Users not being created

Description:

When I create a cluster using operator image docker.io/percona/percona-postgresql-operator:2.5.0 and the example cluster configuration from percona-postgresql-operator/deploy/cr.yaml at b1a4a9dec1779643f1144622a418caa22c340b92 · percona/percona-postgresql-operator · GitHub
The users do not get created

Steps to Reproduce:

  1. Operator installed by helm via flux:
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: percona-postgres-operator
  namespace: flux-system
spec:
  chart:
    spec:
      chart: pg-operator
      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
        name: percona
        namespace: flux-system
      version: '*'
  interval: 1h0m0s
  releaseName: postgres-operator
  targetNamespace: postgres
  install:
    crds: Create
    createNamespace: true
  upgrade:
    crds: CreateReplace
  values:
    logLevel: "DEBUG"
  1. Download cluster defintion and uncomment users section
vi cr.yaml```

3. Apply the cluster definition:
```kubectl -n postgres apply -f cr.yaml```

4. Check for rhino secret
k8sadmin@image-builder:~$ kubectl -n postgres get secret
NAME                            TYPE     DATA   AGE
aws-pgbackrest-secret           Opaque   1      17m
cluster1-cluster-ca-cert        Opaque   2      2m6s
cluster1-cluster-cert           Opaque   3      8m52s
cluster1-instance1-b2wm-certs   Opaque   6      8m52s
cluster1-instance1-ps6c-certs   Opaque   6      8m52s
cluster1-instance1-wkh6-certs   Opaque   6      8m52s
cluster1-pgbackrest             Opaque   5      8m51s
cluster1-pgbouncer              Opaque   6      8m51s
cluster1-pguser-cluster1        Opaque   12     8m52s
cluster1-replication-cert       Opaque   3      8m52s
rhino-credentials               Opaque   12     2m5s

6. Check for presence of database zoo and user rhino

kp exec -it cluster1-instance1-b2wm-0 – psql
Defaulted container “database” out of: database, replication-cert-copy, pgbackrest, pgbackrest-config, postgres-startup (init), nss-wrapper-init (init)
psql (16.6 - Percona Distribution)
Type “help” for help.

postgres=# \l
List of databases
Name | Owner | Encoding | Locale Provider | Collate | Ctype | ICU Locale | ICU Rules | Access privileges
-----------±---------±---------±----------------±------------±------------±-----------±----------±----------------------
postgres | postgres | UTF8 | libc | en_US.utf-8 | en_US.utf-8 | | |
template0 | postgres | UTF8 | libc | en_US.utf-8 | en_US.utf-8 | | | =c/postgres +
| | | | | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | libc | en_US.utf-8 | en_US.utf-8 | | | =c/postgres +
| | | | | | | | postgres=CTc/postgres
(3 rows)

postgres=# \du
List of roles
Role name | Attributes
--------------±-----------------------------------------------------------
_crunchyrepl | Replication
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS

postgres=#

## Version:
[Insert the version number of the software]

## Logs:
[If applicable, include any relevant log files or error messages]

## Expected Result:
[What the user expected to see or happen before the issue occurred]
I would have expected to see the user and database present in postgres
## Actual Result:
[What actually happened when the user encountered the issue]
User and database not present in postgres
## Additional Information:
[Include any additional information that could be helpful to diagnose the issue, such as browser or device information]

Hello @Mark_Kamsika ,

I can’t reproduce it. Here is what I did:

  1. helm repo update - to ensure the latest version
  2. helm install my-operator percona/pg-operator - installing the operator
  3. git clone -b v2.5.0 https://github.com/percona/percona-postgresql-operator to take version 2.5.0 branch from github
  4. Edit cr.yaml uncommenting the users section (I uncommented everything just in case, so it looks like this):
  users:
    - name: rhino
      databases:
        - zoo
      options: "SUPERUSER"
      password:
        type: ASCII
      secretName: "rhino-credentials"
  1. kubectl apply -f deploy/cr.yaml - create the cluster

Now to I’m checking it the same way you do by execing into the container:

postgres=# \l
                                                       List of databases
