Known Issues

Issue 1: KubeBlocks creates enormous number of secrets

Problem Description

KubeBlocks keeps creating an enormous number of secrets for each cluster and never stops. You may see the following information in KubeBlocks logs:

INFO reconcile object *v1.ServiceAccount with action UPDATE OK

Affected Version

KubeBlocks v1.0.0 with Kubernetes versions ≤ 1.24

Root Cause

Before Kubernetes version 1.24, Kubernetes automatically generated Secret-based tokens for ServiceAccounts, as documented in Kubernetes Service Account Tokens.

Solution

Upgrade KubeBlocks to v1.0.1-beta.3 or later.

Issue 2: PostgreSQL fails to start with special characters in password

Problem Description

PostgreSQL may fail to start when the password contains certain special characters. By checking POD logs:


File "/usr/lib/python3/dist-packages/yaml/scanner.py", line 116, in check_token
    self.fetch_more_tokens()
  File "/usr/lib/python3/dist-packages/yaml/scanner.py", line 231, in fetch_more_tokens
    return self.fetch_anchor()
  File "/usr/lib/python3/dist-packages/yaml/scanner.py", line 621, in fetch_anchor
    self.tokens.append(self.scan_anchor(AnchorToken))
  File "/usr/lib/python3/dist-packages/yaml/scanner.py", line 929, in scan_anchor
    raise ScannerError("while scanning an %s" % name, start_mark,
yaml.scanner.ScannerError: while scanning an anchor
  in "<unicode string>", line 45, column 17:
          password: &amp;JgE#F5x&amp;eNwis*2dW!7&amp ...
                    ^

Affected Version

KubeBlocks v0.9.4 and before
KubeBlocks v1.0.0

Solution

Upgrade KubeBlocks to v1.0.1-beta.6 or v0.9.5-beta.4 or later.

To fix this, you can explicitly set the list of symbols allowed in password generation policy.


apiVersion: apps.kubeblocks.io/v1
kind: Cluster
metadata:
spec:
  componentSpecs:
    - name: postgresql
      systemAccounts:
        - name: postgres
          passwordConfig:
            length: 20           # Password length: 20 characters
            numDigits: 4         # At least 4 digits
            numSymbols: 2        # At least 2 symbols
            letterCase: MixedCases # Uppercase and lowercase letters
            symbolCharacters: '!' # set the allowed symbols when generating password
# other fields in the Cluster manifest are omitted for brevity

How to report a bug

To report a bug, you may

create an issue in the KubeBlocks GitHub repository.
[optional] provide the zip file generated by kbcli report command:


kbcli report cluster <clusterName>  --with-logs --mask # pack cluster manifest, version, and logs
kbcli report kubeblocks --with-logs --mask # pack kubeblocks logs

where clusterName is the name of the cluster you are reporting the bug for, and --mask will mask sensitive info for secrets and ConfigMap.

Known Issues

Issue 1: KubeBlocks creates enormous number of secrets

Problem Description

KubeBlocks keeps creating an enormous number of secrets for each cluster and never stops. You may see the following information in KubeBlocks logs:

INFO reconcile object *v1.ServiceAccount with action UPDATE OK

Affected Version

KubeBlocks v1.0.0 with Kubernetes versions ≤ 1.24

Root Cause

Before Kubernetes version 1.24, Kubernetes automatically generated Secret-based tokens for ServiceAccounts, as documented in Kubernetes Service Account Tokens.

Solution

Upgrade KubeBlocks to v1.0.1-beta.3 or later.

Issue 2: PostgreSQL fails to start with special characters in password

Problem Description

PostgreSQL may fail to start when the password contains certain special characters. By checking POD logs:


File "/usr/lib/python3/dist-packages/yaml/scanner.py", line 116, in check_token
    self.fetch_more_tokens()
  File "/usr/lib/python3/dist-packages/yaml/scanner.py", line 231, in fetch_more_tokens
    return self.fetch_anchor()
  File "/usr/lib/python3/dist-packages/yaml/scanner.py", line 621, in fetch_anchor
    self.tokens.append(self.scan_anchor(AnchorToken))
  File "/usr/lib/python3/dist-packages/yaml/scanner.py", line 929, in scan_anchor
    raise ScannerError("while scanning an %s" % name, start_mark,
yaml.scanner.ScannerError: while scanning an anchor
  in "<unicode string>", line 45, column 17:
          password: &amp;JgE#F5x&amp;eNwis*2dW!7&amp ...
                    ^

Affected Version

KubeBlocks v0.9.4 and before
KubeBlocks v1.0.0

Solution

Upgrade KubeBlocks to v1.0.1-beta.6 or v0.9.5-beta.4 or later.

To fix this, you can explicitly set the list of symbols allowed in password generation policy.


apiVersion: apps.kubeblocks.io/v1
kind: Cluster
metadata:
spec:
  componentSpecs:
    - name: postgresql
      systemAccounts:
        - name: postgres
          passwordConfig:
            length: 20           # Password length: 20 characters
            numDigits: 4         # At least 4 digits
            numSymbols: 2        # At least 2 symbols
            letterCase: MixedCases # Uppercase and lowercase letters
            symbolCharacters: '!' # set the allowed symbols when generating password
# other fields in the Cluster manifest are omitted for brevity

How to report a bug

To report a bug, you may

create an issue in the KubeBlocks GitHub repository.
[optional] provide the zip file generated by kbcli report command:


kbcli report cluster <clusterName>  --with-logs --mask # pack cluster manifest, version, and logs
kbcli report kubeblocks --with-logs --mask # pack kubeblocks logs

where clusterName is the name of the cluster you are reporting the bug for, and --mask will mask sensitive info for secrets and ConfigMap.