Add missing envs for external pg db

[anisurrahman75]

Testing Instructions:

1. Install NooBaa with an externally managed PostgreSQL DB
2. noobaa install --postgres-url=''

Summary by CodeRabbit

• New Features

  • Adds a configurable POSTGRES connection-string environment variable for core and endpoint; it is populated only when an external PostgreSQL secret is provided.

• Bug Fixes / Chores

  • Removes a hard-coded DB host so DB settings can be supplied dynamically.
  • Deployment manifests and packaging updated to reflect the new environment handling.
  • .gitignore updated to ignore IDE config files.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds a new POSTGRES_CONNECTION_STRING_PATH env var to internal deployment and statefulset manifests, removes the hard-coded POSTGRES_HOST value in the statefulset, updates embedded manifests' SHA256s, conditions setting of the env var in runtime only when ExternalPgSecret is present, and appends .idea/ to .gitignore. (≤50 words)

Changes

Cohort / File(s)	Summary
K8s internal manifests deploy/internal/deployment-endpoint.yaml	Added POSTGRES_CONNECTION_STRING_PATH to the endpoint container env list (inserted after POSTGRES_PORT_PATH) — entry has no value/valueFrom (empty env var).
K8s internal manifests deploy/internal/statefulset-core.yaml	Added POSTGRES_CONNECTION_STRING_PATH to the CORE container env (after POSTGRES_PORT_PATH) and removed the hard-coded POSTGRES_HOST value.
Embedded manifests / bundle pkg/bundle/deploy.go	Updated embedded YAML content and SHA256 constants for deploy/internal/deployment-endpoint.yaml and deploy/internal/statefulset-core.yaml.
Runtime behavior pkg/system/phase2_creating.go	setDesiredCoreEnv now sets POSTGRES_CONNECTION_STRING_PATH = postgresSecretMountPath + "/db_url" only when r.NooBaa.Spec.ExternalPgSecret != nil; otherwise the env var is left unset.
Repo ignore rules .gitignore	Appended .idea/ to ignore patterns.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Reconciler
  participant setDesiredCoreEnv
  participant NooBaaSpec

  Reconciler->>setDesiredCoreEnv: request CORE env setup
  setDesiredCoreEnv->>NooBaaSpec: check ExternalPgSecret
  alt ExternalPgSecret present
    note right of setDesiredCoreEnv `#D6EAF8`: assign DB URL path to POSTGRES_CONNECTION_STRING_PATH
    setDesiredCoreEnv-->>Reconciler: env includes POSTGRES_CONNECTION_STRING_PATH="/etc/postgres-secret/db_url"
  else ExternalPgSecret absent
    note right of setDesiredCoreEnv `#FDEBD0`: do not set POSTGRES_CONNECTION_STRING_PATH
    setDesiredCoreEnv-->>Reconciler: env omits POSTGRES_CONNECTION_STRING_PATH
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Review focus:
  • Verify correctness and placement of the new env entries in both YAML manifests.
  • Confirm SHA256 updates in pkg/bundle/deploy.go match the embedded file content.
  • Validate setDesiredCoreEnv conditional logic for ExternalPgSecret and any downstream consumers expecting the env var.

Possibly related PRs

• add POSTGRES_HOST_RO to core host if using cnpg cluster #1725 — Also modifies core container environment and how POSTGRES-related env vars are set; likely touches the same manifest/env handling code.

Suggested reviewers

• dannyzaken

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete. It only includes testing instructions but omits the required 'Explain the changes' and 'Issues' sections.	Add 'Explain the changes' section describing the environment variable additions and 'Issues' section referencing any related issue numbers.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: adding missing environment variables for external PostgreSQL database support.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b4851d8 and 43cbff2.

📒 Files selected for processing (5)

• .gitignore (1 hunks)
• deploy/internal/deployment-endpoint.yaml (1 hunks)
• deploy/internal/statefulset-core.yaml (1 hunks)
• pkg/bundle/deploy.go (4 hunks)
• pkg/system/phase2_creating.go (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• .gitignore
• deploy/internal/statefulset-core.yaml
• pkg/system/phase2_creating.go

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-07-02T04:34:47.006Z

Learnt from: naveenpaul1
Repo: noobaa/noobaa-operator PR: 1607
File: pkg/bundle/deploy.go:0-0
Timestamp: 2025-07-02T04:34:47.006Z
Learning: Default values for `METRICS_AUTH_ENABLED` and `VERSION_AUTH_ENABLED` are set up under `noobaa-config` in the NooBaa operator.

