Adding Details For an External MySQL DB Causes Deployment to Fail

[jimmybrancaccio]

Bug description

I was finally able to get an EKS cluster up and running. I ran the KOTS installation and that was fine and deployed without issue. I however forgot to setup the external database information, so I went back into the KOTS UI > Config. I unselected the 'Use In-Cluster MySQL' checkbox and filled out my database information. I clicked on 'Save config' and then deployed the new config after it passed it's checks. Almost immediately it showed me the deployment failed.

I am going to drop the error message in the self-hosted teams Slack channel.

Steps to reproduce

1. Spin up EKS cluster.
2. Install Gitpod via the KOTS installer.
3. Fill out the configuration page minus the MySQL section - leave that as in-cluster.
4. Save and deploy.
5. Go back into the KOTS UI > Config and fill in the database information for an external database.
6. Save and deploy.
7. Observe the deployment fails.

Of note, I haven't replicated this yet but that's what I did to get this issue.

Workspace affected

No response

Expected behavior

I would expect the new configuration to deploy without issue and the external MySQL database be used.

Example repository

No response

Anything else?

• Error message (with domain redacted):

Error Message

The Job "installer-12" is invalid: spec.template: Invalid value: core.PodTemplateSpec{ObjectMeta:v1.ObjectMeta{Name:"", GenerateName:"", Namespace:"", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string{"app":"gitpod", "component":"gitpod-installer", "controller-uid":"0a52d17a-3ee8-4b18-aeff-60cb4326c7d5", "cursor":"12", "job-name":"installer-12", "kots.io/app-slug":"gitpod", "kots.io/backup":"velero"}, Annotations:map[string]string{"kots.io/app-slug":"gitpod"}, OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]string(nil), ClusterName:"", ManagedFields:[]v1.ManagedFieldsEntry(nil)}, Spec:core.PodSpec{Volumes:[]core.Volume{core.Volume{Name:"config-patch", VolumeSource:core.VolumeSource{HostPath:(*core.HostPathVolumeSource)(nil), EmptyDir:(*core.EmptyDirVolumeSource)(nil), GCEPersistentDisk:(*core.GCEPersistentDiskVolumeSource)(nil), AWSElasticBlockStore:(*core.AWSElasticBlockStoreVolumeSource)(nil), GitRepo:(*core.GitRepoVolumeSource)(nil), Secret:(*core.SecretVolumeSource)(nil), NFS:(*core.NFSVolumeSource)(nil), ISCSI:(*core.ISCSIVolumeSource)(nil), Glusterfs:(*core.GlusterfsVolumeSource)(nil), PersistentVolumeClaim:(*core.PersistentVolumeClaimVolumeSource)(nil), RBD:(*core.RBDVolumeSource)(nil), Quobyte:(*core.QuobyteVolumeSource)(nil), FlexVolume:(*core.FlexVolumeSource)(nil), Cinder:(*core.CinderVolumeSource)(nil), CephFS:(*core.CephFSVolumeSource)(nil), Flocker:(*core.FlockerVolumeSource)(nil), DownwardAPI:(*core.DownwardAPIVolumeSource)(nil), FC:(*core.FCVolumeSource)(nil), AzureFile:(*core.AzureFileVolumeSource)(nil), ConfigMap:(*core.ConfigMapVolumeSource)(0xc0231aba80), VsphereVolume:(*core.VsphereVirtualDiskVolumeSource)(nil), AzureDisk:(*core.AzureDiskVolumeSource)(nil), PhotonPersistentDisk:(*core.PhotonPersistentDiskVolumeSource)(nil), Projected:(*core.ProjectedVolumeSource)(nil), PortworxVolume:(*core.PortworxVolumeSource)(nil), ScaleIO:(*core.ScaleIOVolumeSource)(nil), StorageOS:(*core.StorageOSVolumeSource)(nil), CSI:(*core.CSIVolumeSource)(nil), Ephemeral:(*core.EphemeralVolumeSource)(nil)}}, core.Volume{Name:"node-fs0", VolumeSource:core.VolumeSource{HostPath:(*core.HostPathVolumeSource)(0xc021dfd218), EmptyDir:(*core.EmptyDirVolumeSource)(nil), GCEPersistentDisk:(*core.GCEPersistentDiskVolumeSource)(nil), AWSElasticBlockStore:(*core.AWSElasticBlockStoreVolumeSource)(nil), GitRepo:(*core.GitRepoVolumeSource)(nil), Secret:(*core.SecretVolumeSource)(nil), NFS:(*core.NFSVolumeSource)(nil), ISCSI:(*core.ISCSIVolumeSource)(nil), Glusterfs:(*core.GlusterfsVolumeSource)(nil), PersistentVolumeClaim:(*core.PersistentVolumeClaimVolumeSource)(nil), RBD:(*core.RBDVolumeSource)(nil), Quobyte:(*core.QuobyteVolumeSource)(nil), FlexVolume:(*core.FlexVolumeSource)(nil), Cinder:(*core.CinderVolumeSource)(nil), CephFS:(*core.CephFSVolumeSource)(nil), Flocker:(*core.FlockerVolumeSource)(nil), DownwardAPI:(*core.DownwardAPIVolumeSource)(nil), FC:(*core.FCVolumeSource)(nil), AzureFile:(*core.AzureFileVolumeSource)(nil), ConfigMap:(*core.ConfigMapVolumeSource)(nil), VsphereVolume:(*core.VsphereVirtualDiskVolumeSource)(nil), AzureDisk:(*core.AzureDiskVolumeSource)(nil), PhotonPersistentDisk:(*core.PhotonPersistentDiskVolumeSource)(nil), Projected:(*core.ProjectedVolumeSource)(nil), PortworxVolume:(*core.PortworxVolumeSource)(nil), ScaleIO:(*core.ScaleIOVolumeSource)(nil), StorageOS:(*core.StorageOSVolumeSource)(nil), CSI:(*core.CSIVolumeSource)(nil), Ephemeral:(*core.EphemeralVolumeSource)(nil)}}}, InitContainers:[]core.Container(nil), Containers:[]core.Container{core.Container{Name:"installer", Image:"eu.gcr.io/gitpod-core-dev/build/installer:release-2022.05.2.5", Command:[]string{"/bin/sh", "-c"}, Args:[]string{"set -e\n\necho \"Gitpod: Killing any in-progress installations\"\n\nkubectl delete jobs.batch -n gitpod -l component=gitpod-installer,cursor!=12 --force --grace-period 0 || true\nkubectl delete pod -n gitpod -l component=gitpod-installer,cursor!=12 --force --grace-period 0 || true\n\nif [ \"$(helm status -n gitpod gitpod -o json | jq '.info.status == \"deployed\"')\" = \"false\" ];\nthen\n  echo \"Gitpod: Deployment in-progress - clearing\"\n\n  VERSION=\"$(helm status -n gitpod gitpod -o json | jq '.version')\"\n  if [ \"${VERSION}\" -le 1 ];\n  then\n    echo \"Gitpod: Uninstall application\"\n    helm uninstall -n gitpod gitpod --wait || true\n  else\n    echo \"Gitpod: Rolling back application\"\n    helm rollback -n gitpod gitpod --wait || true\n  fi\nfi\n\necho \"Gitpod: Generate the base Installer config\"\n/app/installer init > \"${CONFIG_FILE}\"\n\necho \"Gitpod: auto-detecting ShiftFS support on host machine\"\nkubectl wait job -n gitpod --for=condition=complete -l component=shiftfs-module-loader --timeout=30s || true\nENABLE_SHIFTFS=$(kubectl get jobs.batch -n gitpod -l component=shiftfs-module-loader -o jsonpath='{.items[0].status.succeeded}')\n\nif [ \"${ENABLE_SHIFTFS}\" = \"1\" ]; then\n  echo \"Gitpod: enabling ShiftFS support\"\n\n  yq