search

passbolt / charts-passbolt

Helm charts to run Passbolt on Kubernetes. No strings attached charts to run the open source password manager for teams!
https://passbolt.com
GNU Affero General Public License v3.0
41 stars 27 forks source link

Stuck at "waiting on database connection" #26

Closed jhuynh08 closed 1 year ago

jhuynh08 commented 1 year ago

Hello,

I followed the instruction on deploying this using default values but the passbolt deployment pod just stays stuck in pending. The init sidecar container seems to keep waiting to connect to a database but it doesn't even though the maria-db and redis cluster is up.

side note: I did not set any values for email as I just want to get this up first. I'm not sure if email has to be set in values for the deployment pod to start.

Kubernetes version: 1.24.13

Name:                   mypassbolt-depl-srv
Namespace:              default
CreationTimestamp:      Mon, 12 Jun 2023 17:56:24 -0500
Labels:                 app.kubernetes.io/action=srv
                        app.kubernetes.io/instance=mypassbolt
                        app.kubernetes.io/managed-by=Helm
                        app.kubernetes.io/name=passbolt
                        app.kubernetes.io/type=depl
                        app.kubernetes.io/version=4.0.0-2-ce
                        helm.sh/chart=passbolt-0.3.2
Annotations:            deployment.kubernetes.io/revision: 1
                        meta.helm.sh/release-name: mypassbolt
                        meta.helm.sh/release-namespace: default
Selector:               app.kubernetes.io/instance=mypassbolt,app.kubernetes.io/name=passbolt,app.kubernetes.io/type notin (cron,job)
Replicas:               2 desired | 2 updated | 2 total | 0 available | 2 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:           app.kubernetes.io/instance=mypassbolt
                    app.kubernetes.io/name=passbolt
  Annotations:      checksum/cm-env: a835c3e7c316adc22a194561741001176409abc05ba3a94149d4b7758a5c9baf
                    checksum/sec-env: a9076b32888a1b6e41f5cb628d68867de1e7e7aef5ea26369e5b36c477e64e5f
                    checksum/sec-gpg: c227af8051a503af939932719c196383bb9288eec02a31a5df25d8c4fd3f12c7
                    checksum/sec-jwt: 2f41f5633f80dd2504aa5868336c5a0016af810da0c0e0abc8e3c531b2aca3c4
                    checksum/sec-redis-proxy: 7c4521bdc515549da22421dc7b425295dc3dbdd055751da9511e12889e828f08
  Service Account:  mypassbolt-sa-common
  Init Containers:
   mypassbolt-depl-srv-init:
    Image:      mariadb:latest
    Port:       <none>
    Host Port:  <none>
    Command:
      /bin/bash
    Args:
      -c
      cat <<-EOF > /tmp/defaultsfile.cnf
      [client]
      user=${DATASOURCES_DEFAULT_USERNAME}
      password=${DATASOURCES_DEFAULT_PASSWORD}
      host=${DATASOURCES_DEFAULT_HOST}
      connect-timeout=2
      EOF
      userhost="%"
      while ! mysql --defaults-file=/tmp/defaultsfile.cnf -e "SELECT 1" > /dev/null 2>&1; do
        echo "Waiting for database connection..."
        sleep 2
      done

    Environment Variables from:
      mypassbolt-cm-env   ConfigMap  Optional: false
      mypassbolt-sec-env  Secret     Optional: false
    Environment:
      DATASOURCES_DEFAULT_HOST:  mypassbolt-mariadb-primary
    Mounts:                      <none>
  Containers:
   mypassbolt-depl-srv:
    Image:       passbolt/passbolt:4.0.0-2-ce
    Ports:       443/TCP, 80/TCP
    Host Ports:  0/TCP, 0/TCP
    Command:
      /bin/bash
    Args:
      -c
      set -e
      > /etc/supervisor/conf.d/cron.conf
      /docker-entrypoint.sh