Applied to files:

• pkg/bundle/deploy.go

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: CodeQL analysis (go)
• GitHub Check: Agent

🔇 Additional comments (4)

deploy/internal/deployment-endpoint.yaml (2)

136-136: Verify corresponding changes in statefulset-core.yaml.

The enriched summary indicates that POSTGRES_CONNECTION_STRING_PATH was also added to the core statefulset. Confirm that both endpoint and core deployments have consistent environment variable declarations and that the operator code (phase2_creating.go) properly injects values in both cases when ExternalPgSecret is present.

---

136-136: Verify that endpoint code safely handles empty POSTGRES_CONNECTION_STRING_PATH.

The environment variable is declared with no value (line 136), making it an empty string at runtime. Per the PR context, consuming code using fs.readFileSync() was failing when this path is undefined. Ensure the endpoint container code either:

• Doesn't read this environment variable, or
• Has a safe fallback for empty/missing values (e.g., try_read_file_sync())

pkg/bundle/deploy.go (2)

4129-4266: Endpoint deployment: POSTGRES_CONNECTION_STRING_PATH wiring looks correct; please verify runtime population

The added POSTGRES_CONNECTION_STRING_PATH entry in the endpoint deployment env list is consistent with the existing POSTGRES_*_PATH pattern and with the core statefulset changes. From the static bundle side this looks fine.

Please double‑check that:

• The operator code actually populates POSTGRES_CONNECTION_STRING_PATH for the endpoint pod when ExternalPgSecret is set, and leaves it unset otherwise.
• Core/endpoint code that reads this env var safely handles it being absent (or empty) so we don’t regress the CI crash that happened when the path was undefined.

---

5297-5432: Core statefulset: new POSTGRES_CONNECTION_STRING_PATH is fine; confirm POSTGRES_HOST behavior

Adding POSTGRES_CONNECTION_STRING_PATH alongside the other POSTGRES_*_PATH envs in the core statefulset is consistent and looks good from the bundle perspective.

However, POSTGRES_HOST now appears without a hard‑coded value in this manifest, so correctness depends entirely on the operator logic that mutates these envs at runtime. Please verify that:

• For the managed/internal Postgres case, the operator still sets POSTGRES_HOST (or equivalent) so core can reach the DB.
• For the external connection-string case, you no longer rely on POSTGRES_HOST and only use the connection string/path, matching the intended design.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

pkg/bundle/deploy.go (1)

4115-4121: Missing runtime consumption for POSTGRES_CONNECTION_STRING_PATH

I’ve verified that the operator now injects POSTGRES_CONNECTION_STRING_PATH consistently in:

• pkg/system/phase2_creating.go (case “POSTGRES_CONNECTION_STRING_PATH” → sets …/db_url)
• pkg/bundle/deploy.go (both endpoint and core specs)
• deploy/internal/statefulset-core.yaml
• deploy/internal/deployment-endpoint.yaml

However, a repository‐wide grep for any runtime references to POSTGRES_CONNECTION_STRING_PATH (e.g. via os.Getenv, os.LookupEnv, ioutil.ReadFile, or similar) returned no hits. This means the container won’t actually read the connection-string file path you’re mounting.

Please add (or confirm existing) code in the endpoint/core service to:

• Read os.Getenv("POSTGRES_CONNECTION_STRING_PATH") (or equivalent) at startup
• Load the file at that path (e.g. ioutil.ReadFile)
• Use its contents as the Postgres connection string

Without this, the new env var is declared but never consumed at runtime.

🧹 Nitpick comments (2)

deploy/internal/statefulset-core.yaml (1)

129-134: Optional: keep env ordering consistent with the embedded bundle to reduce noisy diffs

Here it’s placed after POSTGRES_PORT_PATH. AI summary indicates deploy.go may place it after POSTGRES_DBNAME_PATH. Functionally equivalent, but inconsistent ordering can cause churn in generated bundles and tests.

Use the script above to compare the relative order in pkg/bundle/deploy.go and align if they differ.

deploy/internal/deployment-endpoint.yaml (1)

120-137: Optional: add an e2e check for external PG via connection string path

Given the PR objective (“Add missing envs for external pg db”), consider adding/adjusting an e2e test that:

• Mounts a Secret containing a connection string file,
• Sets POSTGRES_CONNECTION_STRING_PATH to that file path,
• Verifies successful startup and DB connectivity.

