Skip to content

fix: remove hardcoded postgres.host from prod/preprod helmreleases#3333

Open
yodem wants to merge 1 commit into
masterfrom
fix/postgres-host-to-secret
Open

fix: remove hardcoded postgres.host from prod/preprod helmreleases#3333
yodem wants to merge 1 commit into
masterfrom
fix/postgres-host-to-secret

Conversation

@yodem

@yodem yodem commented May 25, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Summary

  • Removes hardcoded postgres.host from prod and preprod HelmRelease values
  • Both environments will now source DATABASES_HOST from the local-settings-secrets-production secret
  • The chart template already has the fallback: os.getenv("DATABASES_HOST") when postgres.host is unset (local-settings-file.yaml:90)

Prerequisite: infrastructure secret update

DO NOT MERGE until the infrastructure secret is updated and Flux-reconciled.

The current DATABASES_HOST in local-settings-secrets-production is stale — it points to prod1-pgbouncer.default.svc (from the pre-migration setup). It must be updated to postgres-18 before this PR lands.

How it works

The chart template at helm-chart/sefaria/templates/configmap/local-settings-file.yaml:90:

'HOST': {{ if .Values.postgres.host }}'{{ .Values.postgres.host }}'{{ else }}os.getenv("DATABASES_HOST"){{ end }},

When postgres.host is not set in values, Django reads DATABASES_HOST from the environment (injected from the secret via envFrom).

Test plan

  • Infrastructure secret updated: DATABASES_HOSTpostgres-18
  • Flux reconciliation applied the secret to the cluster
  • Verify prod pods start correctly after this PR merges
  • Verify preprod pods start correctly
  • Confirm postgres connection is to postgres-18 (check Django logs or admin)
  • Verify postgres backup cronjob still works (uses its own hardcoded DATABASES_HOST: "postgres")

@yodem @claude
fix: remove hardcoded postgres.host from prod/preprod helmreleases
90d5b4d 
Production and preprod now source DATABASES_HOST from the
local-settings-secrets-production secret instead of hardcoding
the postgres host in the HelmRelease values.

The chart template already has the fallback:
  os.getenv("DATABASES_HOST") when postgres.host is unset.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@gitvelocity-reviewer

gitvelocity-reviewer Bot commented May 25, 2026

Copy link
Copy Markdown

📊 Code Quality Score: 2/100

15 (base) × 0.1 (Nano ESF) = 1.5, rounded to 2

Category Score Factors
🔭 Scope 3/20 2 infra config files, same deletion pattern, single subsystem (database config)
🏗️ Architecture 2/20 Removes explicit host override, shifts dependency to chart default; minor but meaningful dependency change
⚙️ Implementation 1/20 Pure YAML deletion, no logic, no algorithms
⚠️ Risk 8/20 Production database connectivity affected; both preprod and prod changed in same PR reducing staged validation; no rollback plan documented; postgres host resolution change could cause outage if chart default differs
✅ Quality 1/15 No PR description explaining rationale; no validation plan; no documentation of chart default value being relied upon
🔒 Perf / Security 0/5 No performance or security considerations addressed

Scored by GitVelocity · How are scores calculated?

@yodem yodem requested a review from BrendanGalloway May 25, 2026 12:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BrendanGalloway BrendanGalloway Awaiting requested review from BrendanGalloway

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yodem