Title
#general
a

Alexandre Vinet

09/14/2022, 5:25 PM
Hi guys, I'm trying to use the helm chart for self-hosted API. I was able to use it by passing the --set postgresql.postgresqlPassword in the helm install command. My problem is when I'm trying to use an existing secret it log the following: Error: couldn't find key postgresql-postgres-password in Secret monitoring/infracost-secret Here's my secret manifest:
apiVersion: v1
kind: Secret
metadata:  
  name: infracost-secret
type: Opaque
data:
  infracost-api-key: 
  self-hosted-infracost-api-key: 
  postgresql-password:
am I missing something?
Alistair (Infracost)

Alistair (Infracost)

09/14/2022, 5:29 PM
Hi @Alexandre Vinet I think the bitnami postgresql chart that the helm chart uses needs both
postgresql-password
and
postgresql-postgres-password
(this one being the admin ‘postgres’ user password).
a

Alexandre Vinet

09/14/2022, 5:32 PM
Hi Alistair, thank you for your reply. I tried to add it also to my secret and instead of the error above I was getting an authentication error. I will dig more on that then. Thank you and if you have an idea please let me know.
Alistair (Infracost)

Alistair (Infracost)

09/14/2022, 5:35 PM
Is it an error connecting to postgresql or an error connecting to the cloud pricing API?
5:36 PM
We have a guide here for checking the connection between infracost CLI and the API https://www.infracost.io/docs/cloud_pricing_api/self_hosted/#troubleshooting
a

Alexandre Vinet

09/14/2022, 5:38 PM
When checking the logs for the cloud-pricing-api pod (not the init job nor the postgresql) I got this: {"level":50,"time":1663177026230,"pid":18,"hostname":"cloud-pricing-api-64444cc95b-cv4f7","msg":"Could not connect to database: error: password authentication failed for user "cloudpricingapi""}
5:44 PM
Since the api pod is not starting at all because it failed to connect to postgresql I can troubleshoot as describe in your previous message. The health is showing this:
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx/1.17.8</center>
</body>
</html>
Alistair (Infracost)

Alistair (Infracost)

09/14/2022, 5:44 PM
hmm does the yaml of the cloud-pricing-api pod show it pulling the expected key for the password from the expected secret?
a

Alexandre Vinet

09/14/2022, 5:44 PM
Let me check
5:47 PM
It seems yes:
- name: POSTGRES_PASSWORD
      valueFrom:
        secretKeyRef:
          key: postgresql-password
          name: infracost-secret
Alistair (Infracost)

Alistair (Infracost)

09/14/2022, 5:49 PM
You could try running a psql client in a pod and seeing if the DB’s username and password are set up correctly. Something like this:
kubectl run postgresql-client --rm --tty -i --restart='Never' --image bitnami/postgresql /bin/bash

psql -h <host> -U <user>
a

Alexandre Vinet

09/14/2022, 5:54 PM
I will try that. If I look at the yaml of the postgresql pod it seems checking for the good key
- name: POSTGRES_POSTGRES_PASSWORD
      valueFrom:
        secretKeyRef:
          key: postgresql-postgres-password
          name: infracost-secret
    - name: POSTGRES_USER
      value: cloudpricingapi
    - name: POSTGRES_PASSWORD
      valueFrom:
        secretKeyRef:
          key: postgresql-password
          name: infracost-secret
5:54 PM
I'm wondering if it has something to do with the base64 encoding.
6:01 PM
If I'm using your command above I can connect using the password define in the secret.
Alistair (Infracost)

Alistair (Infracost)

09/14/2022, 6:02 PM
Ok that's odd, how did you generate the secret?
a

Alexandre Vinet

09/14/2022, 6:04 PM
I apply the secret in k8s with the kubectl apply -f command. The password in it have been encoded on my mac with: echo ********** | base64. I can decode it using the base64 --decode
Alistair (Infracost)

Alistair (Infracost)

09/14/2022, 6:07 PM
Okay, yeah it's probably a base64 issue, adding a new line to the end. Maybe
echo -n
would work
6:07 PM
But you might also need
base64 -w 0
a

Alexandre Vinet

09/14/2022, 6:08 PM
Not sure what those parameter do, but I'll try!
6:12 PM
It worked! Now I have issue with api key but I guess it's for the same reason!
6:22 PM
I was not able to retreive the key with the suggested command:
export INFRACOST_API_KEY=$(kubectl get secret --namespace monitoring cloud-pricing-api --template="{{ index .data \"self-hosted-infracost-api-key\" }}" | base64 -d)
error: error executing template "{{ index .data \"self-hosted-infracost-api-key\" }}": template: output:1:3: executing "output" at <index .data "self-hosted-infracost-api-key">: error calling index: index of untyped nil
base64: invalid input
And using base64 -D I got this:
base64: invalid option -- 'D'
Try 'base64 --help' for more information
I had to replace -D by -d.
6:23 PM
I know the api key so I exported it my self and it worked.
Alistair (Infracost)

Alistair (Infracost)

09/14/2022, 6:59 PM
Awesome, I'll check those commands in the troubleshooting. Is that it all working now?
a

Alexandre Vinet

09/14/2022, 6:59 PM
Yes, thank you very much!