASSWORD
      valueFrom:
        secretKeyRef:
          key: password
          name: camunda-secrets

The key should have this value: keycloak-secret

Additional information

This is probably because of the templates/_helpers.tpl file. Here is a snippet:

{{/*
Add environment variables to configure database values
*/}}
{{- define "keycloak.databaseSecretPasswordKey" -}}
{{- if .Values.postgresql.enabled -}}
    {{- print "password" -}}
{{- else -}}
    {{- if .Values.externalDatabase.existingSecret -}}
        {{- if .Values.externalDatabase.existingSecretPasswordKey -}}
            {{- printf "%s" .Values.externalDatabase.existingSecretPasswordKey -}}
        {{- else -}}
            {{- print "db-password" -}}
        {{- end -}}
    {{- else -}}
        {{- print "db-password" -}}
    {{- end -}}
{{- end -}}
{{- end -}}

The value password is hardcoded instead of first checking and referencing the auth.passwordSecretKey value.

dgomezleon commented 6 months ago

Thank you for all the information you provided. Would you like to send a PR addressing the issue? We will be glad to review and merge it. Thank you!!

hamza-m-masood commented 6 months ago

@dgomezleon I will try to make some progress on this in the next week. If no progress is made by me after next week then please take over.

github-actions[bot] commented 6 months ago

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

github-actions[bot] commented 6 months ago

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

aabouzaid commented 1 month ago

For reference, this issue has been fixed in https://github.com/bitnami/charts/pull/29008