px-backup chart installation fails with error couldn't find key OIDC_CLIENT_SECRET in Secret px-backup/pxc-backup-secret

[andreswebs]

Is this a BUG REPORT or FEATURE REQUEST?:

BUG REPORT

What happened:

When installing the chart with generated values from PX-Central, the pxcentral-frontend and pxcentral-backend pods fail with the error: CreateContainerConfigError

The pod description shows the error message:

 Error: couldn't find key OIDC_CLIENT_SECRET in Secret px-backup/pxc-backup-secret

What you expected to happen:

Chart deploys normally with the provided values.

How to reproduce it (as minimally and precisely as possible):

Install the chart with the generated values-px-backup.yaml from PX-Central, with the command:

helm install px-backup portworx/px-backup --namespace px-backup --create-namespace --version 1.2.3 -f values-px-backup.yaml

Anything else we need to know?:

Environment:

• Container Orchestrator and version: EKS 1.19
• Cloud provider or hardware configuration: AWS

[geoff-carr-bzy]

same issue with 2.0.1, any ideas?

[javierescu]

check all your pods, pv and pvcs because my install was attemping to use a wrong pvc name from helm values used. Check the keycloak are running and ok, review your storageClassName on values.yaml and maybe you need to remove the old pvc if they were wrong pointing to a missing storageclass

[willemm]

Same issue on a completely fresh install. Also there is no way that this could have anything to do whatsoever with pvs or pvcs, because it's simply a deployment referencing an environment variable from a secret.

Basically, this:

helm/charts/px-central/templates/px-lighthouse/px-central-ui/pxcentral-ui.yaml

Line 190 in 1aaa823

- name: OIDC_CLIENT_SECRET

Is referencing this secret:

https://github.com/portworx/helm/blob/master/charts/px-central/templates/px-lighthouse/px-central-ui/pxcentral-oidc.yaml

Which does not contain the referenced key.

I have to conclude that this chart is just broken, dead on arrival, and apparently nobody has been using it for the last three years (or they manually added the oidc_client_secret to fix the issue or something)

[javierescu]

Hello, I have seen the same error and was due to several problems like:
PVC pending due portworx license expired
Secrets and/or PV not updated or deleted after helm delete
A problem with name resolution on a worker node.
You can check the logs of post installation jobs, it seems they are needed to end successfully to create that secret
At the end, we installed successfully the pxcentral helm chart with license server

[willemm]

I think the issue we are having is that the helm chart for px-central just does not support using an external keycloak, even though it sais it does in the readme.

For example, this just is hardcoded and assumes the chart installs keycloak:

helm/charts/px-central/templates/px-lighthouse/px-central-ui/pxcentral-ui.yaml

Line 31 in 04eac24

server pxcentral-keycloak-http:80;

Which just completely breaks if you set oidc.centralOIDC.enabled to false as documented in the readme.

[denizcantufekci]

same issue with helm v3.14.3, any ideas?