   Name    |  Owner   | Encoding | Locale Provider |   Collate   |    Ctype    | ICU Locale | ICU Rules |   Access privileges   
-----------+----------+----------+-----------------+-------------+-------------+------------+-----------+-----------------------
 postgres  | postgres | UTF8     | libc            | en_US.utf-8 | en_US.utf-8 |            |           | 
 template0 | postgres | UTF8     | libc            | en_US.utf-8 | en_US.utf-8 |            |           | =c/postgres          +
           |          |          |                 |             |             |            |           | postgres=CTc/postgres
 template1 | postgres | UTF8     | libc            | en_US.utf-8 | en_US.utf-8 |            |           | =c/postgres          +
           |          |          |                 |             |             |            |           | postgres=CTc/postgres
 zoo       | postgres | UTF8     | libc            | en_US.utf-8 | en_US.utf-8 |            |           | =Tc/postgres         +
           |          |          |                 |             |             |            |           | postgres=CTc/postgres+
           |          |          |                 |             |             |            |           | rhino=CTc/postgres
(4 rows)

and du:

postgres=# \du
                                 List of roles
     Role name     |                         Attributes                         
-------------------+------------------------------------------------------------
 _crunchypgbouncer | 
 _crunchyrepl      | Replication
 postgres          | Superuser, Create role, Create DB, Replication, Bypass RLS
 rhino             | Superuser

Are there any steps that you feel you did differently?

Hello folks,

I’m hitting the same issues described above, and I couldn’t find a better issue where to comment it. In my case, pgbouncer is not working because it can’t login to the replicas:

psql: error: connection to server at "localhost" (::1), port 5432 failed: FATAL:  password authentication failed for user "_crunchypgbouncer"

This is the error I got when trying to connect to the pgbouncer service using port forward.

After a deeper look I found out that the users are not being created. I left the same user as in the example (and the same as you used) and they’re not created:

sh-5.1$ psql
psql (16.6 - Percona Distribution)
Type "help" for help.

postgres=# \du
                               List of roles
  Role name   |                         Attributes                         
--------------+------------------------------------------------------------
 _crunchyrepl | Replication
 postgres     | Superuser, Create role, Create DB, Replication, Bypass RLS

postgres=# \l
                                                       List of databases
   Name    |  Owner   | Encoding | Locale Provider |   Collate   |    Ctype    | ICU Locale | ICU Rules |   Access privileges   
-----------+----------+----------+-----------------+-------------+-------------+------------+-----------+-----------------------
 postgres  | postgres | UTF8     | libc            | en_US.utf-8 | en_US.utf-8 |            |           | 
 template0 | postgres | UTF8     | libc            | en_US.utf-8 | en_US.utf-8 |            |           | =c/postgres          +
           |          |          |                 |             |             |            |           | postgres=CTc/postgres
 template1 | postgres | UTF8     | libc            | en_US.utf-8 | en_US.utf-8 |            |           | =c/postgres          +
           |          |          |                 |             |             |            |           | postgres=CTc/postgres
(3 rows)

Check that (at least) both _crunchypgbouncer and rhino are missing.

Attached is the terraform file I used to provision the database, it’s 99% what’s on the example.

12-percona-postgresql-database.tf.txt (2.8 KB)

Thanks in advance!

Update.

Using the cr.yaml from the latest release it worked, so the problem is the cr.yaml currently in main (it has some other problems like it points to psql 17 but the helm chart doesn’t accept values higher than 16, I assumed that was the only thing).

This file worked, so far: https://raw.githubusercontent.com/percona/percona-postgresql-operator/35d61aa5aebd27ccb05d94deee45bbf2ab360866/deploy/cr.yaml