KubeBlocks
BlogsKubeBlocks Cloud

Getting Started

Introduction
Supported addons
Installation

Concepts and Features

Concepts

Backup and Restore

Introduction

Backup

Configure BackupRepo
Configure BackupPolicy
Scheduled backup
On-demand backup

Restore

Restore from backup set
Point-in-Time Recovery

In Place Update

Introduction
Enable in-place update

Instance Template

Introduction
Apply instance template

Trouble Shooting

FAQs
Known Issues

References

API Reference

Cluster
Operations
Parameters
Dataprotection
Add-On
Terminology
Install Addons
Install kbcli
Snapshot Controller
Create a test Kubernetes cluster
Kubernetes and Operator 101
KubeBlocks Options and Roles
Install MinIO

Upgrade KubeBlocks

Upgrade to v0.8
Upgrade to v0.9.0
Upgrade to v0.9.x

Release Notes

Release v1.0

v1.0.0-cn
v1.0.0

Release v0.9

v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
  1. Issue 1: KubeBlocks creates enormous number of secrets
    1. Problem Description
    2. Affected Version
    3. Root Cause
    4. Solution
  2. Issue 2: PostgreSQL fails to start with special characters in password
    1. Problem Description
    2. Affected Version
    3. Solution
  3. How to report a bug

Known Issues

Issue 1: KubeBlocks creates enormous number of secrets

Problem Description

KubeBlocks keeps creating an enormous number of secrets for each cluster and never stops. You may see the following information in KubeBlocks logs:

INFO reconcile object *v1.ServiceAccount with action UPDATE OK

Affected Version

  • KubeBlocks v1.0.0 with Kubernetes versions ≤ 1.24

Root Cause

Before Kubernetes version 1.24, Kubernetes automatically generated Secret-based tokens for ServiceAccounts, as documented in Kubernetes Service Account Tokens.

Solution

Upgrade KubeBlocks to v1.0.1-beta.3 or later.

Issue 2: PostgreSQL fails to start with special characters in password

Problem Description

PostgreSQL may fail to start when the password contains certain special characters. By checking POD logs:

File "/usr/lib/python3/dist-packages/yaml/scanner.py", line 116, in check_token
    self.fetch_more_tokens()
  File "/usr/lib/python3/dist-packages/yaml/scanner.py", line 231, in fetch_more_tokens
    return self.fetch_anchor()
  File "/usr/lib/python3/dist-packages/yaml/scanner.py", line 621, in fetch_anchor
    self.tokens.append(self.scan_anchor(AnchorToken))
  File "/usr/lib/python3/dist-packages/yaml/scanner.py", line 929, in scan_anchor
    raise ScannerError("while scanning an %s" % name, start_mark,
yaml.scanner.ScannerError: while scanning an anchor
  in "<unicode string>", line 45, column 17:
          password: &amp;JgE#F5x&amp;eNwis*2dW!7&amp ...
                    ^

Affected Version

  • KubeBlocks v0.9.4 and before
  • KubeBlocks v1.0.0

Solution

Upgrade KubeBlocks to v1.0.1-beta.6 or v0.9.5-beta.4 or later.

To fix this, you can explicitly set the list of symbols allowed in password generation policy.

apiVersion: apps.kubeblocks.io/v1
kind: Cluster
metadata:
spec:
  componentSpecs:
    - name: postgresql
      systemAccounts:
        - name: postgres
          passwordConfig:
            length: 20           # Password length: 20 characters
            numDigits: 4         # At least 4 digits
            numSymbols: 2        # At least 2 symbols
            letterCase: MixedCases # Uppercase and lowercase letters
            symbolCharacters: '!' # set the allowed symbols when generating password
# other fields in the Cluster manifest are omitted for brevity

How to report a bug

To report a bug, you may

  1. create an issue in the KubeBlocks GitHub repository.
  2. [optional] provide the zip file generated by kbcli report command:
kbcli report cluster <clusterName>  --with-logs --mask # pack cluster manifest, version, and logs
kbcli report kubeblocks --with-logs --mask # pack kubeblocks logs

where clusterName is the name of the cluster you are reporting the bug for, and --mask will mask sensitive info for secrets and ConfigMap.

© 2025 ApeCloud PTE. Ltd.