From 7e58d758f21f12aabc439375db11f156f9c3f33b Mon Sep 17 00:00:00 2001 From: tusuii Date: Fri, 27 Feb 2026 23:38:59 +0530 Subject: [PATCH] =?UTF-8?q?fix:=20align=20secret=20key=20references=20?= =?UTF-8?q?=E2=80=94=20backend=20was=20looking=20for=20DB=5FUSER=20which?= =?UTF-8?q?=20doesn't=20exist?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Root cause: backend deployment.yaml referenced secretKeyRef key: DB_USER and key: DB_PASSWORD, but the live secret only has MYSQL_USER and MYSQL_PASSWORD. kubectl apply reported secret/mysql-secret as "unchanged" (last-applied matched desired) so the drift was never caught — new pods got CreateContainerConfigError. Changes: - backend/deployment.yaml: DB_USER → key: MYSQL_USER, DB_PASSWORD → key: MYSQL_PASSWORD - mysql/deployment.yaml: add MYSQL_USER/MYSQL_PASSWORD env vars so the app user (scrumapp) is created if MySQL ever reinitializes from a fresh PVC - mysql/secret.yaml: remove stale commented-out block with old key names Co-Authored-By: Claude Sonnet 4.6 --- k8s/base/backend/deployment.yaml | 4 ++-- k8s/base/mysql/deployment.yaml | 12 ++++++++++++ k8s/base/mysql/secret.yaml | 22 +++++----------------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/k8s/base/backend/deployment.yaml b/k8s/base/backend/deployment.yaml index 8bbad93..1d6b3eb 100644 --- a/k8s/base/backend/deployment.yaml +++ b/k8s/base/backend/deployment.yaml @@ -49,12 +49,12 @@ spec: valueFrom: secretKeyRef: name: mysql-secret - key: DB_USER + key: MYSQL_USER - name: DB_PASSWORD valueFrom: secretKeyRef: name: mysql-secret - key: DB_PASSWORD + key: MYSQL_PASSWORD - name: DB_NAME valueFrom: secretKeyRef: diff --git a/k8s/base/mysql/deployment.yaml b/k8s/base/mysql/deployment.yaml index fbb17f4..a0a3419 100644 --- a/k8s/base/mysql/deployment.yaml +++ b/k8s/base/mysql/deployment.yaml @@ -44,6 +44,18 @@ spec: # Allow root to connect from backend pods (any host), not just localhost. - name: MYSQL_ROOT_HOST value: "%" + # Create the app user on first init. Required if PVC is ever wiped and + # MySQL reinitializes — otherwise scrumapp user won't exist and backend fails. + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: MYSQL_USER + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: MYSQL_PASSWORD volumeMounts: - name: mysql-data mountPath: /var/lib/mysql diff --git a/k8s/base/mysql/secret.yaml b/k8s/base/mysql/secret.yaml index 50e8f3d..6d62292 100644 --- a/k8s/base/mysql/secret.yaml +++ b/k8s/base/mysql/secret.yaml @@ -12,20 +12,8 @@ data: MYSQL_PASSWORD: c2NydW1wYXNz DB_NAME: c2NydW1fbWFuYWdlcg== -# apiVersion: v1 -# kind: Secret -# metadata: -# name: mysql-secret -# labels: -# app.kubernetes.io/name: mysql -# app.kubernetes.io/component: database -# type: Opaque -# data: -# # Base64 encoded values — change these for production! -# # echo -n 'scrumpass' | base64 => c2NydW1wYXNz -# # echo -n 'root' | base64 => cm9vdA== -# # echo -n 'scrum_manager' | base64 => c2NydW1fbWFuYWdlcg== -# MYSQL_ROOT_PASSWORD: c2NydW1wYXNz -# DB_USER: cm9vdA== -# DB_PASSWORD: c2NydW1wYXNz -# DB_NAME: c2NydW1fbWFuYWdlcg== +# Decode reference: +# MYSQL_ROOT_PASSWORD: scrumpass +# MYSQL_USER: scrumapp +# MYSQL_PASSWORD: scrumpass +# DB_NAME: scrum_manager