Issue Summary

'&' parameters are not taking effect for Synchrony JDBC URL as:

• Helm Chart needs the JDBC URL defined with &
  • This will correctly configure the JDBC URL in confluence.cfg.xml which needs to have &
  • However, this breaks Synchrony JDBC URL as Synchrony expects & instead of &

This is reproducible on Data Center: yes

Steps to Reproduce

1. Deploy Postgres with SSL enabled

   helm install postgres bitnami/postgresql --set image.tag=14 --set global.postgresql.auth.postgresPassword=password --set tls.enabled=true --set tls.autoGenerated=true
   

2. Use this for Confluence JDBC URL

   database:
     url: jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key
   

3. Deploy Confluence with Synchrony enabled

Expected Results

• Confluence can connect to the Postgres SSL database
• Synchrony can connect to the Postgres SSL database
  • Synchrony logs should show JDBC URL as:

    ... jdbcUrl -> jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key ...
    

As you can see from a non-Kubernetes Confluence DC deployment:

    <property name="hibernate.connection.url">jdbc:postgresql://localhost:5432/conf859?sslmode=disable&amp;sslrootcert=/Users/ubuntu/k8s/root.crt</property>

and the Confluence deployed atlassian-synchrony.log will show:

jdbcUrl -> jdbc:postgresql://localhost:5432/conf859?sslmode=disable&sslrootcert=/Users/ubuntu/k8s/root.crt

as Confluence code base does the transformation of the & -> just & before it's passed to Managed Synchrony

Actual Results

• Confluence can connect to the Postgres SSL database
• Synchrony can not connect to the Postgres SSL database

The below exception is thrown in the atlassian-synchrony.log file:

... jdbcUrl -> jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key ...

Caused by: java.io.FileNotFoundException: /root/.postgresql/root.crt (No such file or directory)
	at java.base/java.io.FileInputStream.open0(Native Method)
	at java.base/java.io.FileInputStream.open(FileInputStream.java:216)
	at java.base/java.io.FileInputStream.<init>(FileInputStream.java:157)
	at java.base/java.io.FileInputStream.<init>(FileInputStream.java:111)
	at org.postgresql.ssl.LibPQFactory.<init>(LibPQFactory.java:148)
	... 18 more

i.e. the & parameters did not appear to take effect in Synchrony process

Workaround 1

Clone the Atlassian Data Center Helm Chart github repo and update only the Synchrony section as follows in:

• data-center-helm-charts/src/main/charts/confluence/templates/_helpers.tpl

• SYNCHRONY_DATABASE_URL

with & transformed to just &

{{- define "synchrony.databaseEnvVars" -}}
{{ with .Values.database.url }}
- name: SYNCHRONY_DATABASE_URL
  value: {{ . | quote }}
{{ end }}

{{- define "synchrony.databaseEnvVars" -}}
{{ with .Values.database.url }}
- name: SYNCHRONY_DATABASE_URL
  value: {{ . | replace "&" "&" | quote }}
{{ end }}

Workaround 2

1. With the Helm Chart JDBC URL containing &, e.g.

   url: jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key
   

   • Scale the Confluence Cluster to the max desired pod count so every pod has confluence.cfg.xml already created.
2. Now, update the Helm Chart JDBC URL without the &, e.g.

   url: jdbc:postgresql://postgres-postgresql:5432/confluence?sslmode=verify-full&sslrootcert=/var/ssl/root.crt&sslcert=/var/ssl/server.crt&sslkey=/var/ssl/server.key
   

3. Re-deploy the Helm Chart
   • Synchrony pods should pick up the correct JDBC params without &
   • Existing Confluence pods should use the already created confluence.cfg.xml with &
   • Note that any new Confluence pods would fail until the JDBC string in the Helm Chart JDBC is corrected back with &