[bitnami/postgresql] On Okteto database is always recreated if deployement is recreated

[eltorio]

Name and Version

bitnami/postgresql:latest

What steps will reproduce the bug?

Create on okteto this app PVC definition

---
    apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
      creationTimestamp: null
      labels:
        io.kompose.service: data-pgsql
      name: data-pgsql
    spec:
      accessModes:
        - ReadWriteOnce
      resources:
        requests:
          storage: 1Gi
      volumeMode: Filesystem
    status: {}

Deployement

---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      creationTimestamp: null
      labels:
        io.kompose.service: postgres
      name: postgres
    spec:
      replicas: 1
      selector:
        matchLabels:
          io.kompose.service: postgres
      strategy:
        type: RollingUpdate
      template:
        metadata:
          creationTimestamp: null
          labels:
            io.kompose.network/hcf-default: "true"
            io.kompose.service: postgres
        spec:
          containers:
            - env:
                - name: POSTGRES_DATABASE
                  value: $POSTGRES_DB
                - name: POSTGRESQL_VOLUME_DIR
                  value: /bitnami/postgresql
                - name: PGDATA
                  value: /bitnami/postgresql/data
                - name: POSTGRES_PASSWORD
                  value: $POSTGRES_PASSWORD
                - name: POSTGRES_USERNAME
                  value: $POSTGRES_USER
                - name: BITNAMI_DEBUG
                  value: "true"
              image: bitnami/postgresql:latest
              name: postgres
              ports:
                - containerPort: 5432
              resources:
                limits:
                  cpu: 500m
                  memory: "536870912"
              volumeMounts:
                - mountPath: /bitnami
                  name: data-pgsql
          restartPolicy: Always
          volumes:
            - name: data-pgsql
              persistentVolumeClaim:
                claimName: data-pgsql
    status: {}

Service

---
    apiVersion: v1
    kind: Service
    metadata:
      creationTimestamp: null
      labels:
        io.kompose.service: postgres
      name: postgres
    spec:
      ports:
        - name: "5432"
          port: 5432
          targetPort: 5432
      selector:
        io.kompose.service: postgres
    status:
      loadBalancer: {}

From a terminal:

echo "hello" > /bitnami/postgresql/data/TEST

delete the postgres deployement (not the pvc volume). and recreate it.

envsubst < $SCRIPT_DIR/k8s.yml | kubectl apply --kubeconfig $SCRIPT_DIR/okteto-kube.config -f -

What is the expected behavior?

Database must persist.

I also need to mount at /bitnami because if I mount at /bitnami/postgresql I get a "permission denied" from a terminal:

I have no name!@postgres-686c688bb-qfmpp:/$ ls /bitnami/postgresql/data/TEST
ls: cannot access '/bitnami/postgresql/data/TEST': No such file or directory
I have no name!@postgres-686c688bb-qfmpp:/$ 

Note that I have a second deployement with a PVC created like /bitnami that persits correctly

What do you see instead?

database is recreated

Additional information

first run:

