search

bitnami / containers

Bitnami container images
https://bitnami.com
Other
3.41k stars 4.87k forks source link

[bitnami/postgresql] Unable to install `pgvector` extension #72511

Closed naingthet closed 1 month ago

naingthet commented 1 month ago

Name and Version

bitnami/postgresql:15.5.0-debian-11-r25

What architecture are you using?

amd64

What steps will reproduce the bug?

Hello, I am new to using bitnami and having quite a bit of trouble installing postgresql extensions. I am attempting to use preInitDb but have not had any success. Am I properly configuring root user?

  1. In AWS EKS

  2. Using this config:

    postgresql:
commonAnnotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": "hook-failed"
image:
tag: 15.5.0-debian-11-r25
auth:
postgresPassword: $password
volumePermissions:
enabled: true
tls:
enabled: true
autoGenerated: true

primary:
persistence:
  enabled: false
preInitDb:
  scripts:
    install-pgvector.sh: |
      #!/bin/bash
      set -e
      apt-get update && apt-get install -y postgresql-15-pgvector
containerSecurityContext:
  runAsUser: 1001
  runAsGroup: root
initdb:
  scripts:
    init.sql: |
      CREATE DATABASE main;
      \c main
      CREATE EXTENSION IF NOT EXISTS vector;

What is the expected behavior?

pgvector is installed into the environment and vector extension is created successfully

What do you see instead?

This does not seem to successfully install the vector extension, and migrations are unable to use the extension.

Additional information

No response

javsalgar commented 1 month ago

Hi,

If you want to user root then you need to run set runAsUser: 0. However, in this kind of scenarios what we recommend is to create a fork of the PostgreSQL container.

This should help you: https://github.com/bitnami/containers/issues/32677#issuecomment-1537857717

naingthet commented 1 month ago

This helped a lot, thanks so much!

kaisensan commented 2 weeks ago

FWIW, I only managed to get this working by completely reverting the security context settings for the primary container:

    - primary:
        containerSecurityContext:
          runAsUser: 0
          runAsGroup: 0
          runAsNonRoot: false
          privileged: true
          readOnlyRootFilesystem: false
          allowPrivilegeEscalation: true
        preInitDb:
          scripts:
            preinit.sh: |
              #!/bin/sh
              apt update
              ...