    Liveness:   http-get https://:https/healthcheck/status.json delay=20s timeout=1s period=10s #success=1 #failure=3
    Readiness:  http-get https://:https/healthcheck/status.json delay=5s timeout=1s period=10s #success=1 #failure=3
    Environment Variables from:
      mypassbolt-cm-env   ConfigMap  Optional: false
      mypassbolt-sec-env  Secret     Optional: false
    Environment:
      DATASOURCES_DEFAULT_HOST:  mypassbolt-mariadb-primary
    Mounts:
      /etc/passbolt/app.php from mypassbolt-cm-app-php (ro,path="app.php")
      /etc/passbolt/gpg from mypassbolt-depl-srv-sec-gpg (ro)
      /etc/passbolt/jwt from mypassbolt-depl-srv-sec-jwt (ro)
      /etc/ssl/certs/passbolt from mypassbolt-depl-srv-sec-tls (ro)
   mypassbolt-depl-srv-redisproxy:
    Image:        haproxy:latest
    Port:         <none>
    Host Port:    <none>
    Environment:  <none>
    Mounts:
      /usr/local/etc/haproxy/haproxy.cfg from mypassbolt-depl-srv-sec-redis-proxy (ro,path="haproxy.cfg")
  Volumes:
   mypassbolt-depl-srv-sec-tls:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  mypassbolt-sec-tls
    Optional:    false
   mypassbolt-depl-srv-sec-gpg:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  mypassbolt-sec-gpg
    Optional:    false
   mypassbolt-cm-app-php:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      mypassbolt-cm-app-php
    Optional:  false
   mypassbolt-depl-srv-sec-jwt:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  mypassbolt-sec-jwt
    Optional:    false
   mypassbolt-depl-srv-sec-redis-proxy:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  mypassbolt-sec-redis-proxy
    Optional:    false
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Available      False   MinimumReplicasUnavailable
  Progressing    True    ReplicaSetUpdated
OldReplicaSets:  <none>
NewReplicaSet:   mypassbolt-depl-srv-54576658c6 (2/2 replicas created)
Events:
  Type    Reason             Age   From                   Message
  ----    ------             ----  ----                   -------
  Normal  ScalingReplicaSet  35m   deployment-controller  Scaled up replica set mypassbolt-depl-srv-54576658c6 to 2
jhuynh08 commented 1 year ago

This is all I'm seeing on the init containers.

image
jhuynh08 commented 1 year ago

Mariadb logs

mariadb 22:58:58.69 INFO  ==> ** Starting MariaDB **
2023-06-12 22:58:58 0 [Note] Starting MariaDB 10.6.12-MariaDB-log source revision 4c79e15cc3716f69c044d4287ad2160da8101cdc as process 1
2023-06-12 22:58:58 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2023-06-12 22:58:58 0 [Note] InnoDB: Number of pools: 1
2023-06-12 22:58:58 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
2023-06-12 22:58:58 0 [Note] mysqld: O_TMPFILE is not supported on /opt/bitnami/mariadb/tmp (disabling future attempts)
2023-06-12 22:58:58 0 [Note] InnoDB: Using Linux native AIO
2023-06-12 22:58:58 0 [Note] InnoDB: Initializing buffer pool, total size = 134217728, chunk size = 134217728
2023-06-12 22:58:58 0 [Note] InnoDB: Completed initialization of buffer pool
2023-06-12 22:58:59 0 [Note] InnoDB: 128 rollback segments are active.
2023-06-12 22:58:59 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2023-06-12 22:58:59 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2023-06-12 22:59:24 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2023-06-12 22:59:24 0 [Note] InnoDB: 10.6.12 started; log sequence number 42204; transaction id 14
2023-06-12 22:59:24 0 [Note] Plugin 'FEEDBACK' is disabled.
2023-06-12 22:59:24 0 [Note] InnoDB: Loading buffer pool(s) from /bitnami/mariadb/data/ib_buffer_pool
2023-06-12 22:59:24 0 [Note] InnoDB: Buffer pool(s) load completed at 230612 22:59:24
2023-06-12 22:59:24 0 [Note] Server socket created on IP: '0.0.0.0'.
2023-06-12 22:59:24 0 [Note] Server socket created on IP: '::'.
2023-06-12 22:59:24 0 [Warning] 'proxies_priv' entry '@% root@mypassbolt-mariadb-primary-0' ignored in --skip-name-resolve mode.
2023-06-12 22:59:25 0 [Note] /opt/bitnami/mariadb/sbin/mysqld: ready for connections.
Version: '10.6.12-MariaDB-log'  socket: '/opt/bitnami/mariadb/tmp/mysql.sock'  port: 3306  Source distribution
2023-06-12 23:00:09 9 [Note] Start binlog_dump to slave_server(338), pos(, 4), using_gtid(0), gtid('')
vasconce1o commented 1 year ago

This happen because the mariadb container image doesn't have the mysql client that is used for check the database connection in the init container. This has two solution: 1- Change the chart values:

app:
  initImage:
    repository: bitnami/mariadb

2- Change mysql by mariadb in chart source code.

jhuynh08 commented 1 year ago

That did the trick, thank you!!

dlen commented 1 year ago

Thanks to both of you we have added a small fix to prevent this from happening again. Also added a new config entry to control the name of the client.