Open haslersn opened 2 years ago
@FxKu can we perhaps use supercronic instead of cron?
I think since https://github.com/zalando/spilo/commit/4a45ac42fcce5a96b10bb394330037f36a1d66bc this issue is solved. But the postgres-operator documentation (here) needs to be updated accordingly. Currently it still says:
spilo_allow_privilege_escalation Controls whether a process can gain more privileges than its parent process. Required by cron which needs setuid. Without this parameter, certification rotation & backups will not be done. The default is
true
.
This is parameter is no longer needed for certification rotation & backups, right?
@CyberDem0n pinging you, since you authored https://github.com/zalando/spilo/commit/4a45ac42fcce5a96b10bb394330037f36a1d66bc
@CyberDem0n do you have time to fix the documentation (as mentioned in https://github.com/zalando/postgres-operator/issues/1730#issuecomment-1172871922) and then close this issue?
Feature request: Support certificate rotation & backups without privilege escalation.
According to this documentation, enabling
spilo_allow_privilege_escalation
is required for certificate rotation & backups to work. However, this breaks those features when running under the Restricted policy of Pod Security Standards where privilege escalation must not be enabled. Therefore I request those features to work without privilege escalation.Workaround
Currently the following (more insecure) workaround is required in every namespace where a PostgreSQL cluster is deployed (the non-namespaced
ClusterRole
is of course only needed once).