Question

Keycloack operator/PotgresSQL permission denied

  • 14 December 2020
  • 1 reply
  • 842 views

Hello everyone, 

 

I'm having some trouble using the keycloak operator installing on a simple Kubernetes Cluster on Karbon

 

Basically, what happens is that when I install a new Keycloak, the PostgresSQL is not able to run properly because it does not have permissions to create a new directory on /var/lib/pgsql/data/userdata

 

As far as I understood, the problem is related to the securityContext which is not set to the postgres deployment even if Postgres runs always using user 26 (as can be noted here: https://catalog.redhat.com/software/containers/rhscl/postgresql-10-rhel7/5aa63541ac3db95f196086f1?container-tabs=dockerfile)

 

I had to do a lot of workarounds to make it work, and finally I succeded by configuring manually the security context as follows:

 

securityContext:

  fsGroup: 26

  runAsUser: 26

 

There is any possibility to set the security context via the operator? if not, can you please point me out what is the correct solution to apply?


1 reply

Userlevel 1
Badge +4

Hello @Cecia ,

Welcome to the Karbon Clusters community!

The issue you mention above doesn’t look like it would be specific to a Kubernetes cluster deployed by Karbon Clusters.

As far as I know, you should be able to pass those settings (the whole securityContext YAML block) in the Operator manifest (the YAML file you apply via “kubectl -f apply” to create that Operator object) and it is the job of the Operator to pick it up and honor the setting.

Hope it helps,

Best regards,

Sylvain Huguet

Reply