Open davidkarlsen opened 3 years ago
I have similar in k8s 1.20 (root pods not allowed to run)
% kubectl logs kaas-postgres-0
2021-01-25 09:41:46,618 - bootstrapping - INFO - Figuring out my environment (Google? AWS? Openstack? Local?)
2021-01-25 09:41:48,624 - bootstrapping - INFO - Could not connect to 169.254.169.254, assuming local Docker setup
2021-01-25 09:41:48,625 - bootstrapping - INFO - No meta-data available for this provider
2021-01-25 09:41:48,625 - bootstrapping - INFO - Looks like your running local
2021-01-25 09:41:48,651 - bootstrapping - INFO - Configuring pgqd
2021-01-25 09:41:48,651 - bootstrapping - INFO - Configuring bootstrap
2021-01-25 09:41:48,651 - bootstrapping - INFO - Configuring log
2021-01-25 09:41:48,651 - bootstrapping - INFO - Configuring standby-cluster
2021-01-25 09:41:48,651 - bootstrapping - INFO - Configuring pgbouncer
2021-01-25 09:41:48,651 - bootstrapping - INFO - No PGBOUNCER_CONFIGURATION was specified, skipping
2021-01-25 09:41:48,651 - bootstrapping - INFO - Configuring certificate
2021-01-25 09:41:48,652 - bootstrapping - INFO - Generating ssl certificate
Traceback (most recent call last):
File "/scripts/configure_spilo.py", line 1012, in <module>
main()
File "/scripts/configure_spilo.py", line 980, in main
write_certificates(placeholders, args['force'])
File "/scripts/configure_spilo.py", line 113, in write_certificates
adjust_owner(environment, environment['SSL_PRIVATE_KEY_FILE'], gid=-1)
File "/scripts/configure_spilo.py", line 66, in adjust_owner
os.chown(resource, uid, gid)
PermissionError: [Errno 1] Operation not permitted: '/run/certs/server.key'
tried following settings for operator:
# set user and group for the spilo container (required to run Spilo as non-root process)
spilo_runasuser: 1001
spilo_runasgroup: 1003
# group ID with write-access to volumes (required to run Spilo as non-root process)
spilo_fsgroup: 1003
but then the new cluster:
% kubectl logs kaas-postgres-0 -f
mkdir: cannot create directory ‘/run/tmp’: Permission denied
mkdir: cannot create directory ‘/run/certs’: Permission denied
/launch.sh: 23: /launch.sh: cannot create /run/tmp/passwd: Directory nonexistent
/launch.sh: 24: /launch.sh: cannot create /etc/passwd: Permission denied
rm: cannot remove '/run/tmp/passwd': No such file or directory
chown: changing ownership of '/home/postgres/pgdata/pgroot/data': Operation not permitted
chown: changing ownership of '/home/postgres/pgdata/pgroot/pg_log/postgresql-6.csv': Operation not permitted
chown: changing ownership of '/home/postgres/pgdata/pgroot/pg_log/postgresql-5.csv': Operation not permitted
chown: changing ownership of '/home/postgres/pgdata/pgroot/pg_log/postgresql-4.csv': Operation not permitted
chown: changing ownership of '/home/postgres/pgdata/pgroot/pg_log/postgresql-7.csv': Operation not permitted
chown: changing ownership of '/home/postgres/pgdata/pgroot/pg_log/postgresql-3.csv': Operation not permitted
chown: changing ownership of '/home/postgres/pgdata/pgroot/pg_log/postgresql-0.csv': Operation not permitted
chown: changing ownership of '/home/postgres/pgdata/pgroot/pg_log/postgresql-1.csv': Operation not permitted
chown: changing ownership of '/home/postgres/pgdata/pgroot/pg_log/postgresql-2.csv': Operation not permitted
chown: changing ownership of '/home/postgres/pgdata/pgroot/pg_log': Operation not permitted
chown: changing ownership of '/home/postgres/pgdata/pgroot': Operation not permitted
chown: cannot access '/run/certs': No such file or directory
chmod: cannot access '/run/tmp': No such file or directory
2021-01-25 10:30:44,644 - bootstrapping - INFO - Figuring out my environment (Google? AWS? Openstack? Local?)
2021-01-25 10:30:46,649 - bootstrapping - INFO - Could not connect to 169.254.169.254, assuming local Docker setup
2021-01-25 10:30:46,650 - bootstrapping - INFO - No meta-data available for this provider
2021-01-25 10:30:46,650 - bootstrapping - INFO - Looks like your running local
2021-01-25 10:30:46,675 - bootstrapping - INFO - Configuring pgqd
Traceback (most recent call last):
File "/scripts/configure_spilo.py", line 1012, in <module>
main()
File "/scripts/configure_spilo.py", line 972, in main
link_runit_service(placeholders, 'pgqd')
File "/scripts/configure_spilo.py", line 72, in link_runit_service
os.makedirs(service_dir)
File "/usr/lib/python3.6/os.py", line 210, in makedirs
makedirs(head, mode, exist_ok)
File "/usr/lib/python3.6/os.py", line 220, in makedirs
mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/run/service'
got it working by following crd:
apiVersion: "acid.zalan.do/v1"
kind: postgresql
metadata:
name: kaas-postgres
spec:
dockerImage: registry.opensource.zalan.do/acid/spilo-12:1.6-p3
teamId: "kaas"
spiloRunAsUser: 101
spiloRunAsGroup: 103
spiloFSGroup: 103
numberOfInstances: 3
enableMasterLoadBalancer: false
enableLogicalBackup: true
logicalBackupSchedule: "00 05 * * *"
enableReplicaLoadBalancer: false
patroni:
pg_hba:
- hostssl all all 0.0.0.0/0 md5
- host all all 0.0.0.0/0 md5
postgresql:
version: "12"
parameters:
shared_buffers: "32MB"
max_connections: "100"
log_statement: "all"
volume:
size: 8Gi
resources:
limits:
cpu: 800m
memory: 800Mi
requests:
cpu: 400m
memory: 400Mi
Please, answer some short questions which should help us to understand your problem / question better?
Which image of the operator are you using? registry.opensource.zalan.do/acid/postgres-operator:v1.6.0
Where do you run it - cloud or metal? Kubernetes or OpenShift? [AWS K8s | GCP ... | Bare Metal K8s] openshift
Are you running Postgres Operator in production? [yes | no] no
Type of issue? [Bug report, question, feature request, etc.] bug
creating a cluster, I see:
in the logs on startup and it fails to form a cluster.
the CR is:
If I provide
anyuid
(https://docs.openshift.com/container-platform/4.6/authentication/managing-security-context-constraints.html) rolebinding:it will go further, but still fail: