I am not sure if I'm interpreting the output from my container correctly, but I am seeing the following output from sequelize in the logs:
Nates-MacBook-Pro:k8s natereed$ docker logs 1a3e6141d050
...
(node:36) UnhandledPromiseRejectionWarning: SequelizeConnectionError: password authentication failed for user
"postgres
"
It appears there is an extra newline character in the username, which should be "postgres". The database is configured with the environment variable $POSTGRESS_USERNAME (yes, I know it is mispelled, it is from another author).
src/config/config.ts: "username": process.env.POSTGRESS_USERNAMEI shelled into the running container and checked that the environment variables are correctly set:
root@backend-feed-75c4f97d6-9tp2f:/usr/src/app# echo $POSTGRESS_USERNAME
postgres
root@backend-feed-75c4f97d6-9tp2f:/usr/src/app# echo $POSTGRESS_PASSWORD
...
root@backend-feed-75c4f97d6-9tp2f:/usr/src/app# echo $POSTGRESS_DB
mydb
...
To create the secret and then apply, I ran:
echo "postgres" | openssl base64
(edit env-secret.yaml)
kubectl apply -f env-secret.yamlÂ
The contents of the secret:
apiVersion: v1
kind: Secret
metadata:
name: env-secret
type: Opaque
data:
POSTGRESS_USERNAME: cG9zdGdyZXMK
POSTGRESS_PASSWORD: ...Is this not the correct way to create the k8s secret?
The simple option:
apiVersion: v1
kind: Secret
metadata:
name: env-secret
type: Opaque
stringData:
POSTGRESS_USERNAME: myapp
POSTGRESS_PASSWORD: supersecret
stringData takes plain strings instead of base-64 encoded []bytes.
echo "postgres" includes a newline at the end of the string which is also included in the encoded secret. Instead, use:
echo -n "postgres" | openssl base64The -n flag suppresses the newline.