e -i '.workspace.runtime.fsShiftMethod = \"shiftfs\"' \"${CONFIG_FILE}\"\nfi\n\necho \"Gitpod: auto-detecting containerd location on host machine\"\nif [ -d \"/mnt/node0${CONTAINERD_DIR_K3S}\" ]; then\n  echo \"Gitpod: containerd dir detected as k3s\"\n\n  yq e -i \".workspace.runtime.containerdRuntimeDir = \\\"${CONTAINERD_DIR_K3S}\\\"\" \"${CONFIG_FILE}\"\nelif [ -d \"/mnt/node0${CONTAINERD_DIR_AL}\" ]; then\n  echo \"Gitpod: containerd dir detected as ${CONTAINERD_DIR_AL}\"\n\n  yq e -i \".workspace.runtime.containerdRuntimeDir = \\\"${CONTAINERD_DIR_AL}\\\"\" \"${CONFIG_FILE}\"\nfi\n\nif [ -S \"/mnt/node0${CONTAINERD_SOCKET_K3S}\" ]; then\n  echo \"Gitpod: containerd socket detected as k3s\"\n\n  yq e -i \".workspace.runtime.containerdSocket = \\\"${CONTAINERD_SOCKET_K3S}\\\"\" \"${CONFIG_FILE}\"\nelif [ -S \"/mnt/node0${CONTAINERD_SOCKET_AL}\" ]; then\n  echo \"Gitpod: containerd socket detected as ${CONTAINERD_SOCKET_AL}\"\n\n  yq e -i \".workspace.runtime.containerdSocket = \\\"${CONTAINERD_SOCKET_AL}\\\"\" \"${CONFIG_FILE}\"\nfi\n\necho \"Gitpod: Inject the Replicated variables into the config\"\nyq e -i '.domain = \"aDOMAIN.com\"' \"${CONFIG_FILE}\"\nyq e -i '.license.kind = \"secret\"' \"${CONFIG_FILE}\"\nyq e -i '.license.name = \"gitpod-license\"' \"${CONFIG_FILE}\"\n\nif [ 'false' = \"true\" ];\nthen\n  echo \"Gitpod: Setting Open VSX Registry URL\"\n  yq e -i \".openVSX.url = \\\"\\\"\" \"${CONFIG_FILE}\"\nfi\n\nif [ 'false' = \"true\" ];\nthen\n  echo \"Gitpod: configuring CloudSQLProxy\"\n\n  yq e -i \".database.inCluster = false\" \"${CONFIG_FILE}\"\n  yq e -i \".database.cloudSQL.instance = \\\"\\\"\" \"${CONFIG_FILE}\"\n  yq e -i \".database.cloudSQL.serviceAccount.kind = \\\"secret\\\"\" \"${CONFIG_FILE}\"\n  yq e -i \".database.cloudSQL.serviceAccount.name = \\\"cloudsql\\\"\" \"${CONFIG_FILE}\"\nfi\n\nif [ 'true' = \"true\" ];\nthen\n  echo \"Gitpod: configuring external database\"\n\n  yq e -i \".database.inCluster = false\" \"${CONFIG_FILE}\"\n  yq e -i \".database.external.certificate.kind = \\\"secret\\\"\" \"${CONFIG_FILE}\"\n  yq e -i \".database.external.certificate.name = \\\"database\\\"\" \"${CONFIG_FILE}\"\nfi\n\nif [ 'false' = \"true\" ];\nthen\n  echo \"Gitpod: configuring mirrored container registry\"\n\n  yq e -i \".containerRegistry.inCluster = false\" \"${CONFIG_FILE}\"\n  yq e -i \".containerRegistry.external.url = \\\"\\\"\" \"${CONFIG_FILE}\"\n  yq e -i \".containerRegistry.external.certificate.kind = \\\"secret\\\"\" \"${CONFIG_FILE}\"\n  yq e -i \".containerRegistry.external.certificate.name = \\\"gitpod-registry\\\"\" \"${CONFIG_FILE}\"\n  yq e -i \".repository = \\\"\\\"\" \"${CONFIG_FILE}\"\n  yq e -i \".imagePullSecrets[0].kind = \\\"secret\\\"\" \"${CONFIG_FILE}\"\n  yq e -i \".imagePullSecrets[0].name = \\\"gitpod-registry\\\"\" \"${CONFIG_FILE}\"\n  yq e -i '.dropImageRepo = true' \"${CONFIG_FILE}\"\nelif [ 'false' = \"true\" ];\nthen\n  echo \"Gitpod: configuring external container registry\"\n\n  yq e -i \".containerRegistry.inCluster = false\" \"${CONFIG_FILE}\"\n  yq e -i \".containerRegistry.external.url = \\\"\\\"\" \"${CONFIG_FILE}\"\n  