In order to provide passwords so that those do not get re-generated every time, it is now needed to provide postgresql .existingSecret which, according to the docs, should point to a pre-deployed secret, when in fact it is being used to create a secret on the fly.
Sample values:
authProxy:
enabled: false
external: true
postgresql:
existingSecret: zoomazumzum
postgresqlPassword: duzzitmadda
replication:
password: agennoshomo
securityContext:
enabled: true
zoomazumzum with the intended credsexistingSecret: zoomazumzum part and install the chart againNo existingSecret to be needed for provisioning precreated passwords.
I addressed this downstream with bitnami but they told me to take it here. That closed issue can be found here: https://github.com/bitnami/charts/issues/5463
I am not sure I follow your issue. You have two options:
existingSecret and the password will be auto-generated (so you don't need to set postgresqlPassword)postgresqlPassword, replication.password). If you do so, you need to remove existingSecret.The existingSecret is generated (if specified) when first installing Kubeapps, using helm-hooks. This means that it's management is no longer handled by helm. Modifying that value when upgrading the application is not supported.
The point is, as I tried to show in the reproduction steps, when I don't provide existingSecret, but do provide postgresqlPassword and replication.password, the chart will still generate passwords, and not use the ones provided.
Ah, okay, you are right. In the chart, we make several assumptions that .existingSecret exists while that can be disabled. Marking this as a bug.
Most helpful comment
Ah, okay, you are right. In the chart, we make several assumptions that
.existingSecretexists while that can be disabled. Marking this as a bug.