can`t deploy ha-postgres with build-in kustomize yaml
114 views
Skip to first unread message
Shahar Dambo
Jun 8, 2022, 5:50:10 AM6/8/22
to Postgres Operator
Hi All
I can`t deploy deploy postgres with pgo v5.1.1 , because I don`t have Security Context in the ha-postgres.yaml file ( I don`t know in which context to put it):
root@tlv-rnd-artifactory-m1:~/manifests/postgres-operator-examples/kustomize/high-availability# cat ha-postgres.yaml
apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
metadata:
name: arti-ha
spec:
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-13.6-1
postgresVersion: 13
instances:
- name: pgha1
replicas: 3
dataVolumeClaimSpec:
storageClassName: db-nfs-client
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 10Gi
affinity:
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 1
# podAffinityTerm:
# topologyKey: kubernetes.io/hostname
# labelSelector:
# matchLabels:
# postgres-operator.crunchydata.com/cluster: arti-ha
# postgres-operator.crunchydata.com/instance-set: pgha1
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: postgres
operator: In
values:
- v13
userInterface:
pgAdmin:
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-0
dataVolumeClaimSpec:
storageClassName: db-nfs-client
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 1Gi
backups:
pgbackrest:
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.38-0
repos:
- name: repo1
volume:
volumeClaimSpec:
storageClassName: db-nfs-client
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 20Gi
proxy:
pgBouncer:
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.16-2
replicas: 2
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
postgres-operator.crunchydata.com/cluster: arti-ha
postgres-operator.crunchydata.com/role: pgbouncer
apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
metadata:
name: arti-ha
spec:
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-13.6-1
postgresVersion: 13
instances:
- name: pgha1
replicas: 3
dataVolumeClaimSpec:
storageClassName: db-nfs-client
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 10Gi
affinity:
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 1
# podAffinityTerm:
# topologyKey: kubernetes.io/hostname
# labelSelector:
# matchLabels:
# postgres-operator.crunchydata.com/cluster: arti-ha
# postgres-operator.crunchydata.com/instance-set: pgha1
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: postgres
operator: In
values:
- v13
userInterface:
pgAdmin:
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-0
dataVolumeClaimSpec:
storageClassName: db-nfs-client
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 1Gi
backups:
pgbackrest:
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.38-0
repos:
- name: repo1
volume:
volumeClaimSpec:
storageClassName: db-nfs-client
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 20Gi
proxy:
pgBouncer:
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.16-2
replicas: 2
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
postgres-operator.crunchydata.com/cluster: arti-ha
postgres-operator.crunchydata.com/role: pgbouncer
the error I get is:
k describe po arti-ha-pgha1-246b-0 -n postgres-operator |grep runAs
Warning Failed 9m23s (x3 over 9m24s) kubelet Error: container has runAsNonRoot and image will run as root (pod: "arti-ha-pgha1-246b-0_postgres-operator(268c9276-6045-4233-9110-3ff6b62a2df9)", container: kanister-sidecar)
Warning Failed 9m23s (x3 over 9m24s) kubelet Error: container has runAsNonRoot and image will run as root (pod: "arti-ha-pgha1-246b-0_postgres-operator(268c9276-6045-4233-9110-3ff6b62a2df9)", container: kanister-sidecar)
Please advise please
Thank you in advance
Shahar
Reply all
Reply to author
Forward
0 new messages