Question: How to run without the database (disable Audit)?

[RainbowMango]

I'd like to deploy CLOWarden without provisioning a database and only use the GitHub management features.

From values.yaml setting postgresql.enabled: false disables the Bitnami PostgreSQL subchart. However, the templates still require a DB connection:

• server_secret.yaml always renders db: and defaults host to the internal Postgres service unless overridden.
• dbmigrator_secret.yaml always renders tern.conf.
• dbmigrator_job.yaml always creates the migrator Job.
• server_deployment.yaml always includes the check-db-ready init container (pg_isready).

Background
I'm trying to deploy CLOWarden in a production environment after the verification on a test environment. With the same configuration, the postgresql pod failed to start:

$ kubectl get pods -n rainbowsbot-clowarden
NAME                                 READY   STATUS             RESTARTS        AGE
dbmigrator-install-8q7l5             0/1     Init:0/1           0               45m
rainbowsbot-clowarden-postgresql-0   0/1     CrashLoopBackOff   13 (4m7s ago)   45m
server-656567f865-l2669              0/1     Init:0/2           0               45m

$ kubectl logs rainbowsbot-clowarden-postgresql-0 -n rainbowsbot-clowarden --previous
mkdir: cannot create directory ‘/bitnami/postgresql/data’: Permission denied

I'm still investigating this, but at the same time, I'm not sure I really need this database as GitHub commit history already provides a sufficient audit trail (who/when/what), while adding a database introduces extra operational burden (provisioning, backups, upgrades, migrations, HA) that isn’t needed for our use case.

[RainbowMango]

PS:
I've fixed the problem that PostgreSQL failed to create the directory. The reason is that I'm currently using a hostpath volume which requires the path in the host owned by user group 1001, which is the default user group of PostgreSQL:

runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001

[RainbowMango]

@RobertKielty @tegioz Karmada project has now started using CLOWarden to manage the GitHub teams. The first PR is here.

Great thanks to both of you for the kind and professional support. Maybe I can send a few more issues or PRs to help make CLOWarden better.

[RobertKielty]

That's great news, well done! The "lion's share" of the thanks should of course go to @tegioz and @cynthia-sg but always feel free to route any support requests and feedback through the Service Desk.

This way, you keep the CNCF Projects Team in the loop and if we can support you in a first line capacity that frees up @tegioz and @cynthia-sg to focus on development work.

Thanks for letting us know, I'm always delighted to see CLOWarden implemented it's a great tool.

[tegioz]

Hi @RainbowMango 👋

Awesome, we're glad you got it working! 🎉

Regarding the database requirement, it is not possible to opt out of it at the moment.

Please note that, even though the commit history provides an audit trail, there will be cases when CLOWarden will apply changes during periodic synchronizations, and those won't be linked to any commit or pull request. This usually will happen when certain changes are applied from the GitHub UI directly, bypassing CLOWarden. As soon as it realizes the current state does not match the one defined in the configuration, it'll undo those changes. The CLOWarden audit UI can also be handy to inspect errors in periodic reconciliations.

If you don't really care much about the data in that database, you can always treat it as ephemeral and skip the backup, ha, etc, parts, simplifying its maintenance. Disabling it from the chart is helpful when you want to run your database instance out of Kubernetes.