I can sketch the test plan or a small harness to validate this path-based configuration in CI.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 2f4a6b4 and 393aed7.

📒 Files selected for processing (3)

• deploy/internal/deployment-endpoint.yaml (1 hunks)
• deploy/internal/statefulset-core.yaml (1 hunks)
• pkg/bundle/deploy.go (2 hunks)

🔇 Additional comments (2)

deploy/internal/deployment-endpoint.yaml (1)

129-129: Confirmed: POSTGRES_CONNECTION_STRING_PATH is in sync
The POSTGRES_CONNECTION_STRING_PATH entry appears at line 129 in deploy/internal/deployment-endpoint.yaml and is also present at line 4119 in the embedded bundle within pkg/bundle/deploy.go. No further updates are needed here—bundle and manifest are aligned.

pkg/bundle/deploy.go (1)

5229-5234: Verification of POSTGRES_CONNECTION_STRING_PATH usage in manifests

The rg output confirms that both statefulset-core.yaml and deployment-endpoint.yaml include the new POSTGRES_CONNECTION_STRING_PATH entry alongside the other POSTGRES_*_PATH variables. No other manifests under deploy/ contain this pattern, so parity is maintained across embedded manifests.

Next steps:

• Confirm that the application code (or operator) actually reads POSTGRES_CONNECTION_STRING_PATH, loads the file it points to, and falls back appropriately to POSTGRES_CONNECTION_STRING if the path variant is unset.
• If the code does not support this fallback, update it or ensure the operator always sets exactly one of the two variables.

Please verify the wiring in the core service’s configuration loader to ensure end-to-end support of the path-based override.

[nimrod-becker]

@alphaprinz @jackyalbo Please review

[jackyalbo]

LGTM, @dannyzaken was this just something we missed?

[jackyalbo]

@anisurrahman75 Can you run make gen and make gen-api and attach the changes to this PR as it doesn't pass the testes currently

[liranmauda]

@anisurrahman75 Can you run make gen and make gen-api and attach the changes to this PR as it doesn't pass the testes currently

Also, make lint and rebase

[liranmauda]

@anisurrahman75 could you squash the commits?

[anisurrahman75]

@liranmauda brother, I've rebased with the latest changes. Can you merge this PR?

[liranmauda]

The tests are failing. Need to figure out why
@achouhan09 could you take a look?

[aayushchouhan09]

Hi
The issue is with the Noobaa core code handling of the POSTGRES_CONNECTION_STRING_PATH parameter. Currently, we are reading it directly using the fs.readFileSync() function, which throws an exception if the parameter is undefined. As a result, the NooBaa core pod keeps crashing which is failing the CI jobs.
We need to handle it the same way we do for other parameters, by reading it with the fs_utils.try_read_file_sync() function, which provides better exception handling.
cc @liranmauda

[dannyzaken]

@anisurrahman75, I mistakenly approved before.
It is correct to add POSTGRES_CONNECTION_STRING_PATH into the core and endpoint yamls.
In addition, here, we are also missing checking if we are using an external PG before setting a value for that env.

		if r.NooBaa.Spec.ExternalPgSecret != nil {
			c.Env[j].Value = postgresSecretMountPath + "/db_url"
		}

[aayushchouhan09]

Hi The issue is with the Noobaa core code handling of the POSTGRES_CONNECTION_STRING_PATH parameter. Currently, we are reading it directly using the fs.readFileSync() function, which throws an exception if the parameter is undefined. As a result, the NooBaa core pod keeps crashing which is failing the CI jobs. We need to handle it the same way we do for other parameters, by reading it with the fs_utils.try_read_file_sync() function, which provides better exception handling. cc @liranmauda

Please ignore this comment. Thanks!

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

pkg/system/phase2_creating.go (1)

557-563: Remove POSTGRES_CONNECTION_STRING_PATH from the endpoint manifest
Drop the POSTGRES_CONNECTION_STRING_PATH env var entry from deploy/internal/deployment-endpoint.yaml (around line 130); the endpoint doesn’t need DB connectivity by default. Only inject this variable when ExternalPgSecret is set—mirroring the handling in statefulset-core.yaml.

pkg/bundle/deploy.go (2)

4099-4115: Add missing POSTGRES_CONNECTION_STRING_PATH to endpoint env.

The PR goal mentions adding POSTGRES_CONNECTION_STRING_PATH, but the noobaa-endpoint Deployment still lacks this placeholder. Without it, downstream logic that expects this key (or tooling that checks for parity across POSTGRES_*_PATH vars) will miss it.

Apply this diff right after POSTGRES_PORT_PATH:

             - name: POSTGRES_HOST_PATH
             - name: POSTGRES_USER_PATH
             - name: POSTGRES_PASSWORD_PATH
             - name: POSTGRES_DBNAME_PATH
             - name: POSTGRES_PORT_PATH
+            - name: POSTGRES_CONNECTION_STRING_PATH

---

5217-5225: Add missing POSTGRES_CONNECTION_STRING_PATH to core env.

Same gap exists in the noobaa-core StatefulSet. Add the placeholder so the operator can populate it when ExternalPgSecret is present.

             - name: POSTGRES_HOST_PATH
             - name: POSTGRES_USER_PATH
             - name: POSTGRES_PASSWORD_PATH
             - name: POSTGRES_DBNAME_PATH
             - name: POSTGRES_PORT_PATH
+            - name: POSTGRES_CONNECTION_STRING_PATH

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 6a76bb7 and 550e6ad.

📒 Files selected for processing (5)

• .gitignore (1 hunks)
• deploy/internal/deployment-endpoint.yaml (1 hunks)
• deploy/internal/statefulset-core.yaml (1 hunks)
• pkg/bundle/deploy.go (4 hunks)
• pkg/system/phase2_creating.go (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• .gitignore

🚧 Files skipped from review as they are similar to previous changes (2)

• deploy/internal/deployment-endpoint.yaml
• deploy/internal/statefulset-core.yaml

🔇 Additional comments (3)

pkg/bundle/deploy.go (3)

3984-4165: Confirm endpoint actually needs the connection string path.

If only core consumes POSTGRES_CONNECTION_STRING_PATH, keep the endpoint manifest lean and drop it there; otherwise, ensure the operator also populates it for endpoints.

---

3982-3984: Regenerate bundle SHAs after YAML edits
Makefile targets weren’t found in this environment; manually run make gen && make gen-api locally and commit the updated Sha256_* constants so CI integrity checks pass.

---

5091-5296: Operator correctly guards POSTGRES_CONNECTION_STRING_PATH assignment

setDesiredCoreEnv only injects POSTGRES_CONNECTION_STRING_PATH when ExternalPgSecret is non-nil; please verify the core code path uses a safe file-read (e.g. fs_utils.try_read_file_sync) so an empty or missing path won’t crash the pod.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

pkg/system/phase2_creating.go (2)

516-525: Also remove the variable entirely after the loop

Filter c.Env to eliminate POSTGRES_CONNECTION_STRING_PATH unless ExternalPgSecret is in use. This guarantees the var is not visible to core when using the internal DB or CNPG.

   }
 
+  // Drop POSTGRES_CONNECTION_STRING_PATH entirely unless an external PG secret is in use.
+  if r.NooBaa.Spec.ExternalPgSecret == nil {
+    filtered := make([]corev1.EnvVar, 0, len(c.Env))
+    for _, e := range c.Env {
+      if e.Name != "POSTGRES_CONNECTION_STRING_PATH" {
+        filtered = append(filtered, e)
+      }
+    }
+    c.Env = filtered
+  }
+
   if r.NooBaa.Spec.BucketNotifications.Enabled {

Run to verify no empty POSTGRES_CONNECTION_STRING_PATH remains in rendered specs:

#!/bin/bash
# Check operator code and embedded manifests for unconditional uses
rg -nP "POSTGRES_CONNECTION_STRING_PATH|POSTGRES_PORT_PATH|POSTGRES_\\w+_PATH" -C2 deploy pkg | sed -n '1,200p'

---

490-492: Prevent core crash: drop POSTGRES_CONNECTION_STRING_PATH when ExternalPgSecret is not set

Leaving this env var present (empty or pointing to a non-mounted path) makes core read it and crash (fs.readFileSync on empty/missing path). Set it only when ExternalPgSecret is provided; otherwise clear it here and remove it after the loop (next comment).

