Project

Profile

Help

Story #5141

closed

Story #5132: [Epic] As a user, I can consume Pulp 3 from OperatorHub.io

The postgres container (when part of pulp-operator at least) should use an fsGroup

Added by mdepaulo@redhat.com over 3 years ago. Updated about 2 years ago.

Status:
MODIFIED
Priority:
Normal
Assignee:
Category:
Operator - Moved to Github Issues
Sprint/Milestone:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

This way, postgres runs as the postgres user.

Actions #1

Updated by fao89 over 3 years ago

  • Tags CI/CD added
Actions #2

Updated by fao89 over 2 years ago

  • Category set to Operator - Moved to Github Issues
Actions #3

Updated by mdepaulo@redhat.com about 2 years ago

  • Assignee deleted (mdepaulo@redhat.com)
  • Tags deleted (CI/CD)
Actions #4

Updated by chambridge about 2 years ago

So this reads as update the postgresql deployment with a securityContext:

  securityContext:
    fsGroup: ???

https://github.com/pulp/pulp-operator/blob/main/roles/postgres/templates/postgres.deployment.yaml.j2

Not clear what the fsGroup value should be here. I see some CrunchyData results that have "26", but I don't want to assume.

Actions #5

Updated by chambridge about 2 years ago

  • Assignee set to chambridge

Looking at the postgresql-96-centos7:96 image Dockerfile used by the operator https://github.com/pulp/pulp-operator/blob/main/roles/postgres/templates/postgres.deployment.yaml.j2#L36

Image: https://hub.docker.com/r/centos/postgresql-96-centos7

The UID being used is 26

Will update the deployment with:

  securityContext:
    runAsUser: 26
    fsGroup: 26

Added by chambridge about 2 years ago

Revision 615b338c

Add security context fsGroup to deployment of postgres container

Persistent volume will be accessed with UID and group associated with postgres as defined in the image

fixes #5141 https://pulp.plan.io/issues/5141

Actions #6

Updated by pulpbot about 2 years ago

  • Status changed from NEW to POST
Actions #7

Updated by chambridge about 2 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

Also available in: Atom PDF