yq e -i \".containerRegistry.external.certificate.kind = \\\"secret\\\"\" \"${CONFIG_FILE}\"\n  yq e -i \".containerRegistry.external.certificate.name = \\\"container-registry\\\"\" \"${CONFIG_FILE}\"\nelse\n  if [ 'true' = \"true\" ];\n  then\n    echo \"Gitpod: configuring container registry S3 backend\"\n\n    yq e -i \".containerRegistry.s3storage.region = \\\"us-east-1\\\"\" \"${CONFIG_FILE}\"\n    yq e -i \".containerRegistry.s3storage.endpoint = \\\"s3.amazonaws.com\\\"\" \"${CONFIG_FILE}\"\n    yq e -i \".containerRegistry.s3storage.bucket = \\\"aDOMAIN-com\\\"\" \"${CONFIG_FILE}\"\n    yq e -i \".containerRegistry.s3storage.certificate.kind = \\\"secret\\\"\" \"${CONFIG_FILE}\"\n    yq e -i \".containerRegistry.s3storage.certificate.name = \\\"container-registry-s3-backend\\\"\" \"${CONFIG_FILE}\"\n  fi\nfi\n\nif [ 'true' = \"true\" ];\nthen\n  echo \"Gitpod: configuring the storage\"\n\n  yq e -i \".metadata.region = \\\"us-east-1\\\"\" \"${CONFIG_FILE}\"\n  yq e -i \".objectStorage.inCluster = false\" \"${CONFIG_FILE}\"\n\n  if [ 'false' = \"true\" ];\n  then\n    echo \"Gitpod: configuring storage for Azure\"\n\n    yq e -i \".objectStorage.azure.credentials.kind = \\\"secret\\\"\" \"${CONFIG_FILE}\"\n    yq e -i \".objectStorage.azure.credentials.name = \\\"storage-azure\\\"\" \"${CONFIG_FILE}\"\n  fi\n\n  if [ 'false' = \"true\" ];\n  then\n    echo \"Gitpod: configuring storage for GCP\"\n\n    yq e -i \".objectStorage.cloudStorage.project = \\\"\\\"\" \"${CONFIG_FILE}\"\n    yq e -i \".objectStorage.cloudStorage.serviceAccount.kind = \\\"secret\\\"\" \"${CONFIG_FILE}\"\n    yq e -i \".objectStorage.cloudStorage.serviceAccount.name = \\\"storage-gcp\\\"\" \"${CONFIG_FILE}\"\n  fi\n\n  if [ 'true' = \"true\" ];\n  then\n    echo \"Gitpod: configuring storage for S3\"\n\n    yq e -i \".objectStorage.s3.endpoint = \\\"s3.amazonaws.com\\\"\" \"${CONFIG_FILE}\"\n    yq e -i \".objectStorage.s3.bucket = \\\"aDOMAIN-com\\\"\" \"${CONFIG_FILE}\"\n    yq e -i \".objectStorage.s3.credentials.kind = \\\"secret\\\"\" \"${CONFIG_FILE}\"\n    yq e -i \".objectStorage.s3.credentials.name = \\\"storage-s3\\\"\" \"${CONFIG_FILE}\"\n  fi\nfi\n\nif [ 'false' = \"true\" ];\nthen\n  echo \"Gitpod: Generate SSH host key\"\n  ssh-keygen -t rsa -q -N \"\" -f host.key\n  kubectl create secret generic ssh-gateway-host-key --from-file=host.key -n gitpod || echo \"SSH Gateway Host Key secret has not been created. Does it exist already?\"\n  yq e -i '.sshGatewayHostKey.kind = \"secret\"' \"${CONFIG_FILE}\"\n  yq e -i '.sshGatewayHostKey.name = \"ssh-gateway-host-key\"' \"${CONFIG_FILE}\"\nfi\n\nif [ 'false' = \"true\" ];\nthen\n  echo \"Gitpod: Generating a self-signed certificate with the internal CA\"\n  yq e -i '.customCACert.kind = \"secret\"' \"${CONFIG_FILE}\"\n  yq e -i '.customCACert.name = \"ca-issuer-ca\"' \"${CONFIG_FILE}\"\nelif [ 'false' = \"true\" ];\nthen\n  echo \"Gitpod: Setting CA to be used for certificate\"\n  yq e -i '.customCACert.kind = \"secret\"' \"${CONFIG_FILE}\"\n  yq e -i '.customCACert.name = \"ca-certificate\"' \"${CONFIG_FILE}\"\nfi\n\nif [ 'false' = \"true\" ];\nthen\n  