postgresql 15:38:54.62 
postgresql 15:38:54.62 Welcome to the Bitnami postgresql container
postgresql 15:38:54.65 Subscribe to project updates by watching https://github.com/bitnami/containers
postgresql 15:38:54.66 Submit issues and feature requests at https://github.com/bitnami/containers/issues
postgresql 15:38:54.66 
postgresql 15:38:54.66 DEBUG ==> Configuring libnss_wrapper...
postgresql 15:38:54.68 INFO ==> ** Starting PostgreSQL setup **
postgresql 15:38:54.70 INFO ==> Validating settings in POSTGRESQL_* env vars..
postgresql 15:38:54.76 INFO ==> Loading custom pre-init scripts...
postgresql 15:38:54.76 INFO ==> Initializing PostgreSQL database...
postgresql 15:38:54.77 DEBUG ==> Copying files from /bitnami/postgresql/conf to /opt/bitnami/postgresql/conf
postgresql 15:38:54.77 DEBUG ==> Ensuring expected directories/files exist...
postgresql 15:38:54.79 INFO ==> pg_hba.conf file not detected. Generating it...
postgresql 15:38:54.79 INFO ==> Generating local authentication configuration
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /bitnami/postgresql/data ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
initdb: warning: enabling "trust" authentication for local connections
initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb.
Success. You can now start the database server using:
/opt/bitnami/postgresql/bin/pg_ctl -D /bitnami/postgresql/data -l logfile start
postgresql 15:38:56.60 INFO ==> Starting PostgreSQL in background...
waiting for server to start....2023-02-15 15:38:56.641 GMT [70] LOG: starting PostgreSQL 15.2 on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
2023-02-15 15:38:56.642 GMT [70] LOG: listening on IPv4 address "127.0.0.1", port 5432
2023-02-15 15:38:56.642 GMT [70] LOG: could not bind IPv6 address "::1": Cannot assign requested address
2023-02-15 15:38:56.664 GMT [70] LOG: listening on Unix socket "/tmp/.s.PGSQL.5432"
2023-02-15 15:38:56.673 GMT [73] LOG: database system was shut down at 2023-02-15 15:38:56 GMT
2023-02-15 15:38:56.680 GMT [70] LOG: database system is ready to accept connections
done
server started
CREATE DATABASE
postgresql 15:38:56.81 INFO ==> Creating user dbuser
CREATE ROLE
postgresql 15:38:56.87 INFO ==> Granting access to "dbuser" to the database "listmonk"
GRANT
ALTER DATABASE
postgresql 15:38:56.96 INFO ==> Setting ownership for the 'public' schema database "listmonk" to "dbuser"
ALTER SCHEMA
postgresql 15:38:56.99 INFO ==> Configuring replication parameters
postgresql 15:38:57.09 INFO ==> Configuring synchronous_replication
postgresql 15:38:57.09 INFO ==> Configuring fsync
postgresql 15:38:57.17 INFO ==> Stopping PostgreSQL...
waiting for server to shut down....2023-02-15 15:38:57.178 GMT [70] LOG: received fast shutdown request
2023-02-15 15:38:57.182 GMT [70] LOG: aborting any active transactions
2023-02-15 15:38:57.185 GMT [70] LOG: background worker "logical replication launcher" (PID 76) exited with exit code 1
2023-02-15 15:38:57.187 GMT [71] LOG: shutting down
2023-02-15 15:38:57.191 GMT [71] LOG: checkpoint starting: shutdown immediate
2023-02-15 15:38:57.236 GMT [71] LOG: checkpoint complete: wrote 927 buffers (5.7%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.019 s, sync=0.016 s, total=0.049 s; sync files=257, longest=0.003 s, average=0.001 s; distance=4222 kB, estimate=4222 kB
2023-02-15 15:38:57.262 GMT [70] LOG: database system is shut down
done
server stopped
postgresql 15:38:57.28 INFO ==> Loading custom scripts...
postgresql 15:38:57.28 INFO ==> Enabling remote connections
postgresql 15:38:57.29 INFO ==> ** PostgreSQL setup finished! **
postgresql 15:38:57.31 INFO ==> ** Starting PostgreSQL **
2023-02-15 15:38:57.371 GMT [1] LOG: pgaudit extension initialized
2023-02-15 15:38:57.381 GMT [1] LOG: starting PostgreSQL 15.2 on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
2023-02-15 15:38:57.382 GMT [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
2023-02-15 15:38:57.382 GMT [1] LOG: listening on IPv6 address "::", port 5432
2023-02-15 15:38:57.388 GMT [1] LOG: listening on Unix socket "/tmp/.s.PGSQL.5432"
2023-02-15 15:38:57.397 GMT [145] LOG: database system was shut down at 2023-02-15 15:38:57 GMT
2023-02-15 15:38:57.408 GMT [1] LOG: database system is ready to accept connections

second create

ostgresql 15:48:33.46 
postgresql 15:48:33.46 Welcome to the Bitnami postgresql container
postgresql 15:48:33.46 Subscribe to project updates by watching https://github.com/bitnami/containers
postgresql 15:48:33.46 Submit issues and feature requests at https://github.com/bitnami/containers/issues
postgresql 15:48:33.47 
postgresql 15:48:33.47 DEBUG ==> Configuring libnss_wrapper...
postgresql 15:48:33.48 INFO ==> ** Starting PostgreSQL setup **
postgresql 15:48:33.50 INFO ==> Validating settings in POSTGRESQL_* env vars..
postgresql 15:48:33.56 INFO ==> Loading custom pre-init scripts...
postgresql 15:48:33.57 INFO ==> Initializing PostgreSQL database...
postgresql 15:48:33.57 DEBUG ==> Copying files from /bitnami/postgresql/conf to /opt/bitnami/postgresql/conf
postgresql 15:48:33.58 DEBUG ==> Ensuring expected directories/files exist...
postgresql 15:48:33.59 INFO ==> pg_hba.conf file not detected. Generating it...
postgresql 15:48:33.60 INFO ==> Generating local authentication configuration
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /bitnami/postgresql/data ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
initdb: warning: enabling "trust" authentication for local connections
initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb.
syncing data to disk ... ok
Success. You can now start the database server using:
/opt/bitnami/postgresql/bin/pg_ctl -D /bitnami/postgresql/data -l logfile start
postgresql 15:48:35.41 INFO ==> Starting PostgreSQL in background...
waiting for server to start....2023-02-15 15:48:35.460 GMT [70] LOG: starting PostgreSQL 15.2 on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
2023-02-15 15:48:35.461 GMT [70] LOG: listening on IPv4 address "127.0.0.1", port 5432
2023-02-15 15:48:35.461 GMT [70] LOG: could not bind IPv6 address "::1": Cannot assign requested address
2023-02-15 15:48:35.466 GMT [70] LOG: listening on Unix socket "/tmp/.s.PGSQL.5432"
2023-02-15 15:48:35.474 GMT [73] LOG: database system was shut down at 2023-02-15 15:48:35 GMT
2023-02-15 15:48:35.480 GMT [70] LOG: database system is ready to accept connections
done
server started
CREATE DATABASE
postgresql 15:48:35.61 INFO ==> Creating user dbuser
CREATE ROLE
postgresql 15:48:35.67 INFO ==> Granting access to "dbuser" to the database "listmonk"
GRANT
ALTER DATABASE
postgresql 15:48:35.76 INFO ==> Setting ownership for the 'public' schema database "listmonk" to "dbuser"
ALTER SCHEMA
postgresql 15:48:35.79 INFO ==> Configuring replication parameters
postgresql 15:48:35.88 INFO ==> Configuring synchronous_replication
postgresql 15:48:35.88 INFO ==> Configuring fsync
postgresql 15:48:35.96 INFO ==> Stopping PostgreSQL...
2023-02-15 15:48:35.971 GMT [70] LOG: received fast shutdown request
waiting for server to shut down....2023-02-15 15:48:35.976 GMT [70] LOG: aborting any active transactions
2023-02-15 15:48:35.980 GMT [70] LOG: background worker "logical replication launcher" (PID 76) exited with exit code 1
2023-02-15 15:48:35.981 GMT [71] LOG: shutting down
2023-02-15 15:48:35.984 GMT [71] LOG: checkpoint starting: shutdown immediate
2023-02-15 15:48:36.036 GMT [71] LOG: checkpoint complete: wrote 927 buffers (5.7%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.020 s, sync=0.020 s, total=0.056 s; sync files=257, longest=0.003 s, average=0.001 s; distance=4222 kB, estimate=4222 kB
2023-02-15 15:48:36.044 GMT [70] LOG: database system is shut down
done
server stopped
postgresql 15:48:36.07 INFO ==> Loading custom scripts...
postgresql 15:48:36.08 INFO ==> Enabling remote connections
postgresql 15:48:36.08 INFO ==> ** PostgreSQL setup finished! **
postgresql 15:48:36.10 INFO ==> ** Starting PostgreSQL **
2023-02-15 15:48:36.123 GMT [1] LOG: pgaudit extension initialized
2023-02-15 15:48:36.163 GMT [1] LOG: starting PostgreSQL 15.2 on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
2023-02-15 15:48:36.164 GMT [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
2023-02-15 15:48:36.164 GMT [1] LOG: listening on IPv6 address "::", port 5432
2023-02-15 15:48:36.170 GMT [1] LOG: listening on Unix socket "/tmp/.s.PGSQL.5432"
2023-02-15 15:48:36.178 GMT [145] LOG: database system was shut down at 2023-02-15 15:48:36 GMT
2023-02-15 15:48:36.188 GMT [1] LOG: database system is ready to accept connections

[eltorio]

For being complete this my is cluster definition:
https://github.com/highcanfly-club/hcfmailer/blob/hcf/hcf/okteto/k8s.yml . All docker images are publicaly availables in Docker hub.

