Deploying helm chart using existingSecret option for postgresql credentials fails to authenticate

[nullvar2000]

I'm trying to deploy the helm chart using the "existingSecret" option to specify postgresql credentials. The problem appears to be that while the postgresql pod reads the secret for the environment variables, the immich-server pod is still using the default "immich" value for DB_PASSWORD. Is there a values option to tell immich to read the secrets files, too?

$ kubectl -n immich get pod immich-server-6cdfd9bd66-4h42z -o yaml
...
    - name: DB_PASSWORD
      value: immich
...

$ kubectl -n immich get pod immich-postgresql-0 -o yaml
...
    - name: POSTGRES_POSTGRES_PASSWORD
      valueFrom:
        secretKeyRef:
          key: postgres-password
          name: postgres-secrets
    - name: POSTGRES_PASSWORD
      valueFrom:
        secretKeyRef:
          key: password
          name: postgres-secrets

The runtime values were verified to be as expected based in the output above by exec'ing into pods and running env. Both pods show error messages to the effect of 'password authentication failed for user "immich"'

Here is the contents of postgres-secrets.yaml:

apiVersion: v1
kind: Secret
metadata:
  name: postgres-secrets
  namespace: immich
stringData: 
  DB_USERNAME: immich
  POSTGRES_USER: immich
  DB_PASSWORD: not-actually-my-password
  POSTGRES_PASSWORD: not-actually-my-password
  postgres-password: not-actually-my-password
  password: not-actually-my-password
  DB_DATABASE_NAME: immich
  POSTGRES_DB: immich

I probably don't need all of these, but I've been trying different variables to get this to work.

[bo0tzz]

I assume you're using existingSecret under the postgresql key? That section uses the postgres helm chart from Bitnami as a dependency. In order for the connection details to be passed to the Immich containers, you need to set the env.DB_* values. This example should help if you want to set them from a secret.