echo \"Gitpod: Adding blockNewUsers to config\"\n  yq e -i '.blockNewUsers.enabled = true' \"${CONFIG_FILE}\"\n\n  for domain in \n  do\n    echo \"Gitpod: Adding domain \\\"${domain}\\\" to blockNewUsers config\"\n    yq e -i \".blockNewUsers.passlist += \\\"${domain}\\\"\" \"${CONFIG_FILE}\"\n  done\nfi\n\necho \"Gitpod: Patch Gitpod config\"\nbase64 -d \"${CONFIG_PATCH_FILE}\" > /tmp/patch.yaml\nconfig_patch=$(cat /tmp/patch.yaml)\necho \"Gitpod: ${CONFIG_PATCH_FILE}=${config_patch}\"\nyq eval-all --inplace 'select(fileIndex == 0) * select(fileIndex == 1)' \"${CONFIG_FILE}\" /tmp/patch.yaml\n\necho \"Gitpod: Generate the Kubernetes objects\"\nconfig=$(cat \"${CONFIG_FILE}\")\necho \"Gitpod: ${CONFIG_FILE}=${config}\"\n\necho \"Gitpod: Create a Helm template directory\"\nrm -Rf \"${GITPOD_OBJECTS}\"\nmkdir -p \"${GITPOD_OBJECTS}/templates\"\ncat <<EOF >> \"${GITPOD_OBJECTS}/Chart.yaml\"\napiVersion: v2\nname: gitpod-kots\ndescription: Always ready-to-code\nversion: \"1.0.0\"\nappVersion: \"$(/app/installer version | yq e '.version' -)\"\nEOF\n\necho \"Gitpod: render Kubernetes manifests\"\n/app/installer render -c \"${CONFIG_FILE}\" --namespace gitpod > \"${GITPOD_OBJECTS}/templates/gitpod.yaml\"\n\n# Workaround for #8532 and #8529\necho \"Gitpod: Remove the StatefulSet status object for OpenVSX Proxy\"\nyq eval-all --inplace \\\n  'del(select(.kind == \"StatefulSet\" and .metadata.name == \"openvsx-proxy\").status)' \\\n  \"${GITPOD_OBJECTS}/templates/gitpod.yaml\"\n\necho \"Gitpod: Escape any Golang template values\"\nsed -i -r 's/(.*\\{\\{.*)/{{`\\1`}}/' \"${GITPOD_OBJECTS}/templates/gitpod.yaml\"\n\n# If certificate secret already exists, set the timeout to 5m\nCERT_SECRET=$(kubectl get secrets -n gitpod https-certificates -o jsonpath='{.metadata.name}' || echo '')\nHELM_TIMEOUT=\"5m\"\nif [ \"${CERT_SECRET}\" = \"\" ]; then\n  HELM_TIMEOUT=\"1h\"\nfi\n\n# The long timeout is to ensure the TLS cert is created (if required)\necho \"Gitpod: Apply the Kubernetes objects with timeout of ${HELM_TIMEOUT}\"\nhelm upgrade \\\n  --atomic \\\n  --cleanup-on-fail \\\n  --create-namespace \\\n  --install \\\n  --namespace=\"gitpod\" \\\n  --reset-values \\\n  --timeout \"${HELM_TIMEOUT}\" \\\n  --wait \\\n  gitpod \\\n  \"${GITPOD_OBJECTS}\"\n\necho \"Gitpod: Restarting installation status job\"\nkubectl delete pod -n gitpod -l component=gitpod-installer-status || true\n\necho \"Gitpod: Installer job finished - goodbye\"\n"}, WorkingDir:"", Ports:[]core.ContainerPort(nil), EnvFrom:[]core.EnvFromSource(nil), Env:[]core.EnvVar{core.EnvVar{Name:"CONFIG_FILE", Value:"/tmp/gitpod-config.yaml", ValueFrom:(*core.EnvVarSource)(nil)}, core.EnvVar{Name:"CONFIG_PATCH_FILE", Value:"/config-patch/gitpod-config-patch.yaml", ValueFrom:(*core.EnvVarSource)(nil)}, core.EnvVar{Name:"CONTAINERD_DIR_K3S", Value:"/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io", ValueFrom:(*core.EnvVarSource)(nil)}, core.EnvVar{Name:"CONTAINERD_SOCKET_K3S", Value:"/run/k3s/containerd/containerd.sock", ValueFrom:(*core.EnvVarSource)(nil)}, core.EnvVar{Name:"CONTAINERD_DIR_AL", Value:"/run/containerd/io.containerd.runtime.v2.task/