It needs to fill this env variables

DKIM_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----|MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSj……………BuoTsIHpowYjVbps4=|-----END PRIVATE KEY-----"  #(optional a valid DKIM private key with | in place of CR
DKIM_SELECTOR=yourselector  #(optional DKIM selector)
ALLOWED_SENDER_DOMAINS="example.org example.net example.com" #mandatory 
POSTGRES_DB=listmonk #mandatory (the name of the DB)
POSTGRES_PASSWORD=apassword #mandatory (the password of the DB)
POSTGRES_USER=auser #mandatory (the user of the DB)
LISTMONK_USER=listmonk #optional default to listmonk
LISTMONK_PASSWORD=averysecurepassword #mandatory (the admin password)
OKETO_NS=yournamespace #mandatory (the K8S namespace)
OKTETO_FQDN_HCFMAILER=name-yournamespace.cloud.okteto.net #mandatory (the fqdn for the admin UI -ingress)
SSH_PUBKEY="ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIHfyW0g6kUxa4hn1fWzrIY/98HVWEymk8liFRadW2bCknHdLyNnzYGOQvcHlg+mLhFhSJwiA5DaHAEwwHbRQE= key@hcfmailer" #(optional a valid ssh pubkey - will be filled as authorized key)
CLOUDFLARE_API_KEY="the-zone-id"                               #mandatory
CLOUDFLARE_ZONE_ID="your-api-key-with-dns-rights"              #mandatory
CLOUDFLARE_DNS_RECORDS="smtpd.example.org, smtpd2.example.ord" #Mandatory
POSTFIX_HOSTNAME="smtpd.example.org"                           #Recommended

I apply my cluster with:

SCRIPT_DIR=`dirname $0`
envsubst < $SCRIPT_DIR/k8s.yml | kubectl apply --kubeconfig $SCRIPT_DIR/okteto-kube.config -f -

[javsalgar]

HI,

It is not clear to me how this Okteto is affecting the overall deployment. Does the same issue happen without Okteto? Just deploying and removing the deployment?

[eltorio]

If I delete the "postgres" deployment but keep the pvc and next issue

kubectl apply -f postgres.yml

It is the same problem, it looks like the entrypoint cannot read the /bitnami/postgresql directory and so create a new DB, it is maybe a rights issue. I need to mount the pvc as /bitnami because mounting as /bitnami/postgresql gives a "permission denied"

[javsalgar]

Could you try overriding the entrypoint with a sleep infinity, enter the container and check if there are actually permission issues? We would need to understand what operation is causing the issue.

[eltorio]

I'll do it immediately but for info this is the log when I wake the deployement: For me the intersting line is:

pg_hba.conf file not detected. Generating it...

