[I] Grafana Admin Credentials Sourcing from PVC Instead of Secret [incubator-devlake-helm-chart]

Tue, 05 Aug 2025 03:36:38 -0700 


caatclaudia opened a new issue, #343:
URL: https://github.com/apache/incubator-devlake-helm-chart/issues/343

   **Description**:
   
   We are using DevLake's Helm chart to deploy Grafana in our Kubernetes 
cluster. However, despite configuring Grafana to use a pre-existing Kubernetes 
secret for the admin credentials, it appears that Grafana is still sourcing the 
admin credentials from the PVC. This is causing login issues where the password 
from the PVC is used instead of the password stored in the secret.
   
   **Steps to Reproduce**:
   Deployment Configuration: We have the following configuration in values.yaml:
   
   
   ```
   persistence:
     type: pvc
     enabled: false
     # storageClassName: default
     accessModes:
       - ReadWriteOnce
     size: 10Gi
     # annotations: {}
     finalizers:
       - kubernetes.io/pvc-protection
   
     
   admin:
     existingSecret: "devlake-grafana-secret"
     userKey: admin-user
     passwordKey: admin-password
   ```
   
   **Secret Creation**: We have already created the secret 
(devlake-grafana-secret) with the following credentials:
   
   ```
   kubectl create secret generic devlake-grafana-secret \
     --from-literal=admin-user="admin" \
     --from-literal=admin-password="yourStrongPassword"
   ```
   
   **Deployment**: We then deploy or upgrade the Helm chart using the following 
command:
   
   `helm upgrade --install devlake-grafana grafana/grafana -f values.yaml`
   Login Attempt: After deployment, when we try to log in to Grafana using the 
admin user and the password (yourStrongPassword), we are unable to authenticate.
   
   **Expected Behavior:**
   - Use the admin credentials from the Kubernetes secret 
(devlake-grafana-secret) as configured in the values.yaml.
   - Not use the credentials from the PVC, which are incorrect or outdated.
   
   **Actual Behavior:**
   Despite correctly configuring the secret in the values.yaml file, Grafana 
seems to be sourcing the admin credentials from the PVC, causing a failed login 
with the password stored in the PVC instead of the password defined in the 
secret.
   I mentioned that it's using the PVC values because the PVC wasn’t deleted. 
The password currently working is the one that was set during the initial 
installation.
   
   **Impact:**
   Inability to login with the expected admin credentials (from the secret).
   We are unable to authenticate as the admin user using the correct 
credentials.
   
   
   **Environment:**
   DevLake Version: 1.0.3-beta1
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to