lunny/helm-chart
1
0
Fork 1
Code Issues 36 Pull Requests 14 Actions Packages Projects Releases 93 Wiki Activity

configure-gitea init container fails can't connect to external db configured in extra secret #274

New Issue
Closed
opened 2022-01-10 08:41:09 +00:00 by devent · 6 comments
devent commented 2022-01-10 08:41:09 +00:00 (Migrated from gitea.com)
Copy Link

Hi. I want to use additionalConfigSources that references the external database. If I put just additionalConfigSources then Helm chart returns error:

Error: UPGRADE FAILED: template: gitea/templates/gitea/init.yaml:43:11: executing "gitea/templates/gitea/init.yaml" at <include "db.servicename" .>: error calling include: template: gitea/templates/_helpers.tpl:73:12: executing "db.servicename" at <ne .Values.gitea.config.database.DB_TYPE "sqlite3">: error calling ne: incompatible types for comparison

Because I have postgres: false and no database configuration in the values. The DB_TYPE comes from the additionalConfigSources's secret.

I add:

    database:
      DB_TYPE: ""

Now I get the error:

Error: UPGRADE FAILED: template: gitea/templates/gitea/init.yaml:43:11: executing "gitea/templates/gitea/init.yaml" at <include "db.servicename" .>: error calling include: template: gitea/templates/_helpers.tpl:74:31: executing "db.servicename" at <.Values.gitea.config.database.HOST>: wrong type for value; expected string; got interface {}

Because HOST comes from the additionalConfigSources's secret.

I add:

    database:
      DB_TYPE: ""
      HOST: ""

The init container fails with:

BusyBox v1.32.1 () multi-call binary.

Usage: nc [OPTIONS] HOST PORT  - connect
nc [OPTIONS] -l -p PORT [HOST] [PORT]  - listen

        -e PROG Run PROG after connect (must be last)
        -l      Listen mode, for inbound connects
        -lk     With -e, provides persistent server
        -p PORT Local port
        -s ADDR Local address
        -w SEC  Timeout for connects and final net reads
        -i SEC  Delay interval for lines sent
        -n      Don't do DNS resolution
        -u      UDP mode
        -v      Verbose
        -o FILE Hex dump traffic
        -z      Zero-I/O mode (scanning)
...not ready yet (30/30)
Database not reachable after '30' attempts!

In the app.ini I see the correct db config:

[database]
SSL_MODE = require
LOG_SQL  = true
DB_TYPE  = postgres
HOST     = postgrescluster-pgbouncer.kube-postgres.svc:5432
PASSWD   = xxx
NAME     = gitea
USER     = gitea

How to define database config in additionalConfigSources? It seems impossible currently. At least DB_TYPE and HOST can not come from additionalConfigSources.

Edit:

The function test_db_connection() should really read the values from the app.ini because that's your source of truth. https://gitea.com/gitea/helm-chart/src/branch/master/templates/gitea/init.yaml#L45

Edit:

