[Bug]: passwordFromSecret issue about helm-charts HOT 10 CLOSED

Just by looking at the error log here are my initial assumptions

The release is getting installed and not upgraded so it's a fresh creation of release however it seems the secret you have defined might not be existing in the namespace you have defined in the command.

Can you check if you are using the correct namespace and the secret being used exists in the namespace?

from helm-charts.

The secret defined in passwordFromSecretis supposed to be present in the cluster in the specified namespace...if it's not the error will be thrown...hence the message that you are seeing is correct.

The helm charts does not create the secret defined in passwordFromSecret..it reads the password from the secret defined in passwordFromSecret.

Hope this clarifies.

from helm-charts.

I want to create secret and neo4j at the same time. I'm able to do this with postgres.

Edit. Of course my chart creates this secret, but at the same time it installs neo4j.

From this what I checked you're currently expecting the secret to exist, any chance to change this?

from helm-charts.

No..it won't be changed ..the secret needs to be already present..passwordFromSecret means reading password from an already existing secret.

We already have this feature in place ...you need to use the password field in values.yaml ..if you specify the password in values.yaml the secret will.be created automatically but since it exposes the password we recommend using passwordFromSecret

from helm-charts.

Edit. Of course my chart creates this secret, but at the same time it installs neo4j.

The secret needs to happen first and thn Neo4j installation in your chart in order for passwprdFromSecret to work.

from helm-charts.

Actually I'm able to make it work as I expected...but I had to add one thing to values that's probably not recommended:

disableLookups: true

When I install neo4j chart I'm getting following error:

  Warning  Failed     7s (x3 over 9s)  kubelet            Error: secret "neo-secret" not found

but when I added the secret it worked well:

kubectl create secret generic neo-secret --from-literal=NEO4J_AUTH=neo4j/supersecret

Can I use "disableLookups" in prod ?

from helm-charts.

No..disableLookups is to be used mainly with --dry-run flag...I would not recommend using it.

As I mentioned earlier the secret needs to get created before Neo4j installation happens. If you can ensure the secret is getting created before Neo4j installation passwordFromSecret will work as expected.

If you want the secret to be created you need to define the password in the values.yaml under password field and it will be created

from helm-charts.

@ojhughes @harshitsinghvi22

My requirements:

• use neo4j as dependency of my chart

  Chart.yaml

  dependencies:
    - name: neo4j-standalone
      version: 4.4.17
      repository: https://helm.neo4j.com/neo4j
      condition: neo4j.enabled

• create secret with external-secrets - that will be other dependency of my chart

Secret for neo4j will be created at the same time as neo4j resources or even later - it shouldn't matter. If secret is not present I should get an error as in my above example (with: disableLookups: true) but once secret is created it should be consumed by neo4j. At the moment you check if secret exists before installing chart.

Please consider changing / removing this check as I believe this change would provide more flexibility to users.

from helm-charts.

It sounds like you just need to use disableLookups: true

but once secret is created it should be consumed by neo4j.

This has nothing to do with the helm chart or Neo4j. The secret will be consumed by Pod if it is available. If the secret is not there when the Pod is created, you will need to wait for it to be restarted

from helm-charts.

If it's fine to use disableLookups: true then I'll use it. Thanks for your help :)

from helm-charts.