Project

Profile

Help

Story #5141

closed

Story #5132: [Epic] As a user, I can consume Pulp 3 from OperatorHub.io

The postgres container (when part of pulp-operator at least) should use an fsGroup

Added by mdepaulo@redhat.com almost 3 years ago. Updated over 1 year ago.

Status:
MODIFIED
Priority:
Normal
Assignee:
Category:
Operator - Moved to Github Issues
Sprint/Milestone:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

This way, postgres runs as the postgres user.

Actions #1

Updated by fao89 over 2 years ago

  • Tags CI/CD added
Actions #2

Updated by fao89 almost 2 years ago

  • Category set to Operator - Moved to Github Issues
Actions #3

Updated by mdepaulo@redhat.com over 1 year ago

  • Assignee deleted (mdepaulo@redhat.com)
  • Tags deleted (CI/CD)
Actions #4

Updated by chambridge over 1 year ago

So this reads as update the postgresql deployment with a securityContext:

  securityContext:
    fsGroup: ???

https://github.com/pulp/pulp-operator/blob/main/roles/postgres/templates/postgres.deployment.yaml.j2

Not clear what the fsGroup value should be here. I see some CrunchyData results that have "26", but I don't want to assume.

Actions #5

Updated by chambridge over 1 year ago

  • Assignee set to chambridge

Looking at the postgresql-96-centos7:96 image Dockerfile used by the operator https://github.com/pulp/pulp-operator/blob/main/roles/postgres/templates/postgres.deployment.yaml.j2#L36

Image: https://hub.docker.com/r/centos/postgresql-96-centos7

The UID being used is 26

Will update the deployment with:

  securityContext:
    runAsUser: 26
    fsGroup: 26

Added by chambridge over 1 year ago

Revision 615b338c

Add security context fsGroup to deployment of postgres container

Persistent volume will be accessed with UID and group associated with postgres as defined in the image

fixes #5141 https://pulp.plan.io/issues/5141

Actions #6

Updated by pulpbot over 1 year ago

  • Status changed from NEW to POST
Actions #7

Updated by chambridge over 1 year ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

Also available in: Atom PDF