Failed to update status: status.roles.reader: Required value, status.roles.writer: Required value #34
Description
Description
I wanted to add a new DB and user to setup Zitadel in my cluster and was a little perplexed when I ran into this:
{
"level": "error",
"ts": "2025-08-22T02:56:40Z",
"msg": "unable to update status",
"controller": "postgresqldatabase",
"controllerKind": "PostgresqlDatabase",
"controllerGroup": "postgresql.easymile.com",
"Request.Namespace": "auth-system",
"Request.Name": "zitadel-db",
"error": "PostgresqlDatabase.postgresql.easymile.com \"zitadel-db\" is invalid: [status.roles.reader: Required value, status.roles.writer: Required value]",
"stacktrace": "github.com/easymile/postgresql-operator/internal/controller/postgresql.(*PostgresqlDatabaseReconciler).manageError\n\t/workspace/internal/controller/postgresql/postgresqldatabase_controller.go:898\ngithub.com/easymile/postgresql-operator/internal/controller/postgresql.(*PostgresqlDatabaseReconciler).Reconcile\n\t/workspace/internal/controller/postgresql/postgresqldatabase_controller.go:124\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:118\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:314\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226"
}I made sure the Helm chart was updated (went from 1.8.0 to 1.8.2) and then let it work for a bit but the error returned. So I restarted the entire node, but the error persists.
Expected Behavior
I expected to create a new database and user and save all the credentials in a secret:
apiVersion: postgresql.easymile.com/v1alpha1
kind: PostgresqlDatabase
metadata:
name: zitadel-db
namespace: auth-system
spec:
engineConfiguration:
name: default-cluster-instance
namespace: postgres
database: zitadel
masterRole: "zitadel-role"
dropOnDelete: true
waitLinkedResourcesDeletion: true
---
apiVersion: postgresql.easymile.com/v1alpha1
kind: PostgresqlUserRole
metadata:
name: zitadel-db-user
namespace: auth-system
spec:
mode: MANAGED
rolePrefix: "zitadel"
userPasswordRotationDuration: 720h
privileges:
- privilege: OWNER
database:
name: zitadel-db
generatedSecretName: zitadel-db-credsActual Behavior
Instead, the above error now keeps showing up during each reconcile.
Environment
- Kubernetes version: 1.33.3
- Project Version/Tag: Chart version 1.8.2, container is thus 3.4.2
Steps to reproduce
I created my cluster like this using CNPG:
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: default-cluster
namespace: postgres
spec:
instances: 1
enableSuperuserAccess: true
storage:
storageClass: "nfs-bunker"
size: 10Gi
walStorage:
storageClass: "local-path"
size: 5Gi...and then bound the operator to it:
apiVersion: postgresql.easymile.com/v1alpha1
kind: PostgresqlEngineConfiguration
metadata:
name: default-cluster-instance
namespace: postgres
spec:
host: default-cluster-rw.postgres.svc.kube.birb.it
secretName: default-cluster-superuser
checkInterval: 30s
waitLinkedResourcesDeletion: trueand have since just been adding users. However, I have had one WAL crash (because the entire node imploded from an update gone wrong) and haven't added any new users or databases in quite a while. I also made sure the CRDs were up to date as well.
Have I missed something perhaps...?
Thank you and kind regards,
Ingwie