Description
Hey there,
I'm trying to get Authelia to work but have issues with setting the postgres-password from another secret.
I use cloudnative-pg as my postgres operator.
When creating a postgres-database cloudnative-pg creates a secret called pg-authelia-app, which looks like this:
secret/pg-authelia-app:
apiVersion: v1
data:
dbname: <base64 decoded string>
host: <base64 decoded string>
jdbc-uri: <base64 decoded string>
password: <base64 decoded string>
pgpass: <base64 decoded string>
port: <base64 decoded string>
uri: <base64 decoded string>
user: <base64 decoded string>
username: <base64 decoded string>
kind: Secret
metadata:
name: pg-authelia-app
namespace: authelia
The password I want to use is the password key.
I tried the following:
authelia-values.yaml :
configMap:
[...]
storage:
postgres:
enabled: true
address: 'tcp://pg-authelia-rw:5432'
database: 'authelia'
schema: 'public'
username: 'authelia'
password:
disabled: false
[...]
secret:
additionalSecrets:
pg-authelia-app:
items:
- key: password
path: storage.postgres.password.txt
The authelia pod's logs throw the following errors:
time="2025-02-14T10:44:48Z" level=warning msg="Configuration: access_control: no rules have been specified so the 'default_policy' of 'two_factor' is going to be applied to all requests"
time="2025-02-14T10:44:48Z" level=info msg="Authelia v4.38.16 is starting"
time="2025-02-14T10:44:48Z" level=info msg="Log severity set to info"
time="2025-02-14T10:44:58Z" level=error msg="Error occurred running a startup check" error="error pinging database: failed to connect to `user=authelia database=authelia`: 10.96.6.221:5432 (pg-authelia-rw): failed SASL auth: FATAL: password authentication failed for user \"authelia\" (SQLSTATE 28P01)" provider=storage
time="2025-02-14T10:44:58Z" level=error msg="Error checking user authentication YAML database" error="user authentication database file doesn't exist at path '/config/users_database.yml' and has been generated"
time="2025-02-14T10:44:58Z" level=error msg="Error occurred running a startup check" error="one or more errors occurred checking the authentication database" provider=user
time="2025-02-14T10:44:58Z" level=fatal msg="One or more providers had fatal failures performing startup checks, for more detail check the error level logs" providers="[storage user]" stack="github.com/authelia/authelia/v4/internal/commands/root.go:150 doStartupChecks\ngithub.com/authelia/authelia/v4/internal/commands/root.go:88 (*CmdCtx).RootRunE\ngithub.com/spf13/[email protected]/command.go:985 (*Command).execute\ngithub.com/spf13/[email protected]/command.go:1117 (*Command).ExecuteC\ngithub.com/spf13/[email protected]/command.go:1041 (*Command).Execute\ngithub.com/authelia/authelia/v4/cmd/authelia/main.go:10 main\ninternal/runtime/atomic/types.go:194 (*Uint32).Load\nruntime/asm_amd64.s:1700 goexit"
Am I not understanding how the additionalSecrets part works at all? When I don't use it, the logs say I must provide an username and a password, therefore I guess, the secret is mounted correctly?
Can someone help me with this configuration?
Thank you in advance and sry, if I just totally misunderstood something here :/
Kind regards
Activity