Activation job pods do not receive database credentials when using external PostgreSQL with Event Streams #313
Description
It seems that when using Event Streams with an external PostgreSQL database, activation job pods fail because they do not receive database credentials. The eda-server-activation-worker deployment has the database environment variables correctly configured, but the activation-job-* pods it spawns do not inherit these credentials.
Environment
- EDA Operator version:
quay.io/ansible/eda-server-operator:0.0.1 - Kubernetes: Azure AKS
- Database: Azure Database for PostgreSQL Flexible Server (external, configured via
database.database_secret)
Error
The pg_listener source plugin in activation jobs fails with:
psycopg.OperationalError: [Errno -2] Name or service not known
Full error details
The activation was edited at 2026-01-27T01:18:50.051898Z
Creating Job
Log tracking id: 8f1d9303-890b-4bb4-9670-678172190380
Image URL is quay.io/ansible/ansible-rulebook:v1.2.0
Container args ['--worker', '--websocket-ssl-verify', 'False', '--websocket-url', 'ws://eda-server-daphne:8001/api/eda/ws/ansible-rulebook', '--websocket-access-token', '******', '--websocket-refresh-token', '******', '--websocket-token-url', 'http://eda-server-api:8000/api/eda/v1/auth/token/refresh/', '--id', '491', '--heartbeat', '300']
Job activation-job-39-491 is running
<run_path> - ERROR - PG Listen operational error
Traceback (most recent call last):
File "/app/.ansible/collections/ansible_collections/ansible/eda/extensions/eda/plugins/event_source/pg_listener.py", line 141, in main
async with await AsyncConnection.connect(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.local/lib/python3.11/site-packages/psycopg/connection_async.py", line 118, in connect
attempts = await conninfo_attempts_async(params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/.local/lib/python3.11/site-packages/psycopg/_conninfo_attempts_async.py", line 51, in conninfo_attempts_async
raise e.OperationalError(str(last_exc))
psycopg.OperationalError: [Errno -2] Name or service not known
ansible_rulebook.engine - ERROR - Source error: OperationalError: Source plugin failed with error message: '[Errno -2] Name or service not known'
ansible_rulebook.engine - ERROR - Shutting down source: ansible.eda.pg_listener
ansible_rulebook.app - ERROR - OperationalError: [Errno -2] Name or service not known
ansible_rulebook.app - ERROR - /app/.local/lib/python3.11/site-packages/psycopg/_conninfo_attempts_async.py:51 conninfo_attempts_async
ansible_rulebook.app - ERROR - /app/.local/lib/python3.11/site-packages/psycopg/connection_async.py:118 connect
ansible_rulebook.app - ERROR - /app/.ansible/collections/ansible_collections/ansible/eda/extensions/eda/plugins/event_source/pg_listener.py:141 main
ansible_rulebook.app - ERROR - /app/.local/lib/python3.11/site-packages/ansible_rulebook/engine.py:208 start_source
ansible_rulebook.cli - ERROR - Terminating: One of the source plugins failed
Pod 'activation-job-39-491' is deleted.
Job activation-job-39-491 is cleaned up.
Activation failed. It will attempt to restart (1/5) in 60 seconds according to the restart policy on-failure. It may take longer if there is no capacity available.
Restart requested by user.
Debugging
The eda-server-activation-worker deployment has database credentials:
kubectl exec -n eda deployment/eda-server-activation-worker -- env | grep -i db
# Returns: EDA_DB_HOST, EDA_ACTIVATION_DB_HOST, EDA_DB_NAME, EDA_DB_PORT, etc.But the spawned activation-job-* pods do not:
kubectl exec -n eda <activation-job-pod> -- env | grep -i db
# Returns nothingEDA CR (relevant portion)
spec:
database:
database_secret: eda-postgres-configuration