Nautobot Helm Chart Deployment Fails with Credential Mismatch Between Celery Beat and Postgresql #598
Description
We're trying to deploy Nautobot using the official Helm chart, configured with existing Kubernetes secrets for Postgres and Redis credentials. We're following the Nautobot Helm chart documentation on existing secrets, using a custom secret prod-use1-nautobot-custom in our cluster.
The deployment is managed via ArgoCD.
Despite seemingly correct secret configuration, the nautobot-celery-beat workload fails to authenticate with the PostgreSQL database (nautobot-postgresql-0 pod logs show authentication issues).
What we've configured:
Using values.prod-use1.yaml for setting Postgres and Redis credentials.
`**nautobot:
postgresql:
auth:
existingSecret: "prod-use1-nautobot-custom"
secretKeys:
adminPasswordKey: "NAUTOBOT_DB_PASSWORD"
userPasswordKey: "password"
redis:
auth:
existingSecret: "prod-use1-nautobot-custom"
existingSecretPasswordKey: "NAUTOBOT_REDIS_PASSWORD"**`
The Chart.yaml references the Nautobot deployment.
**`
apiVersion: "v2"
name: nautobot
description: "Nautobot is a Network Source of Truth and Network Automation Platform."
version: &version "2.5.4"
dependencies:
- name: nautobot
repository: "https://nautobot.github.io/helm-charts/"
version: version
`*
Logs:
nautobot-celery-beat pod logs:
[2025-08-14 14:00:17,183: WARNING/MainProcess] connection to server at "prod-use1-nautobot-postgresql" (172.20.189.22), port 5432 failed: FATAL: password authentication failed for user "nautobot"
nautobot-postgresql-0 pod logs:
2025-08-14 14:01:46.475 GMT [362] FATAL: password authentication failed for user "nautobot" 2025-08-14 14:01:46.475 GMT [362] DETAIL: Role "nautobot" does not exist.
Question:
Given that we are following the documented approach with existing secrets, what are we missing or misconfiguring that causes this mismatch in authentication between the Nautobot Celery Beat client and the PostgreSQL server? What steps are needed to properly "marry up" authentication so that the workload can connect successfully?
Any guidance on how to reconcile or troubleshoot the credentials/auth flow in this setup would be very helpful.