Gitea Chart 5.0.0

Hi. I want to use additionalConfigSources that references the external database. If I put just additionalConfigSources then Helm chart returns error: ``` Error: UPGRADE FAILED: template: gitea/templates/gitea/init.yaml:43:11: executing "gitea/templates/gitea/init.yaml" at <include "db.servicename" .>: error calling include: template: gitea/templates/_helpers.tpl:73:12: executing "db.servicename" at <ne .Values.gitea.config.database.DB_TYPE "sqlite3">: error calling ne: incompatible types for comparison ``` Because I have postgres: false and no database configuration in the values. The DB_TYPE comes from the additionalConfigSources's secret. I add: ``` database: DB_TYPE: "" ``` Now I get the error: ``` Error: UPGRADE FAILED: template: gitea/templates/gitea/init.yaml:43:11: executing "gitea/templates/gitea/init.yaml" at <include "db.servicename" .>: error calling include: template: gitea/templates/_helpers.tpl:74:31: executing "db.servicename" at <.Values.gitea.config.database.HOST>: wrong type for value; expected string; got interface {} ``` Because HOST comes from the additionalConfigSources's secret. I add: ``` database: DB_TYPE: "" HOST: "" ``` The init container fails with: ``` BusyBox v1.32.1 () multi-call binary. Usage: nc [OPTIONS] HOST PORT - connect nc [OPTIONS] -l -p PORT [HOST] [PORT] - listen -e PROG Run PROG after connect (must be last) -l Listen mode, for inbound connects -lk With -e, provides persistent server -p PORT Local port -s ADDR Local address -w SEC Timeout for connects and final net reads -i SEC Delay interval for lines sent -n Don't do DNS resolution -u UDP mode -v Verbose -o FILE Hex dump traffic -z Zero-I/O mode (scanning) ...not ready yet (30/30) Database not reachable after '30' attempts! ``` In the app.ini I see the correct db config: ``` [database] SSL_MODE = require LOG_SQL = true DB_TYPE = postgres HOST = postgrescluster-pgbouncer.kube-postgres.svc:5432 PASSWD = xxx NAME = gitea USER = gitea ``` How to define database config in additionalConfigSources? It seems impossible currently. At least DB_TYPE and HOST can not come from additionalConfigSources. Edit: The function test_db_connection() should really read the values from the app.ini because that's your source of truth. https://gitea.com/gitea/helm-chart/src/branch/master/templates/gitea/init.yaml#L45 Edit: Gitea Chart 5.0.0
justusbunsi commented 2022-01-18 20:31:42 +00:00 (Migrated from gitea.com)
Copy Link

Uff. That shouldn't happen. Could you share your values.yaml and the related additionalConfigSources (redacted secrets).

Uff. That shouldn't happen. Could you share your values.yaml and the related additionalConfigSources (redacted secrets).
justusbunsi commented 2022-01-18 20:32:36 +00:00 (Migrated from gitea.com)
Copy Link

You want to use sqlite, IIRC?

You want to use sqlite, IIRC?
devent commented 2022-01-28 09:33:19 +00:00 (Migrated from gitea.com)
Copy Link

Sorry I got sidetracked. Here is the values file:

memcached:
  enabled: true
postgresql:
  enabled: false
image:
  rootless: true
containerSecurityContext:
   capabilities:
     drop:
     - ALL
     add:
     - SYS_CHROOT
ingress:
  enabled: true
  ingressClassName: nginx
  hosts:
  - host: gitea.anrisoftware.com
    paths:
    - path: "/"
      pathType: Prefix
  tls:
  - secretName: gitea-anrisoftware-com-tls
    hosts:
    - gitea.anrisoftware.com
persistence:
  enabled: true
  storageClass: managed-nfs-storage
  size: 10Gi
service:
  http:
    type: ClusterIP
    port: 3000
  ssh:
    type: NodePort
    nodePort: 30022
gitea:
  admin:
    username: "xx"
    password: "xx"
    email: "xx"
  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
      additionalLabels:
        release: kube-prometheus-stack
  ldap:
    - name: OpenLDAP
      securityProtocol: unencrypted
      host: "openldap.kube-ldap.svc.cluster.local"
      port: "1389"
      userSearchBase: ou=People,dc=muellerpublic,dc=de
      userFilter: (&(objectClass=inetOrgPerson)(memberOf=cn=Gitea,ou=Group,dc=muellerpublic,dc=de)(uid=%s))
      adminFilter: (&(objectClass=inetOrgPerson)(memberOf=cn=Administrators,ou=Group,dc=muellerpublic,dc=de))
      emailAttribute: mail
      bindDn: CN=admin,dc=muellerpublic,dc=de
      bindPassword: xx
      usernameAttribute: CN
      publicSSHKeyAttribute: publicSSHKey
  config:
    APP_NAME: "Anrisoftware Projects"
    RUN_MODE: "prod"
    server:
      ENABLE_PPROF: "true"
      PROTOCOL: "http"
      DOMAIN: "gitea.anrisoftware.com"
    database:
      DB_TYPE: "postgres"
      HOST: "postgrescluster-pgbouncer.kube-postgres.svc:5432"
  additionalConfigSources:
  - secret:
      secretName: gitea-database-config

