supabase-community/supabase-kubernetes

Password Authentication failed for user postgres

piby180 opened this issue · 2 comments

piby180 commented

Hey all,
Thank you for setting up this helm chart. I am new to supabase and just tried this helm chart but couldn't make it run, I found the following issues

  1. https://supabase-community.github.io/supabase-kubernetes is currently not online so the instructions on how to install did not work. I managed to install it by cloning the repo and running
    cd supabase-kubernetes/charts/supabase/
    helm install -f values.template.yaml mysupabase .

  2. postgresPassword is not respected. I have set postgresqlPassword: ZGVtb3Bhc3N3b3Jk in my values.template.yaml but there is a different value in secret mysupabase-database

kubectl get secret mysupabase-database -o jsonpath='{.data}'
{"postgresql-password":"WkdWdGIzQmhjM04zYjNKaw=="}

3/7 pods are failing because of it.

mysupabase-supabase-auth-695dd57cc9-s85nv       0/1     CrashLoopBackOff   1          25s
mysupabase-supabase-kong-58dbb8787f-fvm79       1/1     Running            0          25s
mysupabase-supabase-meta-56f99487c5-nzm8l       1/1     Running            0          25s
mysupabase-supabase-realtime-84499d7958-nhv4r   0/1     Error              1          25s
mysupabase-supabase-rest-6ccf859bc6-9rvdc       1/1     Running            0          25s
mysupabase-supabase-storage-c565475f4-n7ctb     0/1     CrashLoopBackOff   1          25s
mysupabase-supabase-studio-6675657758-9prx4     1/1     Running            0          25s


kubectl logs mysupabase-supabase-auth-695dd57cc9-s85nv

[POP] 2022/04/08 05:43:17 info - 0.0261 seconds
time="2022-04-08T05:43:17Z" level=fatal msg="running db migrations: Migrator: problem creating schema migrations: couldn't start a new transaction: could not create new transaction: failed to connect to `host=mysupabase-database.default.svc.cluster.local user=postgres database=postgres`: server error (FATAL: password authentication failed for user \"postgres\" (SQLSTATE 28P01))"

The issue can be reproduced by cloning the repo and installing the helm chart with the following values.template.yaml file

values.template.yaml

# Postgres Database
# A standalone Postgres database configured to work with Supabase services.
database:
  # enabled: false Disable the database provisioning
  postgresqlPassword: ZGVtb3Bhc3N3b3Jk

studio:
  # enable: false # Disable the studio
  environment:
    SUPABASE_URL: http://api.localhost
    STUDIO_PG_META_URL: http://mysupabase-kong.default.svc.cluster.local:8000/pg
    SUPABASE_ANON_KEY: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYW5vbiIsImlhdCI6MTY0MDMwMDQwMCwiZXhwIjoxNzk4MDY2ODAwfQ.JaEiRNdyxX3Pk6XupxauDazXeadLTgTHz5cV7joUrQE"
    SUPABASE_SERVICE_KEY: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaWF0IjoxNjQwMzAwNDAwLCJleHAiOjE3OTgwNjY4MDB9.sUJPVrhMsSaLgizyCWIgNOIRmjavxDB4Lm3hzb4dC5U"

  ingress:
    enabled: 'true'
    className: ""
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/rewrite-target: /
    hosts:
      - host: studio.localhost
        paths:
          - path: /
            pathType: Prefix
            backend:
              serviceName: api
              servicePort: 3000

# Auth Service
auth:
  environment:
    GOTRUE_DB_DATABASE_URL: postgres://postgres:ZGVtb3Bhc3N3b3Jk@mysupabase-database.default.svc.cluster.local:5432/postgres?search_path=auth
    GOTRUE_SITE_URL: http://studio.localhost
    GOTRUE_URI_ALLOW_LIST: ""
    GOTRUE_DISABLE_SIGNUP: "false"
    GOTRUE_JWT_SECRET: "LWyd6nDcJmOS2+3cRq+IKa2yMials3G2KIhUBV/yNCF9kgodD4887qZ6GvLayXyCOrNYTpygy+QR"
    GOTRUE_JWT_EXP: "3600"
    GOTRUE_EXTERNAL_EMAIL_ENABLED: "true"
    GOTRUE_MAILER_AUTOCONFIRM: "true"
    GOTRUE_SMTP_ADMIN_EMAIL: "admin@example.com"
    GOTRUE_SMTP_HOST: "mail"
    GOTRUE_SMTP_PORT: "2500"
    GOTRUE_SMTP_USER: "fake_mail_user"
    GOTRUE_SMTP_PASS: "fake_mail_password"
    GOTRUE_SMTP_SENDER_NAME: "fake_sender"
    GOTRUE_EXTERNAL_PHONE_ENABLED: "false"
    GOTRUE_SMS_AUTOCONFIRM: "false"

