Provide environment information
Trigger.dev running self-hosted on an EKS cluster using ArgoCD
Describe the bug
When deploying Trigger.dev v4 via the Helm chart with an external ClickHouse database, using clickhouse.external.existingSecret results in an invalid CLICKHOUSE_URL.
The trigger-v4.clickhouse.url helper generates the URL using bash-style variable substitution:
https://default:${CLICKHOUSE_PASSWORD}@:8123?secure=false
Because Kubernetes only supports environment variable substitution using the $(VAR) syntax, ${CLICKHOUSE_PASSWORD} is passed as a literal string to the application. This immediately causes either a URL parsing error (net/url: invalid userinfo) or an authentication failure.
Attempted Workarounds (and why they fail):
Because of how the chart's templates are structured, standard Kubernetes workarounds are blocked:
- Importing a fully constructed URL via extraEnvVars: This fails because the chart hardcodes the CLICKHOUSE_URL injection, resulting in a Kubernetes duplicate entries for key [name="CLICKHOUSE_URL"] (and subsequently RUN_REPLICATION_CLICKHOUSE_URL) error and ArgoCD sync failures.
- Manually using K8s syntax (password: "$(CLICKHOUSE_PASSWORD)"): This fails because the chart only injects the required CLICKHOUSE_PASSWORD env var if existingSecret is defined. Without it, the substitution resolves to an empty string.
- Injecting CLICKHOUSE_PASSWORD via extraEnvVars: Kubernetes evaluates dependent variables in order. Because extraEnvVars are templated after the hardcoded variables in the chart, CLICKHOUSE_PASSWORD is defined too late for CLICKHOUSE_URL to pick it up.
Reproduction repo
To reproduce
Steps to Reproduce:
- Configure the values.yaml to use an external ClickHouse and an existing secret:
clickhouse:
deploy: false
external:
host: chc-trigger-clickhouse-clickhouse-headless
port: 8123
username: default
existingSecret: trigger-secrets
existingSecretKey: CLICKHOUSE_PASSWORD
Provide environment information
Trigger.dev running self-hosted on an EKS cluster using ArgoCD
Describe the bug
When deploying Trigger.dev v4 via the Helm chart with an external ClickHouse database, using clickhouse.external.existingSecret results in an invalid CLICKHOUSE_URL.
The trigger-v4.clickhouse.url helper generates the URL using bash-style variable substitution:
https://default:${CLICKHOUSE_PASSWORD}@:8123?secure=false
Because Kubernetes only supports environment variable substitution using the$(VAR) syntax, $ {CLICKHOUSE_PASSWORD} is passed as a literal string to the application. This immediately causes either a URL parsing error (net/url: invalid userinfo) or an authentication failure.
Attempted Workarounds (and why they fail):
Because of how the chart's templates are structured, standard Kubernetes workarounds are blocked:
Reproduction repo
To reproduce
Steps to Reproduce:
clickhouse:
deploy: false
external:
host: chc-trigger-clickhouse-clickhouse-headless
port: 8123
username: default
existingSecret: trigger-secrets
existingSecretKey: CLICKHOUSE_PASSWORD