The secret gitea-database-config:

apiVersion: v1
data:
  database: base64
kind: Secret
metadata:
  creationTimestamp: "2022-01-10T08:07:49Z"
  name: gitea-database-config
  namespace: anrisoftware-com-gitea
  resourceVersion: "2936160"
  uid: daa3aad6-d51d-42ef-9b0b-429faded5022
type: Opaque


DB_TYPE=postgres
HOST=postgrescluster-pgbouncer.kube-postgres.svc:5432
NAME=gitea
USER=gitea
PASSWD=xx
SSL_MODE=require
LOG_SQL=true

Chart:

gitea   anrisoftware-com-gitea  25              2022-01-21 14:46:43.388345564 +0100 CET deployed        gitea-5.0.1     1.15.10
Sorry I got sidetracked. Here is the values file: ``` memcached: enabled: true postgresql: enabled: false image: rootless: true containerSecurityContext: capabilities: drop: - ALL add: - SYS_CHROOT ingress: enabled: true ingressClassName: nginx hosts: - host: gitea.anrisoftware.com paths: - path: "/" pathType: Prefix tls: - secretName: gitea-anrisoftware-com-tls hosts: - gitea.anrisoftware.com persistence: enabled: true storageClass: managed-nfs-storage size: 10Gi service: http: type: ClusterIP port: 3000 ssh: type: NodePort nodePort: 30022 gitea: admin: username: "xx" password: "xx" email: "xx" metrics: enabled: true serviceMonitor: enabled: true additionalLabels: release: kube-prometheus-stack ldap: - name: OpenLDAP securityProtocol: unencrypted host: "openldap.kube-ldap.svc.cluster.local" port: "1389" userSearchBase: ou=People,dc=muellerpublic,dc=de userFilter: (&(objectClass=inetOrgPerson)(memberOf=cn=Gitea,ou=Group,dc=muellerpublic,dc=de)(uid=%s)) adminFilter: (&(objectClass=inetOrgPerson)(memberOf=cn=Administrators,ou=Group,dc=muellerpublic,dc=de)) emailAttribute: mail bindDn: CN=admin,dc=muellerpublic,dc=de bindPassword: xx usernameAttribute: CN publicSSHKeyAttribute: publicSSHKey config: APP_NAME: "Anrisoftware Projects" RUN_MODE: "prod" server: ENABLE_PPROF: "true" PROTOCOL: "http" DOMAIN: "gitea.anrisoftware.com" database: DB_TYPE: "postgres" HOST: "postgrescluster-pgbouncer.kube-postgres.svc:5432" additionalConfigSources: - secret: secretName: gitea-database-config ``` The secret `gitea-database-config`: ``` apiVersion: v1 data: database: base64 kind: Secret metadata: creationTimestamp: "2022-01-10T08:07:49Z" name: gitea-database-config namespace: anrisoftware-com-gitea resourceVersion: "2936160" uid: daa3aad6-d51d-42ef-9b0b-429faded5022 type: Opaque ``` ``` DB_TYPE=postgres HOST=postgrescluster-pgbouncer.kube-postgres.svc:5432 NAME=gitea USER=gitea PASSWD=xx SSL_MODE=require LOG_SQL=true ``` Chart: ``` gitea anrisoftware-com-gitea 25 2022-01-21 14:46:43.388345564 +0100 CET deployed gitea-5.0.1 1.15.10 ```
devent commented 2022-01-28 12:19:15 +00:00 (Migrated from gitea.com)
Copy Link

You want to use sqlite, IIRC?