# Rest Service
rest:
  environment:
    PGRST_DB_URI: postgres://postgres:ZGVtb3Bhc3N3b3Jk@mysupabase-database.default.svc.cluster.local:5432/postgres
    PGRST_JWT_SECRET: "LWyd6nDcJmOS2+3cRq+IKa2yMials3G2KIhUBV/yNCF9kgodD4887qZ6GvLayXyCOrNYTpygy+QR"

# Realtime Service
realtime:
  environment:
    DB_HOST: mysupabase-database.default.svc.cluster.local
    DB_PORT: "5432"
    DB_NAME: postgres
    DB_USER: postgres
    DB_PASSWORD: ZGVtb3Bhc3N3b3Jk
    DB_SSL: "false"
    JWT_SECRET: "LWyd6nDcJmOS2+3cRq+IKa2yMials3G2KIhUBV/yNCF9kgodD4887qZ6GvLayXyCOrNYTpygy+QR"

# Meta Service
meta:
  environment:
    PG_META_DB_HOST: mysupabase-database.default.svc.cluster.local
    PG_META_DB_PASSWORD: ZGVtb3Bhc3N3b3Jk

# Storage Service
storage:
  environment:
    ANON_KEY: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYW5vbiIsImlhdCI6MTY0MDMwMDQwMCwiZXhwIjoxNzk4MDY2ODAwfQ.JaEiRNdyxX3Pk6XupxauDazXeadLTgTHz5cV7joUrQE"
    SERVICE_KEY: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaWF0IjoxNjQwMzAwNDAwLCJleHAiOjE3OTgwNjY4MDB9.sUJPVrhMsSaLgizyCWIgNOIRmjavxDB4Lm3hzb4dC5U"
    POSTGREST_URL: http://mysupabase-rest.default.svc.cluster.local:3000
    PGRST_JWT_SECRET: "LWyd6nDcJmOS2+3cRq+IKa2yMials3G2KIhUBV/yNCF9kgodD4887qZ6GvLayXyCOrNYTpygy+QR"
    DATABASE_URL: postgres://postgres:ZGVtb3Bhc3N3b3Jk@mysupabase-database.default.svc.cluster.local:5432/postgres
    PGOPTIONS: -c search_path=storage,public

# Kong Service (API Gateway)

kong:
  ingress:
    enabled: 'true'
    className: ""
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/rewrite-target: /
    hosts:
      - host: api.localhost
        paths:
          - path: /
            pathType: Prefix
            backend:
              serviceName: api
              servicePort: 80
  credentials:
    anonKey: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYW5vbiIsImlhdCI6MTY0MDMwMDQwMCwiZXhwIjoxNzk4MDY2ODAwfQ.JaEiRNdyxX3Pk6XupxauDazXeadLTgTHz5cV7joUrQE"
    serviceRoleKey: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaWF0IjoxNjQwMzAwNDAwLCJleHAiOjE3OTgwNjY4MDB9.sUJPVrhMsSaLgizyCWIgNOIRmjavxDB4Lm3hzb4dC5U"
pieveee commented

Hey @piby180

Try to set the DB password <MyURLencodedPw> in the Postgres URL the following way:
postgres://postgres:password@postgres-tst.postgres-tst.svc.cluster.local:5432/postgres?password=<MyURLencodedPw>

Keep in mind, that you need to URL encode the password if you use special characters (which is not the case in your example).

Regarding the things you see in:

kubectl get secret mysupabase-database -o jsonpath='{.data}'
{"postgresql-password":"WkdWdGIzQmhjM04zYjNKaw=="}

This is your secret stored in Base64 format, which is the default in Kubernetes.

vishnukv-facets commented

@pieveee it doesn't work.
its still says the password is wrong even after trying to use the same password via pgcli