k8s.io", ValueFrom:(*core.EnvVarSource)(nil)}, core.EnvVar{Name:"CONTAINERD_SOCKET_AL", Value:"/run/containerd/containerd.sock", ValueFrom:(*core.EnvVarSource)(nil)}, core.EnvVar{Name:"GITPOD_OBJECTS", Value:"/tmp/gitpod", ValueFrom:(*core.EnvVarSource)(nil)}}, Resources:core.ResourceRequirements{Limits:core.ResourceList(nil), Requests:core.ResourceList(nil)}, VolumeMounts:[]core.VolumeMount{core.VolumeMount{Name:"config-patch", ReadOnly:true, MountPath:"/config-patch", SubPath:"", MountPropagation:(*core.MountPropagationMode)(nil), SubPathExpr:""}, core.VolumeMount{Name:"node-fs0", ReadOnly:true, MountPath:"/mnt/node0", SubPath:"", MountPropagation:(*core.MountPropagationMode)(nil), SubPathExpr:""}}, VolumeDevices:[]core.VolumeDevice(nil), LivenessProbe:(*core.Probe)(nil), ReadinessProbe:(*core.Probe)(nil), StartupProbe:(*core.Probe)(nil), Lifecycle:(*core.Lifecycle)(nil), TerminationMessagePath:"/dev/termination-log", TerminationMessagePolicy:"File", ImagePullPolicy:"IfNotPresent", SecurityContext:(*core.SecurityContext)(nil), Stdin:false, StdinOnce:false, TTY:false}}, EphemeralContainers:[]core.EphemeralContainer(nil), RestartPolicy:"OnFailure", TerminationGracePeriodSeconds:(*int64)(0xc0092f25a8), ActiveDeadlineSeconds:(*int64)(nil), DNSPolicy:"ClusterFirst", NodeSelector:map[string]string(nil), ServiceAccountName:"installer", AutomountServiceAccountToken:(*bool)(nil), NodeName:"", SecurityContext:(*core.PodSecurityContext)(0xc0136c2b00), ImagePullSecrets:[]core.LocalObjectReference{core.LocalObjectReference{Name:"gitpod-registry"}}, Hostname:"", Subdomain:"", SetHostnameAsFQDN:(*bool)(nil), Affinity:(*core.Affinity)(nil), SchedulerName:"default-scheduler", Tolerations:[]core.Toleration(nil), HostAliases:[]core.HostAlias(nil), PriorityClassName:"", Priority:(*int32)(nil), PreemptionPolicy:(*core.PreemptionPolicy)(nil), DNSConfig:(*core.PodDNSConfig)(nil), ReadinessGates:[]core.PodReadinessGate(nil), RuntimeClassName:(*string)(nil), Overhead:core.ResourceList(nil), EnableServiceLinks:(*bool)(nil), TopologySpreadConstraints:[]core.TopologySpreadConstraint(nil)}}: field is immutable

[lucasvaltl]

We should research this more. Try to replicated it.

[lucasvaltl]

@mrsimonemms could you research this?

[mrsimonemms]

I've tried this with the 2022.6.0 release and get a similar issue, although with a different error. It looks like this returns the error in the Installer logs:

Error: UPGRADE FAILED: an error occurred while rolling back the release. original upgrade error: cannot patch "ws-daemon-tls" with kind Certificate: Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": EOF: no ServiceAccount with the name "db" found

My feeling is that, if you're moving databases then there's no easy path for extracting the data and ingesting into the external DB. The likely scenario is that this would be a POC where someone is investigating using the external DB. For that reason, whilst I think we should fix this issue, I don't think that it a super high priority.

There is a fairly straightforward workaround to this - run helm un -n <namespace> gitpod and then hitting "Redeploy" in the KOTS dashboard.