unable to initialize the database: dial tcp: lookup <secret>: no such host

[ebracho]

Version Info

perses-controller version: v0.1.12
perses version: 0.52.0
kubernetes version: 1.33.5 (GKE)

Description of problem

When configuring spec.config.database.sql any fields of type secret.Hidden are rendered as the opaque string value "<secret>". It's not clear from examples/documentation what the right way to configure a secret fields is. This particular error is due to config.database.sql.addr rendering as an opaque secret value.

Ideally I would like to be able to populate config fields from my own secrets. This includes fields like user, password, addr and db_name which my automation bundles up into one secret when provisioning a database. One possible solution would be to allow us to populate spec.config from our own configmap.

Another piece of feedback not worth creating it's own issue for: add sane defaults for all these required fields in spec.config.database.sql I have included in my yaml.

Debug information

Pod logs

time="2025-10-25T21:45:06Z" level=warning msg="encryption_key is not provided and therefore it will use a default one. For production instance you should provide the key."
time="2025-10-25T21:45:06Z" level=fatal msg="unable to initialize the database: dial tcp: lookup <secret>: no such host"

Perses config

apiVersion: perses.dev/v1alpha2
kind: Perses
metadata:
  annotations:
    owner: opslead-devinfra
  name: perses-staging
  namespace: perses
spec:
  config:
    database:
      sql:
        addr: 10.125.81.29:3306
        allow_all_files: false
        allow_cleartext_passwords: false
        allow_fallback_to_plaintext: false
        allow_native_passwords: false
        allow_old_passwords: false
        case_sensitive: false
        check_conn_liveness: false
        client_found_rows: false
        columns_with_alias: false
        db_name: perses-staging
        interpolate_params: false
        max_allowed_packet: 67108864
        multi_statements: false
        net: tcp
        parse_time: false
        password: a plain string value
        read_timeout: 10s
        reject_read_only: false
        server_pub_key: ''
        timeout: 10s
        user: perses-staging
        write_timeout: 10s
    ephemeral_dashboard:
      cleanup_interval: 1d
      enable: true
  containerPort: 8080
  livenessProbe:
    failureThreshold: 5
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 5
  metadata:
    labels:
      instance: perses-staging
  readinessProbe:
    failureThreshold: 5
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 5

[Nexucis]

@ibakshay can you advise on this issue please ?

[ibakshay]

Hi @Nexucis,
I never tried Perses with sql database. We store the Perses data in the filesystem as PersistentVolumeClaim in kubernetes.

[Nexucis]

@ebracho hopping it will help, I am proposing a way to read secret from file in perses/perses#3617 for each secret field.

I hope it will mitigate your issue.