Closed Dennor closed 4 months ago
So, if I read this correctly, the pod fails because it doesn't recognise dsn as being set. In your values.yaml you dont specify the dsn in the config, not supply it as an env. The issue i think comes from here https://github.com/ory/k8s/blob/master/helm/charts/kratos/templates/deployment-kratos.yaml#L151 between the interaction of a user supplied dsn vs external secret š¤
Actually, it fails even before that, it fails here https://github.com/ory/k8s/blob/598c91b76cec09f109bff0989d4697afab6c1624/helm/charts/kratos/templates/job-migration.yaml#L63 . I'm not sure if the deployment would work, as it did not get past automigration but I assume the result would be same.
Just to note, this is an existing setup, what is failing is not new install, it's the upgrade.
But overall, yes, you are correct. I'm supplying secret externally and referring to it through secret.nameOverride
, until now, that was working, because there was no check for emptiness on dsn in config. Now, with that check there, I need to set dsn to whatever
.
Of course, it's not a big issue, I've just set dsn
to whatever
in my values.yaml
and it works again, but I'm not sure if that's the intent here :smile:
Just one more note, in default values.yaml
there's this: https://github.com/ory/k8s/blob/598c91b76cec09f109bff0989d4697afab6c1624/helm/charts/kratos/values.yaml#L82
Which I think implies that it's meant to be used the way I've used it? :thinking: Unless I've misread that comment :thinking:
No, you understand correctly :) Those two options are there to support similar use cases:
I would say this is a small (as there is a simple workaround as you noticed) regression that we need to address in the upgrade pipeline š¤
Hi there! I pushed a fix to the generation logic, could you please verify from the master version if your case is supported properly? I updated the test cases to cover more options, and it looks ok, but would like real user feedback before making the next release š
Preflight checklist
Ory Network Project
No response
Describe the bug
Version 0.42 of kratos chart no longer works with external secret. Due to the check on
dsn
field in migrate job, if the field was not set to some random stub, the chart won't set the dsn secret for the job and automigration will fail.Reproducing the bug
kubectl create secret generic kratos --from-literal=dsn=postgres://user:password@postgres:5432/kratos
helm install kratos ory/kratos -f values.yaml
Relevant log output
Relevant configuration
Version
0.42.0
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Kubernetes with Helm
Additional Context
There's a recent change #678 in recent 0.42.0 version which attempts to make dsn field non mendatory. Interestingly enough, it made it mendatory with external secret.