Charts: [grafana] secrets are regenerated on each upgrade while deployment stills uses the original ones
Is this a request for help?:
NO
Is this a BUG REPORT or FEATURE REQUEST? (choose one):
BUG REPORT
Version of Helm and Kubernetes:
Helm 2.7.0, K8s 1.7.8 on GKE
Which chart:
grafana
What happened:
Run helm install -n foo grafana
Then run helm upgrade foo grafana
After the upgrade finishes, NOTES will advise on how to extract auto-generated admin password from k8s secret. However the password will be wrong - secret are regenerated each time upgrade runs (I guess this is because template evaluation generates random password each time, then helm thinks that resulting yaml is changed and loads it). However since nothing changed in grafana deployment, it still sees & uses credentials from the moment it was deployed.
What you expected to happen:
Random admin password should not be generated on every upgrade.
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know:
To actually see the admin password, one needs to exec env in the container.
haizaar
All 4 comments
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
fejta-bot
on 29 Jan 2018
Well, this bug is still a bug. 4 other people thumbed up on this.
haizaar
on 30 Jan 2018
/remove-lifecycle stale
tmonk42
on 15 Feb 2018
This is how Helm works. It's not directly an issue with the Grafana chart. You have two options:
- Specify a password instead of having it auto-generated
- Use
--reuse-valueson upgrade
unguiculus
on 15 Feb 2018
Related issues
mickengland
路
3Comments
rajkumar49
路
3Comments
tdcox
路
3Comments
gajus
路
3Comments
kminehart
路
3Comments
Most helpful comment
Well, this bug is still a bug. 4 other people thumbed up on this.