complete log

2023-02-22 07:57:36.00 UTCpostgres-658496d7cb-bd478[pod-event]Successfully assigned xxxxxx/postgres-658496d7cb-bd478 to gke-cloud-dev-0-4a63fc91-rfjb
2023-02-22 07:57:47.00 UTCpostgres-658496d7cb-bd478[pod-event]AttachVolume.Attach succeeded for volume "pvc-876380fc-36a4-4151-bd87-33191106d258" 
2023-02-22 07:57:52.00 UTCpostgres-658496d7cb-bd478[pod-event]Pulling image "bitnami/postgresql:latest"
2023-02-22 07:58:25.00 UTCpostgres-658496d7cb-bd478[pod-event]Successfully pulled image "bitnami/postgresql:latest" in 33.247168979s
2023-02-22 07:58:25.00 UTCpostgres-658496d7cb-bd478[pod-event]Created container postgres
2023-02-22 07:58:27.00 UTCpostgres-658496d7cb-bd478[pod-event]Started container postgres
2023-02-22 07:58:27.10 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:27.10 
2023-02-22 07:58:27.11 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:27.11 Welcome to the Bitnami postgresql container
2023-02-22 07:58:27.12 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:27.11 Subscribe to project updates by watching https://github.com/bitnami/containers
2023-02-22 07:58:27.13 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:27.12 Submit issues and feature requests at https://github.com/bitnami/containers/issues
2023-02-22 07:58:27.14 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:27.14 
2023-02-22 07:58:27.15 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:27.15 INFO ==> ** Starting PostgreSQL setup **
2023-02-22 07:58:27.21 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:27.21 INFO ==> Validating settings in POSTGRESQL_* env vars..
2023-02-22 07:58:27.55 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:27.55 INFO ==> Loading custom pre-init scripts...
2023-02-22 07:58:27.56 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:27.56 INFO ==> Initializing PostgreSQL database...
2023-02-22 07:58:27.57 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:27.57 DEBUG ==> Ensuring expected directories/files exist...
2023-02-22 07:58:27.90 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:27.90 INFO ==> pg_hba.conf file not detected. Generating it...
2023-02-22 07:58:27.90 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:27.90 INFO ==> Generating local authentication configuration
2023-02-22 07:58:27.94 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:27.94 INFO ==> Deploying PostgreSQL with persisted data...
2023-02-22 07:58:28.01 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:28.00 INFO ==> Configuring replication parameters
2023-02-22 07:58:28.13 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:28.13 INFO ==> Configuring fsync
2023-02-22 07:58:28.15 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:28.15 INFO ==> Configuring synchronous_replication
2023-02-22 07:58:28.22 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:28.22 INFO ==> Loading custom scripts...
2023-02-22 07:58:28.25 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:28.23 INFO ==> Enabling remote connections
2023-02-22 07:58:28.25 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:28.25 INFO ==> ** PostgreSQL setup finished! **
2023-02-22 07:58:28.25 UTCpostgres-658496d7cb-bd478postgres
2023-02-22 07:58:28.32 UTCpostgres-658496d7cb-bd478postgrespostgresql 07:58:28.32 INFO ==> ** Starting PostgreSQL **
2023-02-22 07:58:28.43 UTCpostgres-658496d7cb-bd478postgres2023-02-22 07:58:28.434 GMT [1] LOG: pgaudit extension initialized
2023-02-22 07:58:28.47 UTCpostgres-658496d7cb-bd478postgres2023-02-22 07:58:28.471 GMT [1] LOG: starting PostgreSQL 15.2 on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
2023-02-22 07:58:28.47 UTCpostgres-658496d7cb-bd478postgres2023-02-22 07:58:28.471 GMT [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
2023-02-22 07:58:28.47 UTCpostgres-658496d7cb-bd478postgres2023-02-22 07:58:28.472 GMT [1] LOG: listening on IPv6 address "::", port 5432
2023-02-22 07:58:28.48 UTCpostgres-658496d7cb-bd478postgres2023-02-22 07:58:28.483 GMT [1] LOG: listening on Unix socket "/tmp/.s.PGSQL.5432"
2023-02-22 07:58:28.49 UTCpostgres-658496d7cb-bd478postgres2023-02-22 07:58:28.492 GMT [137] LOG: database system was shut down at 2023-02-21 22:00:38 GMT
2023-02-22 07:58:28.52 UTCpostgres-658496d7cb-bd478postgres2023-02-22 07:58:28.526 GMT [1] LOG: database system is ready to accept connections

[eltorio]

The user is missing in my container… These are my tests (I selected only interesting lines):

          image: bitnami/postgresql:latest
          name: postgres
          command: ["/bin/sh","-c"]
          args: ["sleep infinity"]
          ports:
            - containerPort: 5432
          resources:
            limits:
              cpu: 500m
              memory: "536870912"
          volumeMounts:
            - mountPath: /bitnami/postgresql
              name: xxx-pgsql
          securityContext:
            runAsUser: 0
            runAsGroup: 0
      restartPolicy: Always
…

From inside the container:

root@postgres-855568f9c5-zvlh4:/# mount
overlay on / type overlay (rw,relatime,lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2355/fs,upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2417/fs,workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2417/work)
…
/dev/sdo on /bitnami/postgresql type ext4 (rw,relatime)
…
```sh
root@postgres-855568f9c5-zvlh4:/# ls /bitnami/postgresql/
data  lost+found
root@postgres-855568f9c5-zvlh4:/# ls /bitnami/postgresql/data
base    pg_commit_ts  pg_ident.conf  pg_multixact  pg_replslot  pg_snapshots  pg_stat_tmp  pg_tblspc    PG_VERSION  pg_xact               postmaster.opts
global  pg_dynshmem   pg_logical     pg_notify     pg_serial    pg_stat       pg_subtrans  pg_twophase  pg_wal      postgresql.auto.conf  postmaster.pid
root@postgres-855568f9c5-zvlh4:/# ls -l /bitnami/postgresql/data/PG_VERSION 
-rw------- 1 1000 1000 3 Feb 17 17:14 /bitnami/postgresql/data/PG_VERSION

root@postgres-855568f9c5-zvlh4:/# cat /bitnami/postgresql/data/PG_VERSION 
15

/etc/passwd and /etc/group

root@postgres-855568f9c5-zvlh4:/# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin

root@postgres-855568f9c5-zvlh4:/# cat /etc/group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:

So user#1000 (postgres ?) does not exist so…

root@postgres-855568f9c5-zvlh4:/# /opt/bitnami/scripts/postgresql/entrypoint.sh
postgresql 08:35:39.29 
postgresql 08:35:39.29 Welcome to the Bitnami postgresql container
postgresql 08:35:39.30 Subscribe to project updates by watching https://github.com/bitnami/containers
postgresql 08:35:39.30 Submit issues and feature requests at https://github.com/bitnami/containers/issues
postgresql 08:35:39.31 

and run.sh

root@postgres-855568f9c5-zvlh4:/# /opt/bitnami/scripts/postgresql/run.sh
postgresql 08:36:20.61 INFO  ==> ** Starting PostgreSQL **
error: failed switching to "postgres": unable to find user postgres: no matching entries in passwd file

Finally:

root@postgres-855568f9c5-zvlh4:/# groupadd -g 1000 postgres
root@postgres-855568f9c5-zvlh4:/# useradd -u 1000 -g 1000 postgres
root@postgres-855568f9c5-zvlh4:/# /opt/bitnami/scripts/postgresql/run.sh
postgresql 08:38:27.74 INFO  ==> ** Starting PostgreSQL **
2023-02-22 08:38:27.981 GMT [91] LOG:  starting PostgreSQL 15.2 on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
2023-02-22 08:38:27.982 GMT [91] LOG:  listening on IPv4 address "127.0.0.1", port 5432
2023-02-22 08:38:27.983 GMT [91] LOG:  could not bind IPv6 address "::1": Cannot assign requested address
2023-02-22 08:38:27.989 GMT [91] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
postgres: could not write external PID file "/opt/bitnami/postgresql/tmp/postgresql.pid": Permission denied
2023-02-22 08:38:28.070 GMT [103] LOG:  database system was interrupted; last known up at 2023-02-22 08:03:28 GMT
2023-02-22 08:38:28.265 GMT [103] LOG:  database system was not properly shut down; automatic recovery in progress
2023-02-22 08:38:28.272 GMT [103] LOG:  redo starts at 0/1B541D8
2023-02-22 08:38:28.272 GMT [103] LOG:  invalid record length at 0/1B542C0: wanted 24, got 0
2023-02-22 08:38:28.272 GMT [103] LOG:  redo done at 0/1B54288 system usage: CPU: user: 0.00 s, system: 0.00 s, elapsed: 0.00 s
2023-02-22 08:38:28.282 GMT [101] LOG:  checkpoint starting: end-of-recovery immediate wait
2023-02-22 08:38:28.298 GMT [101] LOG:  checkpoint complete: wrote 3 buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.005 s, sync=0.002 s, total=0.020 s; sync files=2, longest=0.001 s, average=0.001 s; distance=0 kB, estimate=0 kB
2023-02-22 08:38:28.309 GMT [91] LOG:  database system is ready to accept connections

[eltorio]

So I use this current workaround:

image: bitnami/postgresql:latest
          name: postgres
          command: ["/bin/sh","-c"]
