existingSecret not working

[davidshare]

Hi @pmint93 - thank you for your work with this chart. It has been helpful. I need your help.

I want to switch to a postgres database.

I added a secret to my cluster with the connectionURI and referenced it in the helm chart, but it seems the deployment is not able to access the secret. I am not sure why that is.

my values

# Backend database
database:
  # Database type (h2 / mysql / postgres), default: h2
  type: postgres
  # encryptionKey: << YOUR ENCRYPTION KEY >>
  ## Only need when you use mysql / postgres
  # host:
  # port:
  # dbname:
  # username:
  # password:
  ## Alternatively, use a connection URI for full configurability. Example for SSL enabled Postgres.
  # connectionURI: postgres://user:password@host:port/database?ssl=true&sslmode=require&sslfactory=org.postgresql.ssl.NonValidatingFactory"
  ## If a secret with the database credentials already exists, use the following values:
  existingSecret: metabase-secrets
  # existingSecretUsernameKey:
  # existingSecretPasswordKey:
  existingSecretConnectionURIKey: connectionURI

The error I am getting:

Verifying postgres Database Connection ...
2022-02-14 12:49:37,780 ERROR metabase.core :: Metabase Initialization FAILED
clojure.lang.ExceptionInfo: Unable to connect to Metabase postgres DB. {}
    at metabase.db.setup$fn__33730$verify_db_connection__33735$fn__33736$fn__33737.invoke(setup.clj:102)
    at metabase.db.setup$fn__33730$verify_db_connection__33735$fn__33736.invoke(setup.clj:100)
    at metabase.db.setup$fn__33730$verify_db_connection__33735.invoke(setup.clj:94)
    at metabase.db.setup$setup_db_BANG_$fn__33765$fn__33766.invoke(setup.clj:142)
    at metabase.util$do_with_us_locale.invokeStatic(util.clj:693)
    at metabase.util$do_with_us_locale.invoke(util.clj:679)
    at metabase.db.setup$setup_db_BANG_$fn__33765.invoke(setup.clj:141)
    at metabase.db.setup$setup_db_BANG_.invokeStatic(setup.clj:140)
    at metabase.db.setup$setup_db_BANG_.invoke(setup.clj:136)
    at metabase.db$setup_db_BANG_$fn__33873.invoke(db.clj:61)
    at metabase.db$setup_db_BANG_.invokeStatic(db.clj:56)
    at metabase.db$setup_db_BANG_.invoke(db.clj:51)
    at metabase.core$init_BANG_.invokeStatic(core.clj:91)
    at metabase.core$init_BANG_.invoke(core.clj:74)
    at metabase.core$start_normally.invokeStatic(core.clj:135)
    at metabase.core$start_normally.invoke(core.clj:129)
    at metabase.core$_main.invokeStatic(core.clj:168)
    at metabase.core$_main.doInvoke(core.clj:162)
    at clojure.lang.RestFn.invoke(RestFn.java:397)
    at clojure.lang.AFn.applyToHelper(AFn.java:152)
    at clojure.lang.RestFn.applyTo(RestFn.java:132)
    at metabase.core.main(Unknown Source)
Caused by: org.postgresql.util.PSQLException: Connection to :5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
    at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:303)
    at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:51)
    at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:223)
    at org.postgresql.Driver.makeConnection(Driver.java:465)
    at org.postgresql.Driver.connect(Driver.java:264)
    at java.sql/java.sql.DriverManager.getConnection(Unknown Source)
    at java.sql/java.sql.DriverManager.getConnection(Unknown Source)
    at clojure.java.jdbc$get_driver_connection.invokeStatic(jdbc.clj:271)
    at clojure.java.jdbc$get_driver_connection.invoke(jdbc.clj:250)
    at clojure.java.jdbc$get_connection.invokeStatic(jdbc.clj:411)
    at clojure.java.jdbc$get_connection.invoke(jdbc.clj:274)
    at clojure.java.jdbc$db_query_with_resultset_STAR_.invokeStatic(jdbc.clj:1111)
    at clojure.java.jdbc$db_query_with_resultset_STAR_.invoke(jdbc.clj:1093)
    at clojure.java.jdbc$query.invokeStatic(jdbc.clj:1182)
    at clojure.java.jdbc$query.invoke(jdbc.clj:1144)
    at clojure.java.jdbc$query.invokeStatic(jdbc.clj:1160)
    at clojure.java.jdbc$query.invoke(jdbc.clj:1144)
    at metabase.driver.sql_jdbc.connection$can_connect_with_spec_QMARK_.invokeStatic(connection.clj:245)
    at metabase.driver.sql_jdbc.connection$can_connect_with_spec_QMARK_.invoke(connection.clj:242)
    at metabase.db.setup$fn__33730$verify_db_connection__33735$fn__33736$fn__33737.invoke(setup.clj:100)
    ... 21 more
Caused by: java.net.ConnectException: Connection refused (Connection refused)
    at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.base/java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
    at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
    at java.base/java.net.AbstractPlainSocketImpl.connect(Unknown Source)
    at java.base/java.net.SocksSocketImpl.connect(Unknown Source)
    at java.base/java.net.Socket.connect(Unknown Source)
    at org.postgresql.core.PGStream.createSocket(PGStream.java:231)
    at org.postgresql.core.PGStream.<init>(PGStream.java:95)
    at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:98)
    at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:213)
    ... 40 more
2022-02-14 12:49:37,794 INFO metabase.core :: Metabase Shutting Down ...
2022-02-14 12:49:37,796 INFO metabase.server :: Shutting Down Embedded Jetty Webserver
2022-02-14 12:49:37,806 INFO metabase.core :: Metabase Shutdown COMPLETE

Please how do I fix this?

