`helm upgrade` fails with a redis password problem

Trying to update the values of a sentry helm deployment results in

File "/usr/local/lib/python2.7/site-packages/sentry/buffer/redis.py", line 71, in validate
raise InvalidConfiguration(six.text_type(e))
sentry.exceptions.InvalidConfiguration: invalid password

in several pods. This is not using an external redis, i.e. the redis was deployed as part of sentry.

Yeah I came across this the other day. It’s a bug with how some helm charts regenerate the secret containing the password on an upgrade - see this thread for more details.

So basically every time you do a helm upgrade with the stable chart, you’ll need to have made a note of the existing value in the sentry-redis secret before the upgrade so you can edit the secret to put it back afterwards.

Obviously if you aren’t aware of this, and now need to find a way to get the original password, you can follow these steps (from a comment in the same thread):

  • Exec into the running Redis container kubectl exec -ti sentry-redis-XXX bash
  • Find the old password grep requirepass /opt/bitnami/redis/etc/redis.conf
  • Update your secret to use that password (restart services as needed)

It’s worth noting that this issue is now fixed upstream in the redis chart, but the stable sentry chart is not using it yet

Hey thanks for the quick response on this one. I figured something like this was happening but I was looking for a reason in the sentry chart, not the redis chart… we haven’t observed this behavior in any of our deployments, but I see now we’re using a pretty old redis v3.7.2… ignorance is bliss?

Thanks again!