[bitnami/postgresql-ha] Server is not starting with custom security context - Githubissues

bitnami / charts

Bitnami Helm Charts

https://bitnami.com

Other

8.97k stars 9.2k forks source link

[bitnami/postgresql-ha] Server is not starting with custom security context #22990

Open alita1991 opened 8 months ago

alita1991 commented 8 months ago

Name and Version

bitnami/postgresql-ha:12.3.4

What architecture are you using?

amd64

What steps will reproduce the bug?

Set ReadOnlyRootFilesystem = true for container security context on pgpool
/opt/bitnami/scripts/libpgpool.sh: line 350: /opt/bitnami/pgpool/conf/pool_hba.conf: Read-only file system
Set uid & gid 10001 on pgpool
mktemp: failed to create file via template ‘/tmp/tmp.XXXXXXXXXX’: Read-only file system
Set ReadOnlyRootFilesystem = true for container security context on postgresql
cp: cannot create regular file '/opt/bitnami/postgresql/conf/postgresql.conf': Read-only file system
Set uid & gid 10001 on postgresql
cp: cannot create regular file '/opt/bitnami/postgresql/conf/postgresql.conf': Permission denied

Are you using any custom parameters or values?

I set custom uid/gid + ReadOnlyRootFilesystem = true

What is the expected behavior?

ReadOnlyRootFilesystem and custom uid/gid should be possible on pgpool and postgresql

What do you see instead?

Read-only filesystem error + Permission-denied filesystem errors on service startup

Additional information

This was discovered while trying to address the issues reported by kube-score / kube-linter

[CRITICAL] Container Security Context ReadOnlyRootFilesystem
[CRITICAL] Container Security Context User Group ID

javsalgar commented 8 months ago

Hi!

I'm afraid we currently don't have support for readOnlyRootFilesystem. This is something in our backlog and we want to achive in our catalog. As soon as there are news we will update the ticket.