px-backup chart installation fails with error `couldn't find key OIDC_CLIENT_SECRET in Secret px-backup/pxc-backup-secret`

portworx / helm

Repository for Portworx Helm assets

Apache License 2.0

47 stars 63 forks source link

px-backup chart installation fails with error `couldn't find key OIDC_CLIENT_SECRET in Secret px-backup/pxc-backup-secret` #266

Open andreswebs opened 3 years ago

andreswebs commented 3 years ago

Is this a BUG REPORT or FEATURE REQUEST?:

BUG REPORT

What happened:

When installing the chart with generated values from PX-Central, the pxcentral-frontend and pxcentral-backend pods fail with the error: CreateContainerConfigError

The pod description shows the error message:

 Error: couldn't find key OIDC_CLIENT_SECRET in Secret px-backup/pxc-backup-secret

What you expected to happen:

Chart deploys normally with the provided values.

How to reproduce it (as minimally and precisely as possible):

Install the chart with the generated values-px-backup.yaml from PX-Central, with the command:

helm install px-backup portworx/px-backup --namespace px-backup --create-namespace --version 1.2.3 -f values-px-backup.yaml

Anything else we need to know?:

Environment:

Container Orchestrator and version: EKS 1.19
Cloud provider or hardware configuration: AWS

geoff-carr-bzy commented 2 years ago

same issue with 2.0.1, any ideas?

javierescu commented 1 year ago

check all your pods, pv and pvcs because my install was attemping to use a wrong pvc name from helm values used. Check the keycloak are running and ok, review your storageClassName on values.yaml and maybe you need to remove the old pvc if they were wrong pointing to a missing storageclass

willemm commented 1 year ago

Same issue on a completely fresh install. Also there is no way that this could have anything to do whatsoever with pvs or pvcs, because it's simply a deployment referencing an environment variable from a secret.

Basically, this:

https://github.com/portworx/helm/blob/1aaa823fbb83a14f51ffb81378d4b934670c42a3/charts/px-central/templates/px-lighthouse/px-central-ui/pxcentral-ui.yaml#L190

Is referencing this secret:

https://github.com/portworx/helm/blob/master/charts/px-central/templates/px-lighthouse/px-central-ui/pxcentral-oidc.yaml

Which does not contain the referenced key.

I have to conclude that this chart is just broken, dead on arrival, and apparently nobody has been using it for the last three years (or they manually added the oidc_client_secret to fix the issue or something)

javierescu commented 1 year ago

Hello, I have seen the same error and was due to several problems like: PVC pending due portworx license expired Secrets and/or PV not updated or deleted after helm delete A problem with name resolution on a worker node. You can check the logs of post installation jobs, it seems they are needed to end successfully to create that secret At the end, we installed successfully the pxcentral helm chart with license server

willemm commented 1 year ago

I think the issue we are having is that the helm chart for px-central just does not support using an external keycloak, even though it sais it does in the readme.

For example, this just is hardcoded and assumes the chart installs keycloak:

https://github.com/portworx/helm/blob/04eac24f6bd2a82c6876522aaa9f51a306ba83f6/charts/px-central/templates/px-lighthouse/px-central-ui/pxcentral-ui.yaml#L31

Which just completely breaks if you set oidc.centralOIDC.enabled to false as documented in the readme.

denizcantufekci commented 5 months ago

same issue with helm v3.14.3, any ideas?