What do you mean by this? No I want to use postgres.

> You want to use sqlite, IIRC? What do you mean by this? No I want to use postgres.
justusbunsi commented 2022-02-01 14:19:31 +00:00 (Migrated from gitea.com)
Copy Link

You want to use sqlite, IIRC?

What do you mean by this? No I want to use postgres.

Hi @devent. Sorry for that question. I mis-read your initial comment. Thank you for the values btw.

Is my assumption correct, that the posted values work right now as a workaround for this problem?

TL;DR;
This is an unrevealed bug inside the template rendering of this chart. For now, if using an external database, DB_TYPE and DB_HOST need to be defined inside the values as inline values. Otherwise the init container won't work. You might duplicate these values inside the "additionalConfigSources".

Long explanation:
Prior to that "additionalConfigSources" feature the inline configuration always contained at least DB_TYPE and DB_HOST pointing to that external database. These values seem to be essential for the database connection check inside the init container. The helper method relies on these inline fields during template rendering and creates incorrect scripts for the init container. Now with the "additionalConfigSources" feature the existence of DB_TYPE and DB_HOST are not ensured and kinda breaks.
Setting DB_TYPE and DB_HOST to empty values as inline values generates an init script with no database host defined for the database check. That's why it breaks the nc command.

> > You want to use sqlite, IIRC? > > What do you mean by this? No I want to use postgres. Hi @devent. Sorry for that question. I mis-read your initial comment. Thank you for the values btw. Is my assumption correct, that the posted values work right now as a workaround for this problem? TL;DR; This is an unrevealed bug inside the template rendering of this chart. For now, if using an external database, `DB_TYPE` and `DB_HOST` need to be defined inside the values as inline values. Otherwise the init container won't work. You might duplicate these values inside the "additionalConfigSources". Long explanation: Prior to that "additionalConfigSources" feature the inline configuration always contained at least `DB_TYPE` and `DB_HOST` pointing to that external database. These values seem to be essential for the database connection check inside the init container. The [helper method](https://gitea.com/gitea/helm-chart/src/branch/master/templates/_helpers.tpl#L66) relies on these inline fields during template rendering and creates incorrect scripts for the init container. Now with the "additionalConfigSources" feature the existence of `DB_TYPE` and `DB_HOST` are not ensured and kinda breaks. Setting `DB_TYPE` and `DB_HOST` to empty values as inline values generates an init script with no database host defined for the database check. That's why it breaks the `nc` command.
devent commented 2022-02-01 17:45:14 +00:00 (Migrated from gitea.com)
Copy Link

Is my assumption correct, that the posted values work right now as a workaround for this problem?

Yes, the workaround works. The inconvenience is that I need to dublicate the value for HOST because it's already defined in the secret.

Btw, the secret comes from the Crunchy Postgres Operator.
https://access.crunchydata.com/documentation/postgres-operator/v5/architecture/user-management/

> Is my assumption correct, that the posted values work right now as a workaround for this problem? Yes, the workaround works. The inconvenience is that I need to dublicate the value for `HOST` because it's already defined in the secret. Btw, the secret comes from the Crunchy Postgres Operator. https://access.crunchydata.com/documentation/postgres-operator/v5/architecture/user-management/
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
has/backport
in progress
invalid
kind/breaking
kind/bug
kind/build
kind/dependency
kind/deployment
kind/docs
kind/enhancement
kind/feature
kind/lint
kind/proposal
kind/question
kind/refactor
kind/security
kind/testing
kind/translation
kind/ui
need/backport
priority/critical
priority/low
priority/maybe
priority/medium
reviewed/duplicate
reviewed/invalid
reviewed/wontfix
skip-changelog
status/blocked
status/needs-feedback
status/needs-reviews
status/wip
upstream/gitea
upstream/other
No Label
kind/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
lunny
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: lunny/helm-chart#274
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?