fix: align secret key references — backend was looking for DB_USER which doesn't exist

Root cause: backend deployment.yaml referenced secretKeyRef key: DB_USER and key: DB_PASSWORD, but the live secret only has MYSQL_USER and MYSQL_PASSWORD. kubectl apply reported secret/mysql-secret as "unchanged" (last-applied matched desired) so the drift was never caught — new pods got CreateContainerConfigError. Changes: - backend/deployment.yaml: DB_USER → key: MYSQL_USER, DB_PASSWORD → key: MYSQL_PASSWORD - mysql/deployment.yaml: add MYSQL_USER/MYSQL_PASSWORD env vars so the app user (scrumapp) is created if MySQL ever reinitializes from a fresh PVC - mysql/secret.yaml: remove stale commented-out block with old key names Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-27 23:38:59 +05:30
parent bd9a952399
commit 7e58d758f2
3 changed files with 19 additions and 19 deletions
--- a/k8s/base/backend/deployment.yaml
+++ b/k8s/base/backend/deployment.yaml
@@ -49,12 +49,12 @@ spec:
              valueFrom:
                secretKeyRef:
                  name: mysql-secret
-                  key: DB_USER
+                  key: MYSQL_USER
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: mysql-secret
-                  key: DB_PASSWORD
+                  key: MYSQL_PASSWORD
            - name: DB_NAME
              valueFrom:
                secretKeyRef:
--- a/k8s/base/mysql/deployment.yaml
+++ b/k8s/base/mysql/deployment.yaml
@@ -44,6 +44,18 @@ spec:
            # Allow root to connect from backend pods (any host), not just localhost.
            - name: MYSQL_ROOT_HOST
              value: "%"
+            # Create the app user on first init. Required if PVC is ever wiped and
+            # MySQL reinitializes — otherwise scrumapp user won't exist and backend fails.
+            - name: MYSQL_USER
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-secret
+                  key: MYSQL_USER
+            - name: MYSQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-secret
+                  key: MYSQL_PASSWORD
          volumeMounts:
            - name: mysql-data
              mountPath: /var/lib/mysql
--- a/k8s/base/mysql/secret.yaml
+++ b/k8s/base/mysql/secret.yaml
@@ -12,20 +12,8 @@ data:
  MYSQL_PASSWORD: c2NydW1wYXNz
  DB_NAME: c2NydW1fbWFuYWdlcg==

-# apiVersion: v1
-# kind: Secret
-# metadata:
-#   name: mysql-secret
-#   labels:
-#     app.kubernetes.io/name: mysql
-#     app.kubernetes.io/component: database
-# type: Opaque
-# data:
-#   # Base64 encoded values — change these for production!
-#   # echo -n 'scrumpass' | base64 => c2NydW1wYXNz
-#   # echo -n 'root' | base64 => cm9vdA==
-#   # echo -n 'scrum_manager' | base64 => c2NydW1fbWFuYWdlcg==
-#   MYSQL_ROOT_PASSWORD: c2NydW1wYXNz
-#   DB_USER: cm9vdA==
-#   DB_PASSWORD: c2NydW1wYXNz
-#   DB_NAME: c2NydW1fbWFuYWdlcg==
+# Decode reference:
+#   MYSQL_ROOT_PASSWORD: scrumpass
+#   MYSQL_USER:          scrumapp
+#   MYSQL_PASSWORD:      scrumpass
+#   DB_NAME:             scrum_manager