KEYCLOAK-17262 - Operator - postgresql mkdir userdata permission denied
61 views
Skip to first unread message
Carus Kyle
Feb 26, 2021, 2:57:54 PM2/26/21
to Keycloak Dev
Hi folks, I created https://issues.redhat.com/browse/KEYCLOAK-17262 because of an issue I saw trying to spin up a new keycloak instance using the operator for the first time.
I may have also solved it... but I would appreciate if someone a little more familiar with things under the operator hood would give it a look.
Thanks
Sebastian Łaskawiec
Mar 1, 2021, 2:38:02 AM3/1/21
to Carus Kyle, Keycloak Dev
Thanks for the interest in this Carus!
A few weeks back we received a contribution with a fix [1][2]. This should hopefully sort out your problem as well. The bad news is that it will be available in Keycloak 13. In the meantime, you may give it a go by running Keycloak Operator locally: https://github.com/keycloak/keycloak-operator#building-from-source
Thanks,
Sebastian
--
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/1be54e14-cb81-4a38-b153-3b1a9eecf26en%40googlegroups.com.
--
Sebastian Łaskawiec
caru...@gmail.com
Mar 1, 2021, 10:33:19 AM3/1/21
to Sebastian Łaskawiec, Keycloak Dev
Thank you for the reply Sebastian,
I have reviewed the commit and I believe it will solve my problem.
I do have a concern though for others though, and I'll admit I am still learning kubernetes and not that familiar with golang as well. It appears that the init container in that commit is running as user id 0, root? Our organization has been contemplating implementing the Pod Security Policy (PSP-Upstream Kubernetes) or the Security Context Constrain
t (SCC - Openshift) MustRunAsNonRoot. Which I am assuming may end up being an impediment to that fix.
Sebastian Łaskawiec
Mar 2, 2021, 6:15:00 AM3/2/21
to caru...@gmail.com, Keycloak Dev
In that case, you can deploy the Postgresql database yourself and just tell the Operator to use it. See https://www.keycloak.org/docs/latest/server_installation/index.html#_external_database
Sebastian Łaskawiec
Reply all
Reply to author
Forward
0 new messages