postgres-operator
postgres-operator copied to clipboard
CrunchyData
Error: container has runAsNonRoot and image will run as root
- Provide a concise description of what the bug is.
starting a new cluster fails due to runAsNonRoot without relevant runAsUser securityContext parameter. Specifically, a kubectl describe pod on the postgres instances and the backup instances reports:
Error: container has runAsNonRoot and image will run as root
this can be fixed by editing each individual statefulsets by adding securityContext.runAsUser: 1000. this also requires the pvc to have the relevant uid (1000) set.
- Provide information about your environment.
kubernetes 1.23.5 deployed via kubeadm.
- Provide clear steps to reproduce the bug.
Install the postgres-operator via kustomize start a new cluster with following example yaml:
apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
metadata:
name: hippo-ha
spec:
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:centos8-13.5-0
postgresVersion: 13
instances:
- name: pgha1
replicas: 2
dataVolumeClaimSpec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 1Gi
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
postgres-operator.crunchydata.com/cluster: hippo-ha
postgres-operator.crunchydata.com/instance-set: pgha1
backups:
pgbackrest:
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:centos8-2.36-0
repos:
- name: repo1
volume:
volumeClaimSpec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 1Gi
proxy:
pgBouncer:
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:centos8-1.16-0
replicas: 2
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
postgres-operator.crunchydata.com/cluster: hippo-ha
postgres-operator.crunchydata.com/role: pgbouncer
