Handling TFE_DATABASE_PASSWORD in Terraform Enterprise FDO Installation

Avatar
Ramit Bansal
  • Updated

Problem:

During the installation of the Terraform Enterprise (TFE) application via the Helm chart, customers may encounter the following error:

terraform-enterprise: check failed: name=database duration=1m30.000969102s err="timeout: context deadline exceeded"

This error occurs despite a successful database connection.


Cause:

A common cause for this error is the use ofTFE_DATABASE_PASSWORDin Base64 format within the Kubernetes secret block, as illustrated below:

env: variables: TFE_DATABASE_USER: "postgres" TFE_DATABASE_HOST: "fdo-database.c9hjxr8ftm2j.ap-south-1.rds.amazonaws.com:5432" TFE_DATABASE_NAME: "ks_fdo_db" TFE_DATABASE_PARAMETERS: "sslmode=disable" secrets: TFE_DATABASE_PASSWORD: "<base64 encoded>"

Solutions:

  1. Using Pre-Created Kubernetes Secrets:
    If you are creating the Kubernetes secret beforehand, ensure that TFE_DATABASE_PASSWORD is Base64 encoded. The configuration should look like this:
    env: TFE_PASSWORD: secretKeyRef: name: your-precreated-secret key: TFE_PASSWORD
  2. Directly Passing Sensitive Data:
    If you are directly passing sensitive data into the Helm chart configuration using a secrets construct, you can provide the password in plain text within the Helm values file. In this case, Helm will automatically convert it into a Kubernetes secret during installation, and Base64 encoding is not required.
    secrets: TFE_DATABASE_PASSWORD: "<plain text>"

Additional Information

Articles in this section

See more

Related articles