postgres-operator icon indicating copy to clipboard operation
postgres-operator copied to clipboard
verified publisher icon zalando

New feature: set RunAsNonRoot on securityContext of Postgres statfullset

Open yyvess opened this issue 3 years ago • 2 comments

Why: On namespaces with security policy, Postgres cannot be deployed as the security context cannot be customized on the CRD. Postgres CRD allow only to setup a custom user with spiloRunAsUser, this PR will set RunAsNonRoot to true when spiloRunAsUser is set.

Example of security policies that block the deployment of Postgres:

  • https://kyverno.io/policies/pod-security/restricted/require-run-as-nonroot/require-run-as-nonroot/
  • https://catalog.kpt.dev/gatekeeper/v0.2/gatekeeper-disallow-root-user/?id=gatekeeper-disallow-root-user

yyvess avatar Oct 19 '22 16:10 yyvess

Hello is there someone still working on securityContext topics?

kndoni avatar Jul 01 '24 13:07 kndoni

+1

qwerty1q2w avatar Aug 06 '25 15:08 qwerty1q2w