Story #5141
closed
Story #5132: [Epic] As a user, I can consume Pulp 3 from OperatorHub.io
The postgres container (when part of pulp-operator at least) should use an fsGroup
100%
Description
This way, postgres runs as the postgres user.
Updated by fao89 over 2 years ago
- Category set to Operator - Moved to Github Issues
Updated by mdepaulo@redhat.com about 2 years ago
- Assignee deleted (
mdepaulo@redhat.com) - Tags deleted (
CI/CD)
Updated by chambridge about 2 years ago
So this reads as update the postgresql deployment with a securityContext:
securityContext:
fsGroup: ???
https://github.com/pulp/pulp-operator/blob/main/roles/postgres/templates/postgres.deployment.yaml.j2
Not clear what the fsGroup value should be here. I see some CrunchyData results that have "26", but I don't want to assume.
Updated by chambridge about 2 years ago
- Assignee set to chambridge
Looking at the postgresql-96-centos7:96 image Dockerfile used by the operator https://github.com/pulp/pulp-operator/blob/main/roles/postgres/templates/postgres.deployment.yaml.j2#L36
Image: https://hub.docker.com/r/centos/postgresql-96-centos7
The UID being used is 26
Will update the deployment with:
securityContext:
runAsUser: 26
fsGroup: 26
Added by chambridge about 2 years ago
Updated by pulpbot about 2 years ago
- Status changed from NEW to POST
Updated by chambridge about 2 years ago
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
Applied in changeset pulp-operator|615b338c3b7ed817bcef1252046ea783176b750a.
.
Add security context fsGroup to deployment of postgres container
Persistent volume will be accessed with UID and group associated with postgres as defined in the image
fixes #5141 https://pulp.plan.io/issues/5141