          args: ["useradd -u 1000 -g 0 postgres;mkdir -p /opt/bitnami/postgresql/conf; echo \"listen_addresses='*'\" >> /opt/bitnami/postgresql/conf/postgresql.conf ; echo \"host     all             all             0.0.0.0/0               md5\">/opt/bitnami/postgresql/conf/pg_hba.conf;echo \"host     all             all             ::/0               md5\">>/opt/bitnami/postgresql/conf/pg_hba.conf;echo \"local    all             all                                     md5\">>/opt/bitnami/postgresql/conf/pg_hba.conf;echo \"host     all             all        127.0.0.1/32                 md5\">>/opt/bitnami/postgresql/conf/pg_hba.conf;echo \"host     all             all        ::1/128                      md5\">>/opt/bitnami/postgresql/conf/pg_hba.conf ; /opt/bitnami/scripts/postgresql/entrypoint.sh; /opt/bitnami/scripts/postgresql/run.sh"]
          p

For info this is my complete yaml

---
apiVersion: v1
kind: Secret
metadata:
  name: postgres
  namespace: $OKTETO_NS
  labels:
    app.kubernetes.io/name: postgres
    app.kubernetes.io/instance: postgres
type: Opaque
stringData:
  postgres-password: $POSTGRES_PASSWORD
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  creationTimestamp: null
  labels:
    io.kompose.service: xxx-pgsql
  name: xxx-pgsql
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  volumeMode: Filesystem
status: {}

---
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    io.kompose.service: postgres
  name: postgres
spec:
  ports:
    - name: "5432"
      port: 5432
      targetPort: 5432
  selector:
    io.kompose.service: postgres
status:
  loadBalancer: {}

---
apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    io.kompose.service: postgres
  name: postgres
spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: postgres
  strategy:
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        io.kompose.network/hcf-default: "true"
        io.kompose.service: postgres
    spec:
      containers:
        - env:
            - name: POSTGRES_DATABASE
              value: $POSTGRES_DB
            - name: POSTGRESQL_VOLUME_DIR
              value: /bitnami/postgresql
            - name: PGDATA
              value: /bitnami/postgresql/data
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: postgres
                  key: postgres-password
            - name: POSTGRES_USERNAME
              value: $POSTGRES_USER
            - name: BITNAMI_DEBUG
              value: "true"
          image: bitnami/postgresql:latest
          name: postgres
          command: ["/bin/sh","-c"]
          args: ["useradd -u 1000 -g 0 postgres;mkdir -p /opt/bitnami/postgresql/conf; echo \"listen_addresses='*'\" >> /opt/bitnami/postgresql/conf/postgresql.conf ; echo \"host     all             all             0.0.0.0/0               md5\">/opt/bitnami/postgresql/conf/pg_hba.conf;echo \"host     all             all             ::/0               md5\">>/opt/bitnami/postgresql/conf/pg_hba.conf;echo \"local    all             all                                     md5\">>/opt/bitnami/postgresql/conf/pg_hba.conf;echo \"host     all             all        127.0.0.1/32                 md5\">>/opt/bitnami/postgresql/conf/pg_hba.conf;echo \"host     all             all        ::1/128                      md5\">>/opt/bitnami/postgresql/conf/pg_hba.conf ; /opt/bitnami/scripts/postgresql/entrypoint.sh; /opt/bitnami/scripts/postgresql/run.sh"]
          ports:
            - containerPort: 5432
          resources:
            limits:
              cpu: 500m
              memory: "536870912"
          volumeMounts:
            - mountPath: /bitnami/postgresql
              name: xxx-pgsql
          securityContext:
            runAsUser: 0
            runAsGroup: 0
      restartPolicy: Always
      volumes:
        - name: xxx-pgsql
          persistentVolumeClaim:
            claimName: xxx-pgsql
status: {}

After defining these environment variables :
OKTETO_NS (the namespase). POSTGRES_PASSWORD (password)
POSTGRES_DB (database). POSTGRE_USER (username).

 envsubst < postgres.yml | kubectl --kubeconfig kube.config apply -f -

[javsalgar]

Hi,

I see references to user 1000 1000. It seems to me that the permissions in the container are not compatible with the default 1001:0 ones. Could you check that?

[eltorio]

yes without any command / entrypoint modification PG_VERSION is owned by 1000:1000. first run (new with new pvc) database is created….

image: bitnami/postgresql:latest
          name: postgres
          #command: ["/bin/sh","-c"]
          #args: ["sleep infinity"]
          #args: ["useradd -u 1000 -g 0 postgres; /opt/bitnami/scripts/postgresql/entrypoint.sh; /opt/bitnami/scripts/postgresql/run.sh"]

second run (with same pvc)

image: bitnami/postgresql:latest
          name: postgres
          command: ["/bin/sh","-c"]
          args: ["sleep infinity"]
          #args: ["useradd -u 1000 -g 0 postgres; /opt/bitnami/scripts/postgresql/entrypoint.sh; /opt/bitnami/scripts/postgresql/run.sh"]

from inside the container:

root@postgres-855568f9c5-grqd8:/# ls -l /bitnami/postgresql/
total 20
drwx------ 19 1000 1000  4096 Feb 22 09:35 data
drwx------  2 root root 16384 Feb 22 09:33 lost+found
root@postgres-855568f9c5-grqd8:/# ls -l /bitnami/postgresql/data
total 84
drwx------ 6 1000 1000 4096 Feb 22 09:34 base
drwx------ 2 1000 1000 4096 Feb 22 09:35 global
drwx------ 2 1000 1000 4096 Feb 22 09:34 pg_commit_ts
drwx------ 2 1000 1000 4096 Feb 22 09:34 pg_dynshmem
-rw------- 1 1000 1000 1636 Feb 22 09:34 pg_ident.conf
drwx------ 4 1000 1000 4096 Feb 22 09:35 pg_logical
drwx------ 4 1000 1000 4096 Feb 22 09:34 pg_multixact
drwx------ 2 1000 1000 4096 Feb 22 09:34 pg_notify
drwx------ 2 1000 1000 4096 Feb 22 09:34 pg_replslot
drwx------ 2 1000 1000 4096 Feb 22 09:34 pg_serial
drwx------ 2 1000 1000 4096 Feb 22 09:34 pg_snapshots
drwx------ 2 1000 1000 4096 Feb 22 09:35 pg_stat
drwx------ 2 1000 1000 4096 Feb 22 09:34 pg_stat_tmp
drwx------ 2 1000 1000 4096 Feb 22 09:34 pg_subtrans
drwx------ 2 1000 1000 4096 Feb 22 09:34 pg_tblspc
drwx------ 2 1000 1000 4096 Feb 22 09:34 pg_twophase
-rw------- 1 1000 1000    3 Feb 22 09:34 PG_VERSION
drwx------ 3 1000 1000 4096 Feb 22 09:34 pg_wal
drwx------ 2 1000 1000 4096 Feb 22 09:34 pg_xact
-rw------- 1 1000 1000   88 Feb 22 09:34 postgresql.auto.conf
-rw------- 1 1000 1000  249 Feb 22 09:34 postmaster.opts

[eltorio]

this is my working command for avoiding recreating the DB:

          image: bitnami/postgresql:latest
          name: postgres
          command: ["/bin/sh","-c"]
          #args: ["sleep infinity"]
          args: ["useradd -u 1000 -g 0 postgres;mkdir -p /opt/bitnami/postgresql/conf; echo \"listen_addresses='*'\" >> /opt/bitnami/postgresql/conf/postgresql.conf ; echo \"host     all             all             0.0.0.0/0               md5\">/opt/bitnami/postgresql/conf/pg_hba.conf;echo \"host     all             all             ::/0               md5\">>/opt/bitnami/postgresql/conf/pg_hba.conf;echo \"local    all             all                                     md5\">>/opt/bitnami/postgresql/conf/pg_hba.conf;echo \"host     all             all        127.0.0.1/32                 md5\">>/opt/bitnami/postgresql/conf/pg_hba.conf;echo \"host     all             all        ::1/128                      md5\">>/opt/bitnami/postgresql/conf/pg_hba.conf ; /opt/bitnami/scripts/postgresql/entrypoint.sh; /opt/bitnami/scripts/postgresql/run.sh"]

[javsalgar]

In our chart, we have an init container for changing the volume permissions which is quite similar to what you are doing. In order to ensure that permissions do not fail, the container user must belong to the root group

[eltorio]

I think a test must be ran at the start of /opt/bitnami/scripts/postgresql/entrypoint.sh under root check if /bitnami/postgresql/data/PG_VERSION contains 15 get uid/gid of /bitnami/postgresql/data/PG_VERSION check if postgres user has this uid if not create/modify postgres (or correct /bitnami/postgresql to match postgres user) Check /opt/bitnami/postgresql/conf/pg_hba.conf Check /opt/bitnami/postgresql/conf/postgresql.conf … /opt/bitnami/scripts/postgresql/run.sh

[javsalgar]

Could you elaborate a bit more on the logic and what it wants to achieve?

[github-actions[bot]]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[github-actions[bot]]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.