Running Postgres in OpenShift with persistence volume is failing with user permissions issues

[Wisw]

Container platform

OCP 4

Version

I have tried to deploy the Postgres with 15 and its failing to be able to run with volume mounts in OCP 4.7 (latest).

OS version of the container image

RHEL 8

Bugzilla, Jira

Description

I have tried the below quote blocks along with multiple other settings with various securityContext params for container & pods specs. None of them are being acceptable as they are being blocked by SecurityContextConstraints I presume default to OCP.

Also I have seen that the volumes in OCP is yet to fixed as per line 72 of Dockerfile in below link.

https://catalog.redhat.com/software/containers/rhel8/postgresql-15/63d29a05fd1c4f5552a305b3?image=678fe0ad976ab6d74f5e4074&architecture=arm64&container-tabs=dockerfile

The git issue seem not relevant as the issue mentioned in Dockerfile is already closed, so I'm lost. Also tried to use the other $HOME directory for the volume by building and then felt it to be pointless as fix-permissions script is resolving to postgres user which is running with root privilege.

Need assistance with this.

apiVersion: v1
kind: PersistentVolume
metadata:
name: postgres-pv
labels:
app: postgres
spec:
capacity:
storage: 8Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: localblock-sc
volumeMode: Filesystem
hostPath:
path: /var/lib/pgsql/data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- dev-node-01

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: postgres-pvc
namespace: supervity
labels:
app: postgres
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi
volumeName: postgres-pv
storageClassName: localblock-sc
volumeMode: Filesystem

apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
namespace: test
labels:
app: postgres
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
creationTimestamp: null
labels:
app: postgres
spec:
volumes:
- name: postgres-pvc
persistentVolumeClaim:
claimName: postgres-pvc
securityContext:
fsGroup: 26
containers:
- resources: {}
terminationMessagePath: /dev/termination-log
name: container
env:
- name: POSTGRESQL_USER
value: test
- name: POSTGRESQL_PASSWORD
value: verySecureDBtestpswd
- name: POSTGRESQL_DATABASE
value: supervity
ports:
- containerPort: 5432
protocol: TCP
imagePullPolicy: IfNotPresent
volumeMounts:
- name: postgres-pvc
mountPath: /var/lib/pgsql/data
readOnly: false
terminationMessagePolicy: File
image: 'registry.redhat.io/rhel8/postgresql-15:1-90'
securityContext: {}
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- node-01
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600

Reproducer

No response

[phracek]

Hi @Wisw, Thanks for reporting this issue. Can you please provide reproducing steps? What kind of cluster do you use?
Can you please use also some newer clusters like 4.14+?

Do you use some shared clusters?

What is the output in OpenShift POD?

[Wisw]

Nope its not a shared cluster, currently we are using latest built OCP 4.17.x variant trial cluster on premises.

The pod is crashing with error at initialization of DB stating that fix-permissions is failing with operation not permitted.