search

jfrog / charts

JFrog official Helm Charts
https://jfrog.com/integration/helm-repository/
Apache License 2.0
259 stars 448 forks source link

Configuring a Postgresql External Database results in an infinite wait for the master key until CrashLoopBackOff #1867

Closed learningsystems-technical closed 8 months ago

learningsystems-technical commented 8 months ago

Is this a request for help?: YES

Is this a BUG REPORT or FEATURE REQUEST? (choose one): BUG REPORT

Version of Helm and Kubernetes:

Helm version version.BuildInfo { Version:"v3.14.2", GitCommit:"c309b6f0ff63856811846ce18f3bdc93d2b4d54b", GitTreeState:"clean", GoVersion:"go1.21.7" } kubectl version -o yaml clientVersion: buildDate: "2024-02-06T01:58:54Z" compiler: gc gitCommit: c9f49a3b06cd7ebe793f8cc1dcd0293168e743d9 gitTreeState: clean gitVersion: v1.28.6+k3s2 goVersion: go1.20.13 major: "1" minor: "28" platform: linux/amd64 kustomizeVersion: v5.0.4-0.20230601165947-6ce0bf390ce3 serverVersion: buildDate: "2024-02-06T01:58:54Z" compiler: gc gitCommit: c9f49a3b06cd7ebe793f8cc1dcd0293168e743d9 gitTreeState: clean gitVersion: v1.28.6+k3s2 goVersion: go1.20.13 major: "1" minor: "28" platform: linux/amd64

Which chart: artifactory-oss-107.77.7.tgz

Which product license (Enterprise/Pro/oss): oss

JFrog support reference (if already raised with support team):

What happened: Configuring a Postgresql External Database in Helm Chart values.yaml results in an infinite wait for the master key

pod_logs pod-logs-details.txt

until CrashLoopBackOff

pod_crash

What you expected to happen: The pod going to a Running State accessing and initializing the created Database in configured Postgresql DBMS.

How to reproduce it (as minimally and precisely as possible): create and apply an "rds-artifactory" secret storing db-user, db-password and db-url.

apiVersion: v1 kind: Secret metadata: name: rds-artifactory labels: app: tools-artifactory data: db-user: zzzzzzzzzz= db-password: xxxxxxxxxxx== stringData: db-url: "jdbc:postgresql://10.43.10.204:5432/artifactory"

kubectl get secrets rds-artifactory -o yaml apiVersion: v1 data: db-password: xxxxxxxxxxx== db-url: yyyyyy= db-user: zzzzzzzzzz= kind: Secret metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"v1","data":{"db-password":"xxxxxxxxxxx==","db-user":"zzzzzzzzzz="},"kind":"Secret","metadata":{"annotations":{},"labels":{"app":"tools-artifactory"},"name":"rds-artifactory","namespace":"default"},"stringData":{"db-url":"jdbc:postgresql://10.43.10.204:5432/artifactory"}} creationTimestamp: "2024-03-21T13:45:56Z" labels: app: tools-artifactory name: rds-artifactory namespace: default resourceVersion: "617936" uid: f25ef73e-7950-489f-9ffb-41159455f756 type: Opaque

  1. Set environment variables MASTER_KEY an JOIN_KEY

    export MASTER_KEY=$(openssl rand -hex 32) export JOIN_KEY=$(openssl rand -hex 32)

  2. Fetch, untar, and configure values.yaml in the Artifactory OSS Helm Chart : configured-artifactory-oss.zip

  3. Repackage and install

    helm package artifactory-oss/ ; helm upgrade --install tools-artifactory-release ./artifactory-oss-107.77.7.tgz --set artifactory.joinKey=${JOIN_KEY} --set artifactory.masterKey=${MASTER_KEY};

Anything else we need to know:

  1. The pod seems to connect to the configured database since few tables are created : tables-created

  2. Letting Helm create an Artifactory dedicated Postgresql DBMS and DB is working, master key is waited for some tries and finishes to be found.

shahiinn commented 8 months ago

@learningsystems-technical : Upon a cursory examination of the values.yaml you've supplied, I've noticed that two of the necessary fields are absent:

database:
  type: postgresql
  driver: org.postgresql.Driver

Please follow the instructions provided here for setting up external postgresql and let us know if you encounter with any roadblocks.

learningsystems-technical commented 8 months ago

Many Thanks Shahiinn :+1: !

Sorry for my misunderstanding of the documentation, it works now. This wasn't so clear from reading the "Configure database credentials in Helm with a pre-existing Kubernetes secret" section of Use an external database with Artifactory Helm installation The appearance of a few tables made me quickly rule out problems related to the connection chain to the database. So for the record, the complete configuration of the external database with external secret should look like this:

...
  database:
    type: postgresql
    driver: org.postgresql.Driver
    secrets:
      user:
        name: "rds-artifactory"
        key: "db-user"
      password:
        name: "rds-artifactory"
        key: "db-password"
      url:
        name: "rds-artifactory"
        key: "db-url"
...

Thanks for your reactivity. :satisfied: