Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/postgresql] Included networkpolicy blocks backup job from using dns #25438

Closed
pixil98 opened this issue Apr 28, 2024 · 4 comments · Fixed by #25534
Closed

[bitnami/postgresql] Included networkpolicy blocks backup job from using dns #25438

pixil98 opened this issue Apr 28, 2024 · 4 comments · Fixed by #25534
Assignees
@carrodher
Labels
postgresql solved tech-issues The user has a technical issue about an application triage Triage is needed

Comments

@pixil98
Copy link
Contributor

pixil98 commented Apr 28, 2024
edited by carrodher

Name and Version

bitnami/postgresql 15.2.5

What architecture are you using?

amd64

What steps will reproduce the bug?

After enabling the backup cronjob in the helm chart, the backup jobs always fail because they are unable to resolve the IP for the postgresql service name. This appears to be because the provided networkpolicy for the backup job only allows egress on port 5432/TCP. After deleting the network policy, the job is able to query dns again.

Are you using any custom parameters or values?

auth:
  database: authentik
  username: authentik
  existingSecret: authentik-secrets
  secretKeys:
    adminPasswordKey: postgresql-admin-password
    userPasswordKey: postgresql-user-password
  usePasswordFiles: true
backup:
  enabled: true

What is the expected behavior?

I would expect it to be able to query DNS as it is needed for performing the backup.

What do you see instead?

It fails after timing out.
@pixil98 pixil98 added the tech-issues The user has a technical issue about an application label Apr 28, 2024
@pixil98 pixil98 changed the title Included networkpolicy blocks backup job from using dns [bitnami/postgresql] Included networkpolicy blocks backup job from using dns Apr 28, 2024
@github-actions github-actions bot added the triage Triage is needed label Apr 28, 2024
@carrodher
Copy link
Member

Thank you for bringing this issue to our attention. We appreciate your involvement! If you're interested in contributing a solution, we welcome you to create a pull request. The Bitnami team is excited to review your submission and offer feedback. You can find the contributing guidelines here.

Your contribution will greatly benefit the community. Feel free to reach out if you have any questions or need assistance.

@pixil98
Copy link
Contributor Author

pixil98 commented May 2, 2024

I can make a PR to solve this, but it's a bit more complicated than I originally thought. Once i fixed the DNS problem in my cluster, I ran into further problems with the automatic backups. They don't seem to work with a password file, the file isn't even mounted in, and once I fix that it isn't being used. It might be a bit before I have time to troubleshoot that.

@pixil98
Copy link
Contributor Author

pixil98 commented May 3, 2024
edited

I have this mostly working, the final problem is that once the password file is mounted in, you can't set the defaultMode of it because fsGroup overrides it. pg_dumpall refuses to use it if it's too permissive. It would need an init container to copy the secrets and set the proper permissions. I'm unlikely to tackle that, I'll probably switch back to environment variables.

@pixil98 pixil98 mentioned this issue May 5, 2024
Merged
4 tasks
@carrodher
Copy link
Member

Thank you for opening this issue and submitting the associated Pull Request. Our team will review and provide feedback. Once the PR is merged, the issue will automatically close.

Your contribution is greatly appreciated!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@carrodher carrodher

Labels
postgresql solved tech-issues The user has a technical issue about an application triage Triage is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[bitnami/postgresql] Allow backup pod to use DNS pixil98/bitnami-charts
2 participants
@carrodher @pixil98