Commit d1f4748
committed
fix(helm): expand CLICKHOUSE_PASSWORD in webapp CLICKHOUSE_URL via kubelet
When clickhouse.external.existingSecret is set, the chart rendered the
CLICKHOUSE_URL env var with a literal shell-style ${CLICKHOUSE_PASSWORD}
placeholder, expecting bash to expand it at container start. But
docker/scripts/entrypoint.sh hands the value straight to goose with a
single-pass sh expansion (export GOOSE_DBSTRING="$CLICKHOUSE_URL"), so
the inner ${...} reaches goose as literal text and breaks the
ClickHouse migration:
goose run: parse "http://default:${CLICKHOUSE_PASSWORD}@host:8123?secure=false":
net/url: invalid userinfo
Switch to Kubernetes' $(VAR) syntax in both clickhouse URL helpers.
Kubelet substitutes $(CLICKHOUSE_PASSWORD) at container-creation time
from the CLICKHOUSE_PASSWORD env var the chart already sets just before
CLICKHOUSE_URL, so the URL arrives at the entrypoint with the real
password already inlined — no entrypoint change needed, works for any
container image / shell.
The plain-password branch (no existingSecret) is unchanged.
Operator caveat: CLICKHOUSE_PASSWORD must be URL-userinfo-safe because
kubelet substitutes verbatim without percent-encoding. Hex-encoded
passwords (e.g. openssl rand -hex 32) are safe by construction.1 parent 41434b5 commit d1f4748
1 file changed
Lines changed: 18 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
400 | 400 | | |
401 | 401 | | |
402 | 402 | | |
| 403 | + | |
| 404 | + | |
| 405 | + | |
| 406 | + | |
| 407 | + | |
| 408 | + | |
| 409 | + | |
| 410 | + | |
| 411 | + | |
| 412 | + | |
| 413 | + | |
| 414 | + | |
| 415 | + | |
403 | 416 | | |
404 | 417 | | |
405 | 418 | | |
| |||
410 | 423 | | |
411 | 424 | | |
412 | 425 | | |
413 | | - | |
| 426 | + | |
414 | 427 | | |
415 | 428 | | |
416 | 429 | | |
| |||
419 | 432 | | |
420 | 433 | | |
421 | 434 | | |
| 435 | + | |
| 436 | + | |
| 437 | + | |
422 | 438 | | |
423 | 439 | | |
424 | 440 | | |
| |||
427 | 443 | | |
428 | 444 | | |
429 | 445 | | |
430 | | - | |
| 446 | + | |
431 | 447 | | |
432 | 448 | | |
433 | 449 | | |
| |||
0 commit comments