[pmint93]

@davidshare Can you kubectl describe the deployment to see how the template has been generated ? Did the secret you created is in the same namespace with metabase ?

[davidshare]

Thanks @pmint93 - this is the description of the deployment

kubectl describe deployment metabase -n metabase
Name:                   metabase
Namespace:              metabase
CreationTimestamp:      Tue, 15 Feb 2022 12:52:14 +0100
Labels:                 app=metabase
                        app.kubernetes.io/managed-by=Helm
                        chart=metabase-1.4.0
                        heritage=Helm
                        release=metabase
Annotations:            deployment.kubernetes.io/revision: 4
                        meta.helm.sh/release-name: metabase
                        meta.helm.sh/release-namespace: metabase
Selector:               app=metabase
Replicas:               1 desired | 1 updated | 2 total | 1 available | 1 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:           app=metabase
                    release=metabase
  Annotations:      checksum/config: ebbf78f5d3e95533542f724dd587556c25ab0764cea0cbeda62a482762698377
  Service Account:  default
  Containers:
   metabase:
    Image:      metabase/metabase:v0.41.6
    Port:       3000/TCP
    Host Port:  0/TCP
    Liveness:   http-get http://:3000/ delay=120s timeout=30s period=10s #success=1 #failure=6
    Readiness:  http-get http://:3000/ delay=30s timeout=3s period=5s #success=1 #failure=3
    Environment:
      MB_JETTY_HOST:           0.0.0.0
      MB_JETTY_PORT:           3000
      MB_DB_TYPE:              postgres
      MB_DB_CONNECTION_URI:    <set to the key 'connectionURI' in secret 'metabase-secrets'>  Optional: false
      MB_PASSWORD_COMPLEXITY:  normal
      MB_PASSWORD_LENGTH:      6
      JAVA_TIMEZONE:           UTC
      MB_EMOJI_IN_LOGS:        true
      MB_COLORIZE_LOGS:        true
    Mounts:                    <none>
  Volumes:                     <none>
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Available      True    MinimumReplicasAvailable
  Progressing    True    ReplicaSetUpdated
OldReplicaSets:  metabase-7946cbc7bf (1/1 replicas created)
NewReplicaSet:   metabase-645b6d75bd (1/1 replicas created)
Events:
  Type    Reason             Age                From                   Message
  ----    ------             ----               ----                   -------
  Normal  ScalingReplicaSet  55m                deployment-controller  Scaled up replica set metabase-7946cbc7bf to 1
  Normal  ScalingReplicaSet  50s                deployment-controller  Scaled down replica set metabase-645b6d75bd to 0
  Normal  ScalingReplicaSet  28s (x2 over 43m)  deployment-controller  Scaled up replica set metabase-645b6d75bd to 1

[davidshare]

This is the yaml rendering for the deployment:

kubectl get deployment metabase -n metabase -oyaml
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "4"
    meta.helm.sh/release-name: metabase
    meta.helm.sh/release-namespace: metabase
  creationTimestamp: "2022-02-15T11:52:14Z"
  generation: 4
  labels:
    app: metabase
    app.kubernetes.io/managed-by: Helm
    chart: metabase-1.4.0
    heritage: Helm
    release: metabase
  name: metabase
  namespace: metabase
  resourceVersion: "75149733"
  uid: 50e3d7a3-56ec-4a09-9ba3-0b4f334fdb32
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: metabase
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      annotations:
        checksum/config: ebbf78f5d3e95533542f724dd587556c25ab0764cea0cbeda62a482762698377
      creationTimestamp: null
      labels:
        app: metabase
        release: metabase
    spec:
      containers:
      - env:
        - name: MB_JETTY_HOST
          value: 0.0.0.0
        - name: MB_JETTY_PORT
          value: "3000"
        - name: MB_DB_TYPE
          value: postgres
        - name: MB_DB_CONNECTION_URI
          valueFrom:
            secretKeyRef:
              key: connectionURI
              name: metabase-secrets
        - name: MB_PASSWORD_COMPLEXITY
          value: normal
        - name: MB_PASSWORD_LENGTH
          value: "6"
        - name: JAVA_TIMEZONE
          value: UTC
        - name: MB_EMOJI_IN_LOGS
          value: "true"
        - name: MB_COLORIZE_LOGS
          value: "true"
        image: metabase/metabase:v0.41.6
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 6
          httpGet:
            path: /
            port: 3000
            scheme: HTTP
          initialDelaySeconds: 120
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 30
        name: metabase
        ports:
        - containerPort: 3000
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /
            port: 3000
            scheme: HTTP
          initialDelaySeconds: 30
          periodSeconds: 5
          successThreshold: 1
          timeoutSeconds: 3
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: default
      serviceAccountName: default
      terminationGracePeriodSeconds: 30
status:
  availableReplicas: 1
  conditions:
  - lastTransitionTime: "2022-02-15T11:52:52Z"
    lastUpdateTime: "2022-02-15T11:52:52Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2022-02-15T12:46:55Z"
    lastUpdateTime: "2022-02-15T12:47:17Z"
    message: ReplicaSet "metabase-645b6d75bd" is progressing.
    reason: ReplicaSetUpdated
    status: "True"
    type: Progressing
  observedGeneration: 4
  readyReplicas: 1
  replicas: 2
  unavailableReplicas: 1
  updatedReplicas: 1

[davidshare]

It seems to be trying to use the postgres default port instead of the one specified in the URL:

[pmint93]

The deployment seem correct, maybe metabase bug ? Then you should get help in https://github.com/metabase/metabase/issues