Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

enableSuperuserAccess Not Creating Superuser Secret, Preventing Access to postgres User Credentials #451

Open
ujala-singh opened this issue Nov 20, 2024 · 0 comments
Labels
chart( cluster ) Related to the cluster chart

Comments

@ujala-singh
Copy link

Issue Description:

I am encountering an issue with the CloudNativePG operator where the enableSuperuserAccess feature does not create the specified superuser secret (superuserSecret) containing the credentials for the postgres user. This behavior is unexpected based on the documentation, which states that enabling enableSuperuserAccess should result in the creation of a secret when it does not already exist.

Here is my configuration:
Cluster Specification:

apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: postgres-cluster
  namespace: postgres
spec:
  enableSuperuserAccess: true
  superuserSecret:
    name: postgres-superuser
  instances: 3
  bootstrap:
    initdb:
      database: temporal
      owner: temporal_admin
      postInitSQL:
        - ALTER USER temporal_admin WITH SUPERUSER;

Chart Values:

cluster:
  fullnameOverride: postgres-cluster
  cluster:
    instances: 3
    storage:
      size: 8Gi
    initdb:
      database: temporal
      owner: temporal_admin
      postInitSQL:
        - ALTER USER temporal_admin WITH SUPERUSER;

Despite enabling enableSuperuserAccess and specifying postgres-superuser as the superuserSecret, no secret is created, and I am not aware of the password for the postgres superuser account. This creates a roadblock when I need to perform administrative tasks or create new users and databases.

Expected Behavior:

When enableSuperuserAccess: true is set, the operator should:

  • Automatically create the specified superuserSecret if it does not already exist.
  • Store the postgres user's password in this secret for later retrieval.

Additional Requirement:

I also want to create a new user dapr_admin and a database dapr where dapr_admin is the owner. Since I do not have the password for the postgres user, I am unable to execute these actions.

Steps to Reproduce:

Deploy the cluster with the following configuration:
    enableSuperuserAccess: true
    superuserSecret: postgres-superuser
Verify if the postgres-superuser secret is created in the namespace.
Try to retrieve the postgres user's password from the secret.

Environment Details:
Helm Chart Version: 0.1.0
Kubernetes Version: [v1.30.3+k3s1]
Cluster Namespace: postgres

Workaround Needed:

Please provide a way to:

Retrieve the postgres superuser password.
Create additional users (e.g., dapr_admin) and databases (e.g., dapr) programmatically using the operator.

Thank you for your support!

@itay-grudev itay-grudev added the chart( cluster ) Related to the cluster chart label Nov 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
chart( cluster ) Related to the cluster chart
Projects
None yet
Development

No branches or pull requests

2 participants