Set Security Context in postgresql manifest

[connorearl]

I don't see any way to set a securitycontext in the postgresql manifest so I can run the pods not as root. I know Spilo has support from rootless containers now, but without making a custom spilo image I don't have a way setting this. I also would like to implement Pod Security Policies and will need the pods to conform to them.

[ReSearchITEng]

Hi @connorearl , Well, this should be ok already now. E.g. OpenShift allocates the users and groups dynamically (based on scc), and their range is different in every namespace. And this operator, using the latest spilo (developed exactly for this) it's working without any issues. Do not have to set any parameter like spilo_fsgroup or like spiloFSGroup in either operator or cluster request. While you may not be looking exactly for openshift, by searching in the docs & discussions on this project for openshift should clarify few things.

[marcoslarsen]

Hello! We're using v1.5.0 of the operator, and we require to run the pods as non root user. The mentioned PR seems to fix the issue, but it's not available on 1.5.0. We cannot upgrade to 1.6 yet because of kubernetes version (we're using 1.15 and we cannot update it yet). Is there a way to apply this to 1.5 without having to do a custom build? Thanks!

[ckotzbauer]

Hi, are there any news on this? The Spilo-Image already runs as a non-root user, but the flag securityContext.runAsNonRoot cannot be set to true. Thanks!

[kndoni]

Hello is anyone still working on this topic?