search

bitnami / charts

Bitnami Helm Charts
https://bitnami.com
Other
8.6k stars 8.98k forks source link

[bitnami/postgresql-ha] ERROR: duplicate key value violates unique constraint "UQE_user_login" #27469

Open aturcott opened 1 week ago

aturcott commented 1 week ago

Name and Version

bitnami/postgresql-ha 14.0.10

What architecture are you using?

arm64

What steps will reproduce the bug?

  1. On Kubernetes version 1.27.9 (we're using AKS) running on Ubuntu 22.04 servers
  2. With Grafana enabling SSO (we're using Azure AD)
  3. Sign in with SSO or with admin creds
  4. Receive "unauthorized" error and get forcefully logged out

Are you using any custom parameters or values?

persistence:
  enabled: true

postgresql:
  existingSecret: obs-postgres-credentials
  extraVolumeMounts:
    - name: obs-postgres-credentials
      mountPath: "/mnt/secrets-store"
      readOnly: true
  extraVolumes:
    - name: obs-postgres-credentials
      csi:
        driver: secrets-store.csi.k8s.io
        readOnly: true
        volumeAttributes:
          secretProviderClass: "obs-postgres-credentials"

pgpool:
  image:
    debug: true
  existingSecret: obs-pgpool-credentials
  extraVolumeMounts:
    - name: obs-postgres-credentials
      mountPath: "/mnt/secrets-store"
      readOnly: true
  extraVolumes:
    - name: obs-postgres-credentials
      csi:
        driver: secrets-store.csi.k8s.io
        readOnly: true
        volumeAttributes:
          secretProviderClass: "obs-postgres-credentials"

What is the expected behavior?

Users should be able to login without error, or while logged in they should not be forcefully logged out after several seconds. We should also be able to at least login with the admin creds.

What do you see instead?

We receive an "unauthorized" error and also see these errors in the postgresql pods

STATEMENT:  INSERT INTO cache_data (cache_key,data,created_at,expires) VALUES($1,$2,$3,$4)
ERROR:  duplicate key value violates unique constraint "UQE_user_login"
DETAIL:  Key (login)=(user.email@domain.com) already exists.

Additional information

Here is our Grafana auth config for Azure which has worked in the past without issue until we implemented Grafana HA with Postgres

  grafana.ini:
    auth:
      oauth_allow_insecure_email_lookup: true
    users:
      viewers_can_edit: true
    auth.azuread:
      name: Azure AD
      enabled: true
      allow_sign_up: true
      auto_login: false
      client_id: ${AZURE_CLIENT_ID}
      client_secret: ${AZURE_CLIENT_SECRET}
      scopes: openid email profile offline_access
      auth_url: https://login.microsoftonline.com/${AZURE_TENANT_ID}/oauth2/v2.0/authorize
      token_url: https://login.microsoftonline.com/${AZURE_TENANT_ID}/oauth2/v2.0/token
      allowed_organizations: ${AZURE_TENANT_ID}
      role_attribute_strict: false
      allow_assign_grafana_admin: false
      skip_org_role_sync: false
      use_pkce: false
carrodher commented 1 week ago

The issue may not be directly related to the Bitnami container image/Helm chart, but rather to how the application is being utilized, configured in your specific environment, or tied to a specific scenario that is not easy to reproduce on our side.

If you think that's not the case and are interested in contributing a solution, we welcome you to create a pull request. The Bitnami team is excited to review your submission and offer feedback. You can find the contributing guidelines here.

Your contribution will greatly benefit the community. Feel free to reach out if you have any questions or need assistance.

Suppose you have any questions about the application, customizing its content, or technology and infrastructure usage. In that case, we highly recommend that you refer to the forums and user guides provided by the project responsible for the application or technology.

With that said, we'll keep this ticket open until the stale bot automatically closes it, in case someone from the community contributes valuable insights.