Kubernetes 卷权限错误上的 postgres

Question

I'm trying to deploy postgres/postgis on GKE, but I continue to get the permission error: initdb: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted . I've tried various fixes that I've researched but I've yet to get passed this error. Below is my deployment yaml.

What am I missing?

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: postgres
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: postgres
    spec:
      terminationGracePeriodSeconds: 10
      securityContext:
        runAsUser: 1000
        fsGroup: 1000
      containers:
        - name: postgres
          image: mdillon/postgis:10
          imagePullPolicy: "IfNotPresent"
          ports:
            - containerPort: 5432
          env:
            - name: POSTGRES_DB
              value: "database"
            - name: POSTGRES_USER
              value: "postgres"
            - name: POSTGRES_PASSWORD
              value: "postgres"
          volumeMounts:
            - name: postgredb
              mountPath: /var/lib/postgresql/data
              subPath: data
      volumes:
        - name: postgredb
          persistentVolumeClaim:
            claimName: postgres-pvc

Answer 1

虽然不是完全相同的问题，但是这个“使用initContainer:到chmod ”的答案会让您感兴趣： chown：更改'/ data / db'的所有权：不允许操作

Answer 2

The clue can be found under the PGDATA section:

https://hub.docker.com/_/postgres

This optional variable can be used to define another location - like a subdirectory - for the database files. The default is /var/lib/postgresql/data. If the data volume you're using is a filesystem mountpoint (like with GCE persistent disks) or remote folder that cannot be chowned to the postgres user (like some NFS mounts), Postgres initdb recommends a subdirectory be created to contain the data.

For example:

$ docker run -d
--name some-postgres
-e POSTGRES_PASSWORD=mysecretpassword
-e PGDATA=/var/lib/postgresql/data/pgdata
-v /custom/mount:/var/lib/postgresql/data
postgres

So you would need 2 items in the YAML to get the equivalent of the Docker command above:

1. Mount the PVC to the default directory used by Postgres (which you already have in you YAML)

    volumeMounts: - name: <volume_name> mountPath: /var/lib/postgresql/data readOnly: false

2. Add PGDATA variable to the env variables:

    env: - name: PGDATA value: /var/lib/postgresql/data/pgdata