Agent pod crashes with "agent could not auth: please provide an auth token"

[RealYHD]

Hi, the problem as as the title states. The Helm chart version is 1.5.0, the latest as of this moment.

The agent pod crashes. Upon inspecting the the logs of the agent pod state:

{"level":"info","time":"2024-07-18T17:33:24Z","message":"log level: info"}
{"level":"info","time":"2024-07-18T17:33:24Z","message":"no agent config found at '/etc/woodpecker/agent.conf', start with defaults"}
{"level":"fatal","error":"rpc error: code = Unknown desc = agent could not auth: please provide a token","time":"2024-07-18T17:33:24Z","message":"error running agent"}

It looks like the secret isn't being loaded.

The following is my Helm for the agent section of values.yml:

agent:
  enabled: true
  env:
    WOODPECKER_BACKEND_K8S_NAMESPACE: [...]
    WOODPECKER_BACKEND_K8S_STORAGE_CLASS: "standard"
  persistence:
    storageClass: "standard"
    size: "10Gi"
  replicaCount: 1

Looking at the environment variable section of kubectl describeing the agent:

    Environment Variables from:
      woodpecker-secret  Secret  Optional: false
    Environment:
      WOODPECKER_BACKEND:                      kubernetes
      WOODPECKER_BACKEND_K8S_NAMESPACE:        [...]
      WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS:
      WOODPECKER_BACKEND_K8S_POD_LABELS:
      WOODPECKER_BACKEND_K8S_STORAGE_CLASS:    standard
      WOODPECKER_BACKEND_K8S_STORAGE_RWX:      true
      WOODPECKER_BACKEND_K8S_VOLUME_SIZE:      10G
      WOODPECKER_CONNECT_RETRY_COUNT:          1

I believe there should be a WOODPECKER_AGENT_SECRET environment variable, but I don't see one.

I may be configuring something incorrectly. Any help would be greatly appreciated.

[pat-s]

You need to set WOODPECKER_AGENT_SECRET. See the documentation.

I believe there should be a WOODPECKER_AGENT_SECRET environment variable, but I don't see one.

? You can set arbitrary env vars in the env section.

[RealYHD]

? You can set arbitrary env vars in the env section.

That is exactly what I've done and it works. However, I assumed that such a process was automatic given that a secret store is created automatically, #144 seem to indicate this was intentional, and the default value for agent.extraSecretNamesForEnvFrom and server.extraSecretNamesForEnvFrom both include woodpecker-secret by default (which I had not overwritten).

Furthermore, the Kubernetes documentation makes no mention of needing to define these environment variables myself either in the readme.

is this intentional behavior? Otherwise, the chart works fine. I found this confusing since I knew the WOODPECKER_AGENT_SECRET was needed by the agent and server, but assumed that this chart took care of it, due to it both generating a secret, seeming to load it, and the lack of mentioning that it must be manually configured. Admittedly I am not a master at K8s or helm charts. Thanks.