Apply this diff:

 case "POSTGRES_CONNECTION_STRING_PATH":
-            if r.NooBaa.Spec.ExternalPgSecret != nil {
-                c.Env[j].Value = postgresSecretMountPath + "/db_url"
-            }
+            if r.NooBaa.Spec.ExternalPgSecret != nil {
+                c.Env[j].Value = postgresSecretMountPath + "/db_url"
+            } else {
+                // ensure no accidental reads by core
+                c.Env[j].Value = ""
+                c.Env[j].ValueFrom = nil
+            }

🧹 Nitpick comments (1)

pkg/system/phase2_creating.go (1)

479-489: Gate the other POSTGRES_*_PATH envs to secret-mounted cases (defensive)

Optional hardening: only set file-path envs when CNPG or ExternalPgSecret is used; otherwise clear them to avoid accidental file reads from non-existent mounts.

-    case "POSTGRES_DBNAME_PATH":
-      c.Env[j].Value = postgresSecretMountPath + "/dbname"
+    case "POSTGRES_DBNAME_PATH":
+      if r.shouldReconcileCNPGCluster() || r.NooBaa.Spec.ExternalPgSecret != nil {
+        c.Env[j].Value = postgresSecretMountPath + "/dbname"
+      } else {
+        c.Env[j].Value = ""
+        c.Env[j].ValueFrom = nil
+      }
-    case "POSTGRES_PASSWORD_PATH":
-      c.Env[j].Value = postgresSecretMountPath + "/password"
+    case "POSTGRES_PASSWORD_PATH":
+      if r.shouldReconcileCNPGCluster() || r.NooBaa.Spec.ExternalPgSecret != nil {
+        c.Env[j].Value = postgresSecretMountPath + "/password"
+      } else {
+        c.Env[j].Value = ""
+        c.Env[j].ValueFrom = nil
+      }
-    case "POSTGRES_PORT_PATH":
-      c.Env[j].Value = postgresSecretMountPath + "/port"
+    case "POSTGRES_PORT_PATH":
+      if r.shouldReconcileCNPGCluster() || r.NooBaa.Spec.ExternalPgSecret != nil {
+        c.Env[j].Value = postgresSecretMountPath + "/port"
+      } else {
+        c.Env[j].Value = ""
+        c.Env[j].ValueFrom = nil
+      }
-    case "POSTGRES_USER_PATH":
-      c.Env[j].Value = postgresSecretMountPath + "/username"
+    case "POSTGRES_USER_PATH":
+      if r.shouldReconcileCNPGCluster() || r.NooBaa.Spec.ExternalPgSecret != nil {
+        c.Env[j].Value = postgresSecretMountPath + "/username"
+      } else {
+        c.Env[j].Value = ""
+        c.Env[j].ValueFrom = nil
+      }
-    case "POSTGRES_HOST_PATH":
-      c.Env[j].Value = postgresSecretMountPath + "/host"
+    case "POSTGRES_HOST_PATH":
+      if r.shouldReconcileCNPGCluster() || r.NooBaa.Spec.ExternalPgSecret != nil {
+        c.Env[j].Value = postgresSecretMountPath + "/host"
+      } else {
+        c.Env[j].Value = ""
+        c.Env[j].ValueFrom = nil
+      }

Also applies to: 481-486

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 550e6ad and 3e15da0.

📒 Files selected for processing (5)

• .gitignore (1 hunks)
• deploy/internal/deployment-endpoint.yaml (1 hunks)
• deploy/internal/statefulset-core.yaml (1 hunks)
• pkg/bundle/deploy.go (4 hunks)
• pkg/system/phase2_creating.go (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (4)

• .gitignore
• deploy/internal/statefulset-core.yaml
• deploy/internal/deployment-endpoint.yaml
• pkg/bundle/deploy.go

🧰 Additional context used

🧬 Code graph analysis (1)

pkg/system/phase2_creating.go (1)

pkg/apis/noobaa/v1alpha1/noobaa_types.go (1)

• NooBaa (40-55)

🔇 Additional comments (1)

pkg/system/phase2_creating.go (1)

557-562: Add conditional removal of POSTGRES_CONNECTION_STRING_PATH for endpoint container

POSTGRES_CONNECTION_STRING_PATH is embedded unconditionally in both statefulset-core.yaml and deployment-endpoint.yaml. Confirm that r.setDesiredCoreEnv(c) strips this var when ExternalPgSecret is disabled—and implement equivalent stripping in the endpoint creation path (e.g. via a setDesiredEndpointEnv call).

[anisurrahman75]

https://github.com/noobaa/noobaa-operator/blob/master/pkg/bundle/deploy.go#L5213

- name: POSTGRES_HOST
  value: "noobaa-db-pg-0.noobaa-db-pg"

@dannyzaken, I guess, we've to keep this field empty.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

pkg/bundle/deploy.go (2)

3982-4166: Add POSTGRES_CONNECTION_STRING_PATH to endpoint envs looks correct; verify population logic.

The new POSTGRES_CONNECTION_STRING_PATH entry aligns with supporting an external PG connection string. Please verify:

• The operator populates this env var for the endpoint pod whenever ExternalPgSecret is present (same as for core), and leaves it unset otherwise.
• E2E: with an external PG Secret, endpoint pod spec contains POSTGRES_CONNECTION_STRING_PATH with the expected value.

If both connection string and discrete POSTGRES_* vars can be set, prefer one source of truth and log a warning when both are present.

---

5092-5300: Core StatefulSet: connection-string path added; ensure safe read and internal-DB defaults remain intact.

Good addition of POSTGRES_CONNECTION_STRING_PATH. Two verifications to avoid regressions:

• Core read path: NooBaa core previously used fs.readFileSync() on POSTGRES_CONNECTION_STRING_PATH and could throw when undefined. Confirm the core now guards this (e.g., try_read_file_sync) or only reads it when the env var is set; otherwise, pods without ExternalPgSecret may still crash.
• Internal DB flow: POSTGRES_HOST hard-coded value was removed. Ensure the operator still sets POSTGRES_HOST (and other POSTGRES_* envs) for the managed/internal DB case so core continues to boot without an external secret.

Optionally, add a sanity check: when POSTGRES_CONNECTION_STRING_PATH is set, ignore discrete POSTGRES_* envs and emit a clear log to avoid ambiguity.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 706506e and b4851d8.

📒 Files selected for processing (5)

• .gitignore (1 hunks)
• deploy/internal/deployment-endpoint.yaml (1 hunks)
• deploy/internal/statefulset-core.yaml (1 hunks)
• pkg/bundle/deploy.go (4 hunks)
• pkg/system/phase2_creating.go (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (4)

• .gitignore
• pkg/system/phase2_creating.go
• deploy/internal/deployment-endpoint.yaml
• deploy/internal/statefulset-core.yaml

[dannyzaken]

https://github.com/noobaa/noobaa-operator/blob/master/pkg/bundle/deploy.go#L5213

- name: POSTGRES_HOST
  value: "noobaa-db-pg-0.noobaa-db-pg"

@dannyzaken, I guess, we've to keep this field empty.

yes. for external DB we only use the connection string

[Skiepp]

I can confirm the related issue is a blocker for a clean installation with an external database

Thanks for your work, hopefully will be merged soon 👍

[liranmauda]

@dannyzaken @aayushchouhan09 @anisurrahman75 Anything here that we are pending on?
Should we close this one?

[anisurrahman75]

@dannyzaken @aayushchouhan09 @anisurrahman75 Anything here that we are pending on? Should we close this one?

For External PostgreSQL, I guess this PR is needed. @dannyzaken brother

[Copilot]

Pull request overview

This PR adds support for external PostgreSQL databases by introducing the missing POSTGRES_CONNECTION_STRING_PATH environment variable for both core and endpoint pods. The key changes ensure that when an external PostgreSQL secret is provided (ExternalPgSecret), the appropriate environment variable is set to point to the connection string file.

Key Changes:

• Conditionalizes POSTGRES_CONNECTION_STRING_PATH environment variable to only be set when using external PostgreSQL
• Removes hard-coded POSTGRES_HOST default value to allow dynamic configuration
• Updates both core statefulset and endpoint deployment manifests
• Adds .idea/ to .gitignore for IDE support

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
pkg/system/phase2_creating.go	Conditionalizes POSTGRES_CONNECTION_STRING_PATH environment variable based on ExternalPgSecret
deploy/internal/statefulset-core.yaml	Removes hard-coded POSTGRES_HOST value and adds POSTGRES_CONNECTION_STRING_PATH env var
deploy/internal/deployment-endpoint.yaml	Adds POSTGRES_CONNECTION_STRING_PATH environment variable
pkg/bundle/deploy.go	Updates bundled deployment manifests with new SHA256 checksums and environment variables
.gitignore	Adds .idea/ directory for IDE support

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.