Problem
When installing Terraform Enterprise using the official Helm chart, the installation may fail with a database connection timeout error, even if the database is accessible.
terraform-enterprise: check failed: name=database duration=1m30.000969102s err="timeout: context deadline exceeded"
Cause
This error can occur due to incorrect formatting of the TFE_DATABASE_PASSWORD value within the Helm chart configuration. The required format depends on whether you are using a pre-created Kubernetes secret or passing the password directly into the Helm values.
An incorrect configuration may look like this, where a Base64 encoded password is provided directly in the secrets block.
env:
variables:
TFE_DATABASE_USER: "postgres"
TFE_DATABASE_HOST: "fdo-database.c9hjxr8ftm2j.ap-south-1.rds.amazonaws.com:5432"
TFE_DATABASE_NAME: "ks_fdo_db"
TFE_DATABASE_PARAMETERS: "sslmode=disable"
secrets:
TFE_DATABASE_PASSWORD: "YOUR_BASE64_ENCODED_PASSWORD"Solutions
There are two primary methods to correctly configure the database password.
Solution 1: Use a Pre-Created Kubernetes Secret
If you manage Kubernetes secrets separately, you must provide the database password as a Base64 encoded value within the secret. Then, reference this secret and key in your Helm chart configuration.
- Create a Kubernetes secret with the Base64 encoded password.
-
Reference the secret in your Helm values file using
secretKeyRef. This example assumes you have a secret namedyour-precreated-secretwith a key namedTFE_PASSWORD.env: TFE_PASSWORD: secretKeyRef: name: your-precreated-secret key: TFE_PASSWORD
Solution 2: Pass the Plaintext Password Directly to Helm
If you pass sensitive data directly into the Helm chart configuration using the secrets block, you must provide the password in plaintext. The Helm chart will automatically handle the creation of the Kubernetes secret and the Base64 encoding during installation.
Update your Helm values file to provide the plaintext password.
secrets: TFE_DATABASE_PASSWORD: "YOUR_PLAINTEXT_PASSWORD"