Error installing TimescaleDB with K8S / Helm : MountVolume.SetUp failed for volume "certificate" : secret "timescaledb-certificate" not found

Question

I just tried to install timescaleDB Single with Helm in minikube on Ubuntu 20.04.

After installing via:

helm install timescaledb timescaledb/timescaledb-single --namespace espace-client-v2

I got the message:

➜  ~ helm install timescaledb timescaledb/timescaledb-single  --namespace espace-client-v2
NAME: timescaledb
LAST DEPLOYED: Fri Aug  7 17:17:59 2020
NAMESPACE: espace-client-v2
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
TimescaleDB can be accessed via port 5432 on the following DNS name from within your cluster:
timescaledb.espace-client-v2.svc.cluster.local

To get your password for superuser run:

    # superuser password
    PGPASSWORD_POSTGRES=$(kubectl get secret --namespace espace-client-v2 timescaledb-credentials -o jsonpath="{.data.PATRONI_SUPERUSER_PASSWORD}" | base64 --decode)

    # admin password
    PGPASSWORD_ADMIN=$(kubectl get secret --namespace espace-client-v2 timescaledb-credentials -o jsonpath="{.data.PATRONI_admin_PASSWORD}" | base64 --decode)

To connect to your database, chose one of these options:

1. Run a postgres pod and connect using the psql cli:
    # login as superuser
    kubectl run -i --tty --rm psql --image=postgres \
      --env "PGPASSWORD=$PGPASSWORD_POSTGRES" \
      --command -- psql -U postgres \
      -h timescaledb.espace-client-v2.svc.cluster.local postgres

    # login as admin
    kubectl run -i --tty --rm psql --image=postgres \
      --env "PGPASSWORD=$PGPASSWORD_ADMIN" \
      --command -- psql -U admin \
      -h timescaledb.espace-client-v2.svc.cluster.local postgres

2. Directly execute a psql session on the master node

   MASTERPOD="$(kubectl get pod -o name --namespace espace-client-v2 -l release=timescaledb,role=master)"
   kubectl exec -i --tty --namespace espace-client-v2 ${MASTERPOD} -- psql -U postgres

It seemed to have installed well.

But then, when executing:

     PGPASSWORD_POSTGRES=$(kubectl get secret --namespace espace-client-v2 timescaledb-credentials -o jsonpath="{.data.PATRONI_SUPERUSER_PASSWORD}" | base64 --decode)

Error from server (NotFound): secrets "timescaledb-credentials" not found

After that, I realized pod has not even been created, and it gives me the following errors

MountVolume.SetUp failed for volume "certificate" : secret "timescaledb-certificate" not found

Unable to attach or mount volumes: unmounted volumes=[certificate], unattached volumes=[storage-volume wal-volume patroni-config timescaledb-scripts certificate socket-directory timescaledb-token-svqqf]: timed out waiting for the condition

What should I do ?

To get secret using kubectl you will have to create secret first.. Have you created the secrets.yaml template to manage password.? T — Rohit, Aug 07 '20 at 18:15
Well then please create it. Is this for production? If so I would not advise to have your secrets managed in values as anyone can access it. You can however manually create the secrets and again its only base64 encoded. There are production grade secret management system like Hashicorp vault you could think of using it down the line.. — Rohit, Aug 07 '20 at 18:25
Ok, I will try it on Monday . I should only put those 2 variables inside ? — Juliatzin, Aug 07 '20 at 18:43
Ok, I added a secret with those 2 vars, and now it is looking for timescaledb-certificate secret. I could do the same, but I have no clue what should be inside. Is there any docs I should follow ? — Juliatzin, Aug 10 '20 at 08:01
Ok, I followed the page: https://github.com/timescale/timescaledb-kubernetes/tree/master/charts/timescaledb-single and used ./generate_kustomization.sh my-release to generate files. I added the namespace in the kustomization.yaml, but it still asks me for the timescaledb-certificate secret. Don't understand well what's going on — Juliatzin, Aug 10 '20 at 08:22

score 7 · Accepted Answer · edited Jan 20 '21 at 06:29

I could do it. If the page https://github.com/timescale/timescaledb-kubernetes doesn't give much details about installation process, you can go here:

https://github.com/timescale/timescaledb-kubernetes/tree/master/charts/timescaledb-single

I had to use kustomize to generate content:

./generate_kustomization.sh my-release

and then it generate several files:

credentials.conf  kustomization.yaml  pgbackrest.conf  timescaledbMap.yaml  tls.crt  tls.key

then I did:

kubectl kustomize ./

which generated a k8s yml file, which I saved with the name timescaledbMap.yaml

Finally, I did:

kubectl apply -f timescaledbMap.yaml

Then it created all necesarry secrets, and I could install chart

. Hope it helps others.

A small typo, "timescaledbMap.yaml" will not be generated as part of ./generate_kustomization.sh my-release, which needs to be removed. — Ananth Ramasamy Meenachi, Jul 08 '21 at 20:02

Error installing TimescaleDB with K8S / Helm : MountVolume.SetUp failed for volume "certificate" : secret "timescaledb-certificate" not found

1 Answers1