FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Helm Chart not picking up on database credentials in production mode

    Scheduled Pinned Locked Moved Unsolved
    General Discussion
    2
    2
    587
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Troy Squillaci
      last edited by

      I am deploying FusionAuth in Kubernetes using the latest Helm chart version (0.12.1), with PostgreSQL as the database and FUSIONAUTH_APP_RUNTIME_MODE set to production. I have created a non-root user and database and am trying to get FusionAuth to take the credentials to perform the initial installation.

      Here's some excerpts from the values.yaml:

        database:
    # database.protocol -- Should either be postgresql or mysql. Protocol for jdbc connection to database
    protocol: postgresql
    # database.host -- Hostname or ip of the database instance
    host: "<REDACTED>"
    # database.host -- Port of the database instance
    port: 5432
    # database.tls -- Configures whether or not to use tls when connecting to the database
    tls: false
    # database.tlsMode -- If tls is enabled, this configures the mode
    tlsMode: require
    # database.name -- Name of the fusionauth database
    name: fusionauth

    # To use an existing secret, set `existingSecret` to the name of the secret. We expect at most two keys: `password` is required. `rootpassword` is only required if `database.root.user` is set.
    # database.existingSecret -- The name of an existing secret that contains the database passwords
    existingSecret: "fusionauth"
    # database.user -- Database username for fusionauth to use in normal operation
    user: "fusionauth"
    # database.password -- Database password for fusionauth to use in normal operation - not required if database.existingSecret is configured
    password: ""
    # These credentials are used for bootstrapping the database
    root:
      # database.root.user -- Database username for fusionauth to use during initial bootstrap - not required if you have manually bootstrapped your database
      user: ""
      # database.root.password -- Database password for fusionauth to use during initial bootstrap - not required if database.existingSecret is configured
      password: ""

.....

  app:
    # app.memory -- Configures the amount of memory Java can use
    memory: 256M
    # app.memory -- Configures runtime mode for fusionauth. Should be 'development' or 'production'
    # learn more about the difference here: https://fusionauth.io/docs/v1/tech/reference/configuration
    runtimeMode: production

      I can confirm with psql that I'm able to connect and operate in the database just fine. I've also confirmed the secret is applied to the cluster prior to deploying the Helm chart.

      The FUSIONAUTH_APP_SILENT_MODE defaults to true, so I would expect FusionAuth to take the credentials and database configuration listed here and do the rest automatically, but it doesn't seem to be the case, as I get the following logs:

      Defaulted container "fusionauth" out of: fusionauth, wait-for-db (init)
Starting fusionauth-app...
  --> Logging to /usr/local/fusionauth/logs/fusionauth-app.log
2023-05-23 01:38:23.656 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [/usr/local/fusionauth/config/fusionauth.properties]
2023-05-23 01:38:23.820 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Set property [fusionauth-app.url] set to [<REDACTED>] using configured value.
2023-05-23 01:38:23.830 PM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration -
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [FUSIONAUTH_APP_RUNTIME_MODE] with value [production]
  - Overriding default value of property [SEARCH_TYPE] with value [database]

2023-05-23 01:38:23.851 PM INFO  io.fusionauth.app.guice.FusionAuthModule -

---------------------------------------------------------------------------------------------------------
--------------------------------- Starting FusionAuth version [1.45.1] ----------------------------------
---------------------------------------------------------------------------------------------------------

2023-05-23 01:38:24.260 PM INFO  io.fusionauth.api.plugin.guice.PluginModule - No plugins found
2023-05-23 01:38:24.543 PM INFO  io.fusionauth.api.service.system.NodeService - Node [39f625d7-1c08-4239-a849-5b0f958a2263] started.
2023-05-23 01:38:25.398 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [/usr/local/fusionauth/config/fusionauth.properties]
2023-05-23 01:38:25.399 PM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration -
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [FUSIONAUTH_APP_RUNTIME_MODE] with value [production]
  - Overriding default value of property [SEARCH_TYPE] with value [database]

2023-05-23 01:38:25.404 PM INFO  com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://<REDACTED>:5432/fusionauth]
2023-05-23 01:38:25.405 PM WARN  com.zaxxer.hikari.HikariConfig - HikariPool-1 - idleTimeout has been set but has no effect because the pool is operating as a fixed size pool.
2023-05-23 01:38:25.407 PM INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
2023-05-23 01:38:26.168 PM INFO  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Added connection org.postgresql.jdbc.PgConnection@4c6a4ffd
2023-05-23 01:38:26.211 PM INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
2023-05-23 01:38:28.369 PM INFO  com.inversoft.scheduler.DefaultScheduler - Starting up scheduler
2023-05-23 01:38:28.369 PM INFO  com.inversoft.scheduler.DefaultScheduler - Scheduler is running
2023-05-23 01:38:28.456 PM ERROR com.inversoft.scheduler.LogAndRetainFailureHandler - The scheduled service [class io.fusionauth.api.service.cache.ApplicationCacheLoader] failed but will be re-run.
org.apache.ibatis.exceptions.PersistenceException:
### Error querying database.  Cause: org.postgresql.util.PSQLException: ERROR: relation "applications" does not exist
  Position: 4355

      Any ideas on why it's not picking up on the database details and/or why it's failing to perform the initial installation?

      danD 1 Reply Last reply Reply Quote 1
      • danD
        dan @Troy Squillaci
        last edited by

        @troy-squillaci I think you need to set the value of database.root.user.

        If that is not set, FusionAuth can't create any tables, which it will try to do if the tables are not set up.

        Have you manually bootstrapped your database (that is, run the sql